Post-Exploitation

Moldovan Arrest Tied to DoppelPaymer Ransomware: Implications for Threat Actors

Threat Intelligence

Moldovan Arrest Tied to DoppelPaymer Ransomware: Implications for Threat Actors

Moldovan authorities have detained a 45-year-old individual linked to the DoppelPaymer ransomware group, which targeted Dutch organizations...

Harrods Cyberattack: Technical Analysis of the UK Retail Breach

Threat Intelligence

Harrods Cyberattack: Technical Analysis of the UK Retail Breach

Harrods, the luxury department store, confirmed a cyberattack on May 1, 2025, restricting internal internet access while...

Security Breach in Unofficial Signal App Used by Trump Administration Officials

Data Breach

Security Breach in Unofficial Signal App Used by Trump Administration Officials

A modified version of the encrypted messaging app Signal, used by Trump administration officials, was compromised in...

SuperShell and Cobalt Strike Payloads Found in Open Directories: Analysis and Mitigation

C2-Updates

SuperShell and Cobalt Strike Payloads Found in Open Directories: Analysis and Mitigation

Cybersecurity researchers from Hunt have identified a server hosting advanced malicious tools, including SuperShell command-and-control (C2) payloads...

Hitachi Vantara Disrupts Akira Ransomware Attack Through Server Isolation

Threat Intelligence

Hitachi Vantara Disrupts Akira Ransomware Attack Through Server Isolation

Hitachi Vantara, the data infrastructure subsidiary of Japanese conglomerate Hitachi, executed emergency containment measures on April 26,...

Fog Ransomware Exposes Active Directory Exploitation Toolkit in Open Server

APT-News

Fog Ransomware Exposes Active Directory Exploitation Toolkit in Open Server

Cybersecurity researchers have uncovered a publicly accessible server operated by an affiliate of the Fog ransomware group,...

Federal Charges Filed Against Alleged SmokeLoader Malware Operator in Vermont

Malware Analysis

Federal Charges Filed Against Alleged SmokeLoader Malware Operator in Vermont

An alleged operator of the SmokeLoader malware, identified as Nicholas Moses (alias “scrublord”), is facing federal hacking...

SonicWall SMA VPN Exploitation: Active Attacks Since January 2025

CVE News

SonicWall SMA VPN Exploitation: Active Attacks Since January 2025

Cybersecurity firm Arctic Wolf has confirmed that a remote code execution (RCE) vulnerability in SonicWall Secure Mobile...

Diamond Ticket Attacks: The Stealthy Kerberos Exploit Targeting Active Directory

Red-Team

Diamond Ticket Attacks: The Stealthy Kerberos Exploit Targeting Active Directory

The Diamond Ticket attack represents an advanced exploitation technique targeting Active Directory environments by manipulating Kerberos authentication...

GhostPack: Red Team Tactics for Active Directory Exploitation and Defense

Red-Team

GhostPack: Red Team Tactics for Active Directory Exploitation and Defense

Active Directory (AD) remains a prime target for attackers due to its central role in enterprise authentication...

Ransom.Win32.MAOLOA.THAAHBA: Technical Analysis of a Windows Ransomware Strain

Malware Analysis

Ransom.Win32.MAOLOA.THAAHBA: Technical Analysis of a Windows Ransomware Strain

Ransom.Win32.MAOLOA.THAAHBA is a targeted ransomware variant affecting Windows systems, first observed in January 2021. While classified as...

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

Malware Analysis

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

TrojanSpy.MSIL.REDLINESTEALER.YXBDM represents a sophisticated information-stealing malware targeting Windows systems, first identified by Trend Micro researchers in April...

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

CVE News

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

A newly identified threat, Trojan.W97M.CVE202140444.A, exploits a critical Microsoft Office vulnerability (CVE-2021-40444) to execute remote code through...

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Malware Analysis

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Ransom.Win64.CONTI.AA, a variant of the notorious Conti ransomware family, remains a significant threat to Windows systems despite...

Imperius: Exposing Hidden Linux Kernel Rootkits for Security Teams

Red-Team

Imperius: Exposing Hidden Linux Kernel Rootkits for Security Teams

A new tool called Imperius has emerged, designed to detect and expose Linux Kernel Module (LKM) rootkits...

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….

Fig. 1 – A screenshot showing the results of Get-InjectedThreadEx scanning a process into which a 4.11 Beacon has just been injected.

C2-Updates

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….

DNS Over HTTPS Beacon The new DoH implementation blends DNS C2 with legitimate web traffic: Default configuration...

Post-Exploitation

Moldovan Arrest Tied to DoppelPaymer Ransomware: Implications for Threat Actors

Harrods Cyberattack: Technical Analysis of the UK Retail Breach

Security Breach in Unofficial Signal App Used by Trump Administration Officials

SuperShell and Cobalt Strike Payloads Found in Open Directories: Analysis and Mitigation

Hitachi Vantara Disrupts Akira Ransomware Attack Through Server Isolation

Fog Ransomware Exposes Active Directory Exploitation Toolkit in Open Server

Federal Charges Filed Against Alleged SmokeLoader Malware Operator in Vermont

SonicWall SMA VPN Exploitation: Active Attacks Since January 2025

Diamond Ticket Attacks: The Stealthy Kerberos Exploit Targeting Active Directory

GhostPack: Red Team Tactics for Active Directory Exploitation and Defense

Ransom.Win32.MAOLOA.THAAHBA: Technical Analysis of a Windows Ransomware Strain

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Imperius: Exposing Hidden Linux Kernel Rootkits for Security Teams

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….

You may have missed

Procolored Printer Drivers Distributed Malware for Six Months: Technical Analysis and Mitigation

Tor Oniux: Kernel-Level Network Anonymization for Linux Applications

Google Chrome’s Security Update: Blocking Admin-Level Launches in Windows

Australian Human Rights Commission Data Breach: Technical Analysis and Impact