Security Affairs

JUNE 6, 2025

offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. “Maxim Alexandrovich Rudometov (Максим Александрович Рудомётов), born in 1999 in the Luhansk region of Ukraine, developed and has sold “information stealer” malware known as RedLine.”

Malware 88

Malware Passwords Identity Theft Accountability 88

The Hacker News

FEBRUARY 28, 2024

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances.

VPN 138

VPN Malware 138

Security Affairs

MARCH 10, 2025

In May 2024, Microsoft observed the North Korea-linked group “Moonstone Sleet” (Previously tracked as Storm-1789) using known and novel techniques like fake companies, trojanized tools, a malicious game, and custom ransomware for financial gain and espionage. ” Microsoft wrote on X.

Ransomware 120

Ransomware Healthcare VPN Malware 120

The Hacker News

SEPTEMBER 3, 2024

A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign.

VPN 117

VPN Software Malware Phishing 117

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. Researchers from cybersecurity firm Synacktiv published a technical analysis of a Rust malware, named KrustyLoader, that was delivered by threat actors exploiting the above vulnerabilities.

VPN 129

VPN Malware Authentication Small Business 129

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 110

Cryptocurrency Hacking Phishing Cyber Attacks 110

Security Affairs

NOVEMBER 13, 2024

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and stay under the radar.

VPN 124

VPN Government Malware Manufacturing 124

The Hacker News

NOVEMBER 15, 2024

A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.

VPN 117

VPN Malware 117

eSecurity Planet

APRIL 21, 2025

A notorious Russian hosting service provider known as Proton66 is at the center of a series of widespread cyberattacks and malware campaigns targeting organizations and users worldwide, according to fresh findings from cybersecurity experts. The malware connects to a C2 server at 193.143.1.139.

Malware 70

Malware Phishing Ransomware VPN 70

Malwarebytes

FEBRUARY 19, 2025

And in 2024, one malicious program in particular is responsible for the lions share of info stealer activityracking up 70% of known info stealer detections on Mac. These findings come from the 2025 State of Malware report. But the variety of information that these pieces of malware can steal makes them particularly dangerous.

Malware 131

Malware Software Passwords Cryptocurrency 131

Security Affairs

NOVEMBER 3, 2024

In September 2024, the Sekoia TDR team reported it had identified additional implants associated with the Quad7 botnet operation. The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities.

Passwords 135

Passwords Wireless VPN Accountability 135

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN 134

VPN Firmware Malware Government 134

Troy Hunt

FEBRUARY 25, 2025

By doing dumb stuff like this: “Around October I downloaded a pirated version of Adobe AE and after that a trojan got into my pc” pic.twitter.com/igEzOayCu6 — Troy Hunt (@troyhunt) August 5, 2024 So now this guy has malware running on his PC which is siphoning up all his credentials as they're entered into websites.

Passwords 362

Passwords Accountability VPN Malware 362

Security Affairs

OCTOBER 11, 2024

Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software.

Backups 132

Backups Ransomware VPN Authentication 132

Security Affairs

APRIL 30, 2025

In 2024, it was observed attacking OT organizations and linked to cyberattacks on 60 entities in Asia and Europe. In 2024, attacks primarily focused on governmental, diplomatic, and research sectors, with some campaigns specifically hitting French government organizations. ” continues the report.

Government 116

Government Phishing DNS VPN 116

The Hacker News

JANUARY 30, 2024

A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. and CVE-2024-21887 (CVSS score: 9.1), could be abused

VPN 102

VPN Malware 102

Krebs on Security

MAY 28, 2024

Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5 , an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. based startup that tracks proxy and VPN services.

VPN 297

VPN Banking Cybercrime Internet 297

Security Affairs

FEBRUARY 1, 2024

The CISA’s emergency directive orders to disconnect all instances no later than 11:59PM on Friday February 2, 2024. “As soon as possible and no later than 11:59PM on Friday February 2, 2024, disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks.”

VPN 132

VPN Authentication Software Malware 132

Security Affairs

JANUARY 19, 2025

CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems Russia-linked APT Star Blizzard targets WhatsApp accounts Prominent US law firm Wolf Haldenstein disclosed a data breach Clop Ransomware exploits Cleo File Transfer flaw: dozens (..)

Spyware 71

Spyware Data breaches DNS Artificial Intelligence 71

SecureList

NOVEMBER 23, 2023

As anticipated, they capitalized on major events and cultural crazes, using tricks that ranged from fake Barbie doll deals to exploiting the buzz around long-awaited video game releases, for example, by disguising malware as a cracked Hogwarts Legacy version , a classic move we have seen for years.

