Month: September 2025
-
From Compromised Keys to Phishing Campaigns: Inside a Cloud Email Service Takeover
An AWS access key compromise led to a sophisticated SES abuse campaign in May 2025. The attacker exploited the stolen…
-
GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes
ESET researchers have identified a new threat actor, GhostRedirector, targeting Windows servers with custom tools. The group has compromised at…
-
GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes
ESET researchers have identified a new threat actor, GhostRedirector, targeting Windows servers with custom tools. The group has compromised at…
-
GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes
ESET researchers have identified a new threat actor, GhostRedirector, targeting Windows servers with custom tools. The group has compromised at…
-
ViewState Deserialization ZeroDay Vulnerability in Sitecore Products (CVE202553690)
A critical ViewState deserialization vulnerability (CVE-2025-53690) was discovered in Sitecore products, affecting deployments using an exposed sample machine key. The…
-
Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers
Proofpoint researchers have observed an increase in cybercriminals using Stealerium-based malware, an open-source infostealer available on GitHub. Multiple stealers share…
-
Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers
Proofpoint researchers have observed an increase in cybercriminals using Stealerium-based malware, an open-source infostealer available on GitHub. Multiple stealers share…
-
Ethereum smart contracts used to push malicious code on npm
A novel technique utilizing Ethereum smart contracts was discovered in two npm packages to conceal malicious commands for installing downloader…
-
Ethereum smart contracts used to push malicious code on npm
A novel technique utilizing Ethereum smart contracts was discovered in two npm packages to conceal malicious commands for installing downloader…
-
CTI Analysis: Malicious Email Campaign
An Iran-nexus spear-phishing campaign masquerading as the Omani Ministry of Foreign Affairs targeted global governments in August 2025. Attributed to…