Cyberveille
curated by Decio
Nuage de tags
Mur d'images
Quotidien
Rechercher
Flux RSS
Flux RSS
Daily Feed
Weekly Feed
Monthly Feed
tags
search
Microsoft Dynamics 365 Customer Voice Phishing Scam
On Lockbit's plaintext passwords
DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists
Exposing Darcula: a rare look behind the scenes of a global Phishing-as-a-Service operation
I StealC You: Tracking the Rapid Changes To StealC
SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475)
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs
Proton66 Part 1: Mass Scanning and Exploit Campaigns
Google Spoofed Via DKIM Replay Attack
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
PasivRobber: Chinese Spyware or Security Tool?
Searching for something unknow
Inside Black Basta: Uncovering the Secrets of a Ransomware Powerhouse
Anatomy of an LLM RCE
Fake Zoom Ends in BlackSuit Ransomware
CVE-2025-29927: Next.js Middleware Authorization Bypass
GorillaBot: Technical Analysis and Code Similarities with Mirai
VanHelsing Ransomware
Medusa Ransomware Activity Continues to Increase
New DDoS Botnet Discovered: Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran
Confluence Exploit Leads to LockBit Ransomware
Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure
Weathering the storm: In the midst of a Typhoon
Threat Spotlight: Inside the World's Fastest Rising Ransomware Operator — BlackLock
Network Security Issues in RedNote
Cybercrime: A Multifaceted National Security Threat
Unpacking the BADBOX Botnet with Censys
Exposed SMB: The Hidden Risk Behind ‘WantToCry’ Ransomware Attacks
New TorNet backdoor seen in widespread campaign
Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor
Unmasking FleshStealer: A New Infostealer Threat in 2025
HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code
Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai | Qualys Security Blog
Gootloader inside out
Gootloader inside out – Sophos News
IntelBroker Unmasked: KELA’s In-Depth Analysis of a Cybercrime Leader
Cracking the Code: How Banshee Stealer Targets macOS Users
Backdooring Your Backdoors - Another $20 Domain, More Governments
Inside FireScam : An Information Stealer with Spyware Capabilities
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
FunkSec – Alleged Top Ransomware Group Powered by AI
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
DoubleClickjacking: A New Era of UI Redressing
DDosia Project: How NoName057(16) is trying to improve the efficiency of DDoS attacks
Checking It Twice: Profiling Benign Internet Scanners — 2024 Edition
Effective Phishing Campaign Targeting European Companies and Organizations
NotLockBit: A Deep Dive Into the New Ransomware Threat | Qualys Security Blog
Three Months After the Storm: Did Cybercriminals Move to Telegram Alternatives? • KELA Cyber Threat Intelligence
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces – Sophos News
China’s Propaganda Expansion: Inside the Rise of International Communication Centers (ICCs)
State of SonicWall Exposure: Firmware Decryption Unlocks…
CVE-2024-55956
NodeLoader Used to Deliver Malware
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
Zero-Day: How Attackers Use Corrupted Files to Bypass Detection
Gaming Engines: An Undetected Playground for Malware Loaders
RobotDropper Automates the Delivery of Multiple Infostealers
Matrix Unleashes A New Widespread DDoS Campaign
Raspberry Robin Analysis
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON | Microsoft Security Blog
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock
CVE-2024-47575
Threat Hunting Case Study: Uncovering Turla | Intel 471
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
Botnet 7777: Are You Betting on a Compromised Router?
A glimpse into the Quad7 operators' next moves and associated botnets
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Every Doggo Has Its Day: Unleashing the Xiū Gǒu Phishing Kit
ReliaQuest Uncovers New Black Basta Social Engineering Technique - ReliaQuest
Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials - SANS Internet Storm Center
Akira ransomware continues to evolve
Embargo ransomware: Rock’n’Rust
Lynx Ransomware: A Rebranding of INC Ransomware
FASTCash for Linux
THREAT ANALYSIS: Beast Ransomware
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
From Perfctl to InfoStealer
Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs - JPCERT/CC Eyes
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware
New macOS malware HZ RAT lets attackers control Macs remotely
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability – Horizon3.ai
A glimpse into the Quad7 operators' next moves and associated botnets
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Obfuscated PowerShell leads to Lumma C2 Stealer
Unpacking the unpleasant FIN7 gift: PackXOR
Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
Cicada 3301 - Ransomware-as-a-Service - Technical Analysis
OpenSSH Backdoors
From the Depths: Analyzing the Cthulhu Stealer Malware for macOS
The Abuse of ITarian RMM by Dolphin Loader
stardom dreams, stalking devices and the secret conglomerate selling both
The Hidden Treasures of Crash Reports
Ongoing Social Engineering Campaign Refreshes Payloads
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
Quartet of Trouble: XWorm, AsyncRAT, VenomRAT, and…
Ransomware ecosystem fragmenting under law enforcement pressure and distrust
Arctic Wolf Labs has observed Fog ransomware being deployed against US organizations in the education and recreation sectors.
