Key Linux systems may have security flaws which allow password theft

Cybersecurity researchers from Qualys have discovered two information disclosure vulnerabilities plaguing different Linux distros. The flaws, both of which are race condition bugs, allow threat actors to gain access to sensitive information. The first one is found in Ubuntu’s core Read More …

Exploits and vulnerabilities in Q1 2025

The first quarter of 2025, like previous ones, demonstrates a significant number of newly documented vulnerabilities. The trend largely mirrors previous years, so we will focus on new data that can be collected for the most popular platforms. This report Read More …

Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA

Today FortiGuard Labs is releasing this blog post about a case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). At the time of our investigation, two out of the three identified vulnerabilities Read More …

Lynx Ransomware: A Rebranding of INC Ransomware

In July 2024, researchers from Palo Alto Networks discovered a successor to INC ransomware named Lynx. Since its emergence, the group behind this ransomware has actively targeted organizations in various sectors such as retail, real estate, architecture, and financial and Read More …

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. Unit 42 researchers named these infected software packages PondRAT. They’ve also found Linux variants of Read More …

Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

Since 2022, Trend Micro researchers have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor. Most vendors identify this backdoor as a variant of existing malware such as Gh0st RAT or Rekoobe. However, Trend Read More …

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in Read More …

Hellhounds: Operation Lahat. Part 2

In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat. The report focused on the group’s attacks on Read More …

Springtail: New Linux Backdoor Added to Toolkit

Symantec’s Threat Hunter Team has uncovered a new Linux backdoor developed by the North Korean Springtail espionage group (aka Kimsuky) that is linked to malware used in a recent campaign against organizations in South Korea. The backdoor (Linux.Gomir) appears to Read More …