Cyber Watch: Latest Security News & Threat Updates
Mass Jacker: The Sneaky Malware That Steals Your Crypto from Your Clipboard
By Navinisha Mohan • 3/18/2025
Mass Jacker is a clipper malware that hijacks your clipboard, replacing copied crypto wallet addresses with attacker-controlled ones to steal funds.
Harmony Intelligence Secures $3M to Advance AI-Powered Ethical Hacking
By Vinayak Dhanwai • 3/18/2025
Harmony Intelligence raises $3M in seed funding to enhance its AI-driven ethical hacking technology, helping organizations stay ahead of AI-powered cyber threats.
OSINT for Good: How Open-Source Intelligence is Changing the World
By Navinisha Mohan • 3/14/2025
OSINT is a powerful tool for positive change, helping to monitor human rights, assist in disaster response, combat trafficking, and fight misinformation.
Shellshock (CVE-2014-6271): Exploiting Bash for Remote Code Execution
By Navinisha Mohan • 3/12/2025
Shellshock is a critical Bash vulnerability that allows attackers to execute arbitrary commands remotely by injecting malicious environment variables, posing a severe security risk.
Beware of Malicious .URL