ClickFix Deception: A Social Engineering Tactic to Deploy Malware
Kematian-Stealer : A Deep Dive into a New Information Stealer
Behind the Attack: Live Chat Phishing
How do cryptocurrency drainer phishing scams work?
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
RansomHub Draws in Affiliates with Multi-OS Capability and High Commission Rates
You’ve Got Mail: Critical Microsoft Outlook Vulnerability Executes as Email is Opened
CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability – Horizon3.ai
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment – The DFIR Report
PikaBot: a Guide to its Deep Secrets and Operations - Sekoia.io Blog
Check Point - Wrong Check Point (CVE-2024-24919)
CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive
To the Moon and back(doors): Lunar landing in diplomatic missions
Leveraging DNS Tunneling for Tracking and Scanning
Analysis of TargetCompany's Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
Kapeka: A novel backdoor spotted in Eastern Europe
CVE-2024-20356: a Cisco appliance to run DOOM
Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering | Proofpoint US
Kaspersky analysis of the backdoor in XZ
Qakbot Strikes Back: Understanding the Threat
Distinctive Campaign Evolution of Pikabot Malware
DJI Mavic 3 Drone Research: Vulnerability Analysis
GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
xz/liblzma: Bash-stage Obfuscation Explained - gynvael.coldwind//vx.log
Diving Deeper into AI Package Hallucinations
Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit
Large-Scale StrelaStealer Campaign in Early 2024
The iSOON Disclosure: Exploring the Integrated Operations Platform
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
The Architects of Evasion: a Crypters Threat Landscape
The Anatomy of an ALPHA SPIDER Ransomware Attack
NoName057(16) DDoSia project: 2024 updates and behavioural shifts
Scattered Spider laying new eggs
A first analysis of the i-Soon data leak
Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529
Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors
Threat Intel Accelerates Detection & Response
New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
New Go-based Malware Loader Discovered I Arctic Wolf
Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering
CVE-2023-27532
Analyzing DPRK's SpectralBlur
CVE-2023-46747 : Unauthenticated Remote Code Execution in F5 BIG-IP - Malware Analysis - Malware Analysis, News and Indicators
Objective-See's Blog
Android Banking Trojan Chameleon can now bypass any Biometric Authentication
The Curious Case of Predatory Sparrow
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components
CVE-2023-50164
Scanning Danger: Unmasking the Threats of Quishing
Star Blizzard increases sophistication and evasion in ongoing attacks
Cyber Threats affecting "International Geneva"
Into the Trash: Analyzing LitterDrifter
Understanding the Phobos affiliate structure and activity
C3RB3R Ransomware | Ongoing Exploitation of CVE-2023-22518 Targets Unpatched Confluence Servers - SentinelOne
Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification
Jamf Threat Labs Discovers Malware from BlueNoroff
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
CVE-2023-46604
CVE-2023-46747
GHOSTPULSE haunts victims using defense evasion bag o' tricks
FakeUpdateRU Chrome Update Infection Spreads Trojan Malware
Triangulation: validators, post-compromise activity and modules | Securelist
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
Disclosing the BLOODALCHEMY backdoor
90s Vulns In 90s Software (Exim) - Is the Sky Falling?
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
Compromised Microsoft Key: More Impactful Than We Thought
What's in a NoName? Researchers see a lone-wolf DDoS group
Exposing DuckTail
Adversary On The Defense: ANTIBOT.PW
#FuckStalkerware pt. 3 - ownspy got, well, owned
CVE-2023-36844 And Friends: RCE In Juniper Devices
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
Unpacking the Threats Within: The Hidden Dangers of .zip Domains
Into the tank with Nitrogen
Malicious Batch File (*.bat) Disguised as a Document Viewer Being Distributed (Kimsuky)
Unmasking the Meduza Stealer: Comprehensive Analysis & Countermeasures
BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection -
Clop Ransomware: History, Timeline, And Adversary Simulation
Malware Execution Method Using DNS TXT Record
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID
IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
The Phantom Menace: Brute Ratel remains rare and targeted
Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was
Analysis of CVE-2023-29336 Win32k Privilege Escalation
Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)
GobRAT malware written in Go language targeting Linux routers
Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Akira Ransomware is “bringin’ 1988 back”
infosec company owned completely by 4chan user
New phishing-as-a-service tool “Greatness” already seen in the wild
The malware threat landscape: NodeStealer, DuckTail, and more
Magecart threat actor rolls out convincing modal forms
Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671)
'RustBucket' malware targets macOS
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
in2al5d p3in4er is Almost Completely Undetectable
LockBit for Mac | How Real is the Risk of macOS Ransomware?
