News • Insights • Analysis
ELF/Sshdinjector.A!tr is a collection of malware that can be injected into the SSH daemon. Samples of this malware collection surfaced around mid-November 2024. While Fortinet researchers have a good amount of threat intelligence on them (e.g., they are attributed to Read More …
In September, 2024 the Zero Day Initiative (ZDI) Threat Hunting team identified the exploitation of a 7-Zip zero-day vulnerability used in a SmokeLoader malware campaign targeting Ukrainian entities. The vulnerability, CVE-2025-0411, was disclosed to 7-Zip creator Igor Pavlov, leading to Read More …
FunkSec is a relatively new but highly active ransomware group that, as of this writing, has targeted several dozen victims across industries like government, banking, communications, and education. In a recent blog post, the group announced a partnership with another Read More …
As part of their research and monitoring efforts, the Supply Chain Security team of the Threat Intelligence department of the Positive Technologies Expert Security Center (PT ESC) detected and prevented a malicious campaign in the Python Package Index (PyPI) package Read More …
On the anniversary of the Battle of Kruty, a cyber unit of Ukraine’s Main Intelligence Directorate launched a DDoS attack on the digital infrastructure of Russia’s Gazprom and Gazpromneft. In particular, Ukrainian cyber professionals attacked the online services of the Read More …
Over the past month, FortiGuard Labs has identified several similar LNK files containing PowerShell commands designed to execute malicious scripts and connect to remote servers. These files are part of multi-stage operations that ultimately deliver the Coyote Banking Trojan. This Read More …
Since mid-2024, Kaspersky researchers observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which they have named “Tria Stealer” after unique strings found in campaign samples. The primary Read More …
We identified a cluster of activity that we track as CL-STA-0048. This cluster targeted high-value targets in South Asia, including a telecommunications organization. This activity cluster used rare tools and techniques including the technique we call Hex Staging, in which Read More …
The British Museum, the country’s most popular tourist attraction, was partially closed to the public on Saturday after an employee who had been fired broke in and shut down computer systems, museum management said. The museum in central London, which Read More …
Cybersecurity researchers from the Qualys Threat Research Unit have observed a new large-scale operation exploiting vulnerabilities in IP cameras and routers to build out a botnet. In a technical analysis, Qualys said the attackers were mostly exploiting CVE-2017-17215 and CVE-2024-7029, Read More …
