In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- CVE-2025-4365/CVE Unassigned: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)
June 18, 2025
During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability (CVE-2025-4365) was identified in NetScaler Console version 14.1.8.50 and found to affect versions of NetScaler Console and ...
- What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
June 18, 2025
In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russia state-sponsored cyber threat actor impersonating the U.S. Department of State. From at least April through early June 2025, this actor targeted prominent academics and critics of Russia, often using extensive rapport building and tailored lures to convince the target to set up application ...
- Scammers hijack websites of popular brands to insert fake phone number
June 18, 2025
Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. It often starts, as with so many attacks, with a sponsored search result on Google. In the latest example of this type of scam, we found tech support scammers hijacking the results of people looking for ...
- Jaw-dropping security flaws found in open source code could allow hackers to spirit away entire projects
June 18, 2025
Experts have revealed several critical vulnerabilities in GitHub Actions workflows which could pose serious risks to some major open source projects. A recent investigation by Sysdig’s Threat Research Team (TRT) has exposed how misconfigurations, particularly involving the pull_request_target trigger, could let attackers seize control over active repositories or extract sensitive credentials. The team demonstrated this by ...
- Pre-Auth RCE Alert: Critical SSH Flaw in Erlang/OTP (CVE-2025-32433)
June 18, 2025
The SonicWall Capture Labs threat research team became aware of a pre-authentication vulnerability in Erlang/OTP (Open Telegram Platform) SSH server implementation, assessed its impact, and developed mitigation measures. Erlang/OTP is a known toolkit used to build scalable, fault-tolerant systems such as telecommunications, messaging platforms, IoT infrastructure and financial services. It is used by organizations like Ericsson, ...
- Scania hit by cyberattack – thousands of customers potentially affected
June 18, 2025
Swedish automotive manufacturer Scania has confirmed suffering a cyberattack which saw it lose sensitive customer data. Security researchers Hackmanac found a new thread on a dark web forum, in which a database allegedly stolen from ‘insurance.scania.com’ was being offered for sale to an exclusive buyer for an unknown sum of money. “hi guys. we hacked new ...