QBot banker delivered through business correspondence
Analyzing an arm64 mach-O version of LockBit
Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
Nokoyawa ransomware attacks with Windows zero-day
Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign
MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog
Cyble — Demystifying Money Message Ransomware
3CX Desktop App Compromised (CVE-2023-29059)
Cyble — Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide
3CX VoIP Software Compromise & Supply Chain Threats
Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours
Prometei botnet improves modules and exhibits new capabilities in recent updates
A Noteworthy Threat: How Cybercriminals are Abusing OneNote
Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding
Lumma Stealer targets YouTubers via Spear-phishing Email | by S2W | S2W BLOG | Feb, 2023 | Medium
PureCrypter targets government entities through Discord - Blog | Menlo Security
TA569: SocGholish and Beyond
EXFILTRATOR-22 - An Emerging Post-Exploitation Framework
Havoc Across the Cyberspace
Investigating Intrusions From Intriguing Exploits
Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations - ASEC BLOG
‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide
Chinese PlugX Malware Hidden in Your USB Devices?
The Titan Stealer: Notorious Telegram Malware Campaign
Following the LNK metadata trail
Darth Vidar: The Dark Side of Evolving Threat Infrastructure
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks
New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
Shc Linux Malware Installing CoinMiner
The Mac Malware of 2022 👾
New YouTube Bot Malware Spotted Stealing User’s Sensitive Information
Pure coder offers multiple malware for sale in Darkweb forums
New RisePro Stealer distributed by the prominent PrivateLoader
Shlayer Malware: Continued Use of Flash Updates
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
Raspberry Robin Malware Targets Telecom, Governments
Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy
New Ransomware Strains Emerging from Leaked Conti’s Source Code
Meddler-in-the-Middle Phishing Attacks Explained MitM
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites
Mallox Ransomware showing signs of Increased Activity
Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper - Check Point Research
Hitching a ride with Mustang Panda
New MuddyWater Threat: Old Kitten; New Tricks
Blowing Cobalt Strike Out of the Water With Memory Analysis
Preparing for a Russian cyber offensive against Ukraine this winter
Aurora: a rising stealer flying under the radar
Technical Analysis of the RedLine Stealer
AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns
New RapperBot Campaign – We Know What You Bruting for this Time
BumbleBee Zeros in on Meterpreter
Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
PNG Steganography Hides Backdoor
Massive ois[.]is Black Hat Redirect Malware Campaign
The Case of Cloud9 Chrome Botnet
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
Reverse Engineering the Apple MultiPeer Connectivity Framework
Archive Sidestepping: Emotet Botnet Pushing Self-Unlocking Password-Protected RAR
Cyble Phishing ERMAC Android Malware Increasingly Active
New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts
Fake Ransomware Infection Under widespread
Bumblebee: increasing its capacity and evolving its TTPs
In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
GRU: Rise of the (Telegram) MinIOns
Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime
Azure Cloud Shell Command Injection Stealing User’s Access Tokens
Threat Alert: New Malware in the Cloud By TeamTNT
Six months into Breached: The legacy of RaidForums?
Credential Gathering From Third-Party Software
Malvertising on Microsoft Edge's News Feed pushes tech support scams
Bumblebee Returns with New Infection Technique
Dead or Alive? An Emotet Story
Shikitega - New stealthy malware targeting Linux
Mirai Variant MooBot Targeting D-Link Devices
SafeBreach Uncovers New Remote Access Trojan (RAT)
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
CVE-2022-27925
Reservations Requested: TA558 Targets Hospitality and Travel
Making Sense of the Killnet, Russia’s Favorite Hacktivists
A Detailed Analysis of the RedLine Stealer
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
[CVE-2022-34918] A crack in the Linux firewall
Joker, Facestealer and Coper banking malwares on Google Play store
CVE-2022-30333
The forgotten SUAVEEYEFUL FreeBSD software implant of the EQUATION GROUP
Microsoft Plans to Eliminate Face Analysis Tools in Push for ‘Responsible A.I.’
BRATA is evolving into an Advanced Persistent Threat
ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
A closer look at Eternity Malware
Google Online Security Blog: The Package Analysis Project: Scalable detection of malicious open source packages
AcidRain | A Modem Wiper Rains Down on Europe
Lapsus$: when kiddies play in the big league
An update on the threat landscape
Cyber Realism in a Time of War
The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
Cyber-attack on ICRC: What we know
Objective-See's Blog
SysJoker analyzing the first (macOS) malware of 2022!
New DDoS Botnet Discovered: Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
