Back in 2024, Kaspersky researchers gave a brief description of a complex cyberespionage campaign that we dubbed “PassiveNeuron”. This campaign involved compromising the servers of government organizations with previously unknown APT implants, named “Neursite” and “NeuralExecutor”.
However, since its discovery, the PassiveNeuron campaign has been shrouded in mystery. For instance, it remained unclear how the implants in question were deployed or what actor was behind them. After the researchers detected this campaign and prevented its spreading back in June 2024, they did not see any further malware deployments linked to PassiveNeuron for quite a long time, about six months. However, since December 2024, Kaspersky researchers have observed a new wave of infections related to PassiveNeuron, with the latest ones dating back to August 2025.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access
June 19, 2025
BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a ...
- UBS bank reports data leak after attack on its external supplier
June 18, 2025
Zurich-based banking giant UBS Group has confirmed that company information was stolen during a cyberattack on one of its external suppliers, though it assured that no client data was compromised. The bank said the breach was part of a larger cyber incident affecting multiple companies, including former UBS affiliate Chain IQ and Swiss private bank Pictet. ...
- CVE-2025-4365/CVE Unassigned: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)
June 18, 2025
During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability (CVE-2025-4365) was identified in NetScaler Console version 14.1.8.50 and found to affect versions of NetScaler Console and ...
- What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
June 18, 2025
In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russia state-sponsored cyber threat actor impersonating the U.S. Department of State. From at least April through early June 2025, this actor targeted prominent academics and critics of Russia, often using extensive rapport building and tailored lures to convince the target to set up application ...
- Scammers hijack websites of popular brands to insert fake phone number
June 18, 2025
Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. It often starts, as with so many attacks, with a sponsored search result on Google. In the latest example of this type of scam, we found tech support scammers hijacking the results of people looking for ...
- Jaw-dropping security flaws found in open source code could allow hackers to spirit away entire projects
June 18, 2025
Experts have revealed several critical vulnerabilities in GitHub Actions workflows which could pose serious risks to some major open source projects. A recent investigation by Sysdig’s Threat Research Team (TRT) has exposed how misconfigurations, particularly involving the pull_request_target trigger, could let attackers seize control over active repositories or extract sensitive credentials. The team demonstrated this by ...