Back in 2024, Kaspersky researchers gave a brief description of a complex cyberespionage campaign that we dubbed “PassiveNeuron”. This campaign involved compromising the servers of government organizations with previously unknown APT implants, named “Neursite” and “NeuralExecutor”.
However, since its discovery, the PassiveNeuron campaign has been shrouded in mystery. For instance, it remained unclear how the implants in question were deployed or what actor was behind them. After the researchers detected this campaign and prevented its spreading back in June 2024, they did not see any further malware deployments linked to PassiveNeuron for quite a long time, about six months. However, since December 2024, Kaspersky researchers have observed a new wave of infections related to PassiveNeuron, with the latest ones dating back to August 2025.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Pre-Auth RCE Alert: Critical SSH Flaw in Erlang/OTP (CVE-2025-32433)
June 18, 2025
The SonicWall Capture Labs threat research team became aware of a pre-authentication vulnerability in Erlang/OTP (Open Telegram Platform) SSH server implementation, assessed its impact, and developed mitigation measures. Erlang/OTP is a known toolkit used to build scalable, fault-tolerant systems such as telecommunications, messaging platforms, IoT infrastructure and financial services. It is used by organizations like Ericsson, ...
- Scania hit by cyberattack – thousands of customers potentially affected
June 18, 2025
Swedish automotive manufacturer Scania has confirmed suffering a cyberattack which saw it lose sensitive customer data. Security researchers Hackmanac found a new thread on a dark web forum, in which a database allegedly stolen from ‘insurance.scania.com’ was being offered for sale to an exclusive buyer for an unknown sum of money. “hi guys. we hacked new ...
- Hackers steal and destroy millions from Iran’s largest crypto exchange
June 18, 2025
Iran’s largest crypto exchange, Nobitex, said Wednesday that it was hacked and funds have been drained from its hot wallet. In a statement on its website translated by TechCrunch, Nobitex said it detected unauthorized access to its infrastructure and hot wallet, in which the company stores a portion of its customers’ cryptocurrency. The company said it ...
- Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet
June 17, 2025
This blog details research and analysis of an active campaign that exploits a critical unauthenticated remote code execution (RCE) vulnerability, CVE-2025-3248, that has been identified in Langflow versions prior to 1.3.0. Langflow is a Python-powered visual framework for building AI applications with over 70,000 GitHub stars, and its versions prior to 1.3.0 contains a flaw ...
- U.S. companies brace for Israel-Iran cyber spillover
June 17, 2025
As Israel and Iran exchange airstrikes, cybersecurity experts are warning that a quieter, but still destructive, digital conflict is unfolding behind the scenes. And U.S. companies could soon find themselves in the blast radius. Iran and Israel are home to some of the world’s most skilled hackers. Escalating tensions between the two could spill over into ...
- Innovative Tunnelling and Forensic Tool Abuse: IR Tales from the Field
June 17, 2025
Rapid7’s Incident Response (IR) team was engaged to investigate an incident involving an attempted Cobalt Strike execution. The investigation uncovered twists and turns with pre-ransomware activities, tunneling tools, and attackers taking a page out of the defender’s playbook. The attacker took careful steps to maintain access to the environment through persistence that mimicked normal user behavior. ...