Pierluigi Paganini
August 01, 2025
Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants named AK47HTTP and AK47DNS. Check Point Research is tracking a ToolShell campaign exploiting four Microsoft SharePoint flaws, linking it to China-nexus groups APT27, APT31, and a new cluster, Storm-2603. The researchers pointed out that Storm-2603’s goals remain […]
Pierluigi Paganini
August 01, 2025
CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform […]
Pierluigi Paganini
July 31, 2025
Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This […]
Pierluigi Paganini
July 31, 2025
Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the Alone WordPress theme to hijack sites. Threat actors are actively exploiting a critical flaw, tracked as CVE-2025-5394 (CVSS score of 9.8), in the “Alone – Charity Multipurpose Non-profit WordPress Theme” to compromise websites. On May 30th, 2025, security researcher Thái An […]
Pierluigi Paganini
July 31, 2025
Critical flaws in Dahua cameras let hackers take control remotely. The vendor has released patches, users should update firmware asap. Bitdefender cybersecurity experts discovered serious vulnerabilities in Dahua smart cameras that could have allowed hackers to take full control of the devices remotely. Fortunately, the vulnerabilities have been patched, but users are urged to update […]
Pierluigi Paganini
July 31, 2025
Researchers have released a decryptor for the ransomware FunkSec, allowing victims to recover their encrypted files for free. Researchers at Avast developed a decryptor for the FunkSec ransomware. Gen Digital researchers released a decryptor for the FunkSec ransomware after cooperating with law enforcement to neutralize the threat. “Researchers at Avast developed a decryptor for the […]
Pierluigi Paganini
July 30, 2025
Apple addressed a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. Apple released security updates to address a high-severity vulnerability, tracked as CVE-2025-6558 (CVSS score of 8.8), that has been exploited in zero-day attacks targeting Google Chrome users. The vulnerability is an insufficient validation of untrusted input in ANGLE and […]
Pierluigi Paganini
July 30, 2025
PyPI warns of phishing emails from noreply@pypj[.]org posing as “[PyPI] Email verification” to redirect users to fake package sites. PyPI warns of an active phishing attack using fake “[PyPI] Email verification” messages from noreply@pypj[.]org, aiming to lure users to spoofed PyPI sites. PyPI, short for the Python Package Index, is the official repository for Python […]
Pierluigi Paganini
July 30, 2025
FBI Dallas seized 20 BTC from Chaos ransomware affiliate “Hors,” tied to cyberattacks on Texas firms, on April 15, 2025. The FBI division in Dallas seized about 20 Bitcoins on April 15, 2025, from a wallet belonging to a Chaos ransomware affiliate named as “Hors.” The Hors affiliate is responsible for multiple cyberattacks on Texas […]
Pierluigi Paganini
July 30, 2025
Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. “In April 2025, Darktrace identified an Auto-Color backdoor malware attack […]
Security / September 23, 2025