VPN 132

VPN Scams Education Internet 132

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. “SocGholish” and “LummaC2” are the most frequently observed malware in customer incidents. Our latest investigation revealed the same trend.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

Security Affairs

JANUARY 10, 2025

Between 2019 and 2024, the MirrorFace group launched three cyber campaigns targeting Japanese think tanks, government, academia, and key industries. Campaign A (20192023): Used emails with malware attachments (LODEINFO) to target politicians, media, and government. ” reads the report published by NPA.“This VS Code).

Antivirus 78

Antivirus Malware System Administration Technology 78

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 331

Malware Software Technology Accountability 331

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. 6 Run a Linux command immediately.

Malware 135

Malware VPN Encryption Hacking 135

Security Affairs

JUNE 6, 2025

Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762 , and CVE-2024-55591. in FortiOS SSL VPN was actively exploited in attacks in the wild. through 7.0.16

Ransomware 78

Ransomware Authentication Healthcare Firewall 78

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing Manufacturing 126

Security Affairs

NOVEMBER 25, 2024

Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise. for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series. for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series. .

Firewall 76

Firewall Ransomware VPN Firmware 76

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Email Threats: More than 75% of targeted attacks start with an email, delivering 94% of malware. RaaS usage is expected to increase by 25% in 2024. Shockingly, 96% of these attacks come through email.

Social Engineering 142

Social Engineering Cyber Attacks Cyber Insurance IoT 142

Security Affairs

MARCH 14, 2025

The threat actor exploited CVE-2024-55591 and CVE-2025-24472 in FortiOS and FortiProxy to gain super-admin access on vulnerable Fortinet appliances. “CVE-2024-55591 and CVE-2025-24472 allow unauthenticated attackers to gain super_admin privileges on vulnerable FortiOS devices (<7.0.16) with exposed management interfaces.”

Firewall 67

Firewall Ransomware VPN Encryption 67

Security Affairs

APRIL 7, 2025

x (end-of-support as of December 31, 2024), Ivanti Policy Secure and ZTA gateways. According to Google GTIG, threat actor UNC5221 exploited the flaw since March 2025 to deploy TRAILBLAZE and BRUSHFIRE malware, along with SPAWN malware. The flaw impacts Ivanti Connect Secure (version 22.7R2.5 and earlier), Pulse Connect Secure 9.x

Malware 108

Malware Cybersecurity Hacking Software 108

Security Affairs

DECEMBER 18, 2024

In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware.

Phishing 108

Phishing Government Firewall VPN 108

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware 132

Malware DNS Authentication Telecommunications 132

Security Boulevard

SEPTEMBER 11, 2024

Recent cybersecurity research claims that a new malware campaign masking itself as the Palo Alto VPN, GlobalProtect, is now targeting users in the Middle East. It has been observed that the malware employs a two-stage attack.

VPN 64

VPN Malware Risk Cybersecurity 64

Security Affairs

AUGUST 28, 2024

Cisco Talos observed the BlackByte ransomware group exploiting the recently patched security flaw CVE-2024-37085 in VMware ESXi hypervisors in recent attacks. The flaw CVE-2024-37085 (CVSS score of 6.8) BlackByte ransomware operators are exploiting a recently patched VMware ESXi hypervisors vulnerability in recent attacks.

Ransomware 128

Ransomware Authentication Encryption Manufacturing 128

Zero Day

JUNE 6, 2025

The records are being linked to the same ones compromised by cybercriminals in a data breach that AT&T announced in July of 2024. Collectively, they could easily put affected customers at risk for account takeovers and identity theft. million existing AT&T subscribers and 65.4 million former account holders.

Password Management 128

Password Management Passwords Software Artificial Intelligence 128

SecureList

APRIL 18, 2024

Introduction In February 2024, we discovered a new malware campaign targeting government entities in the Middle East. The group behind the campaign took steps to prevent collection and analysis of its implants and implemented practical and well-designed evasion methods both in network communications and in the malware code.

Malware 142

Malware VPN Software Government 142

Security Affairs

AUGUST 6, 2024

South Korea’s National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. In January 2024, the Kimsuky APT group was spotted distributing malware through the website of a construction industry association in South Korea. ” reads the advisory.

VPN 131

VPN Malware Software Hacking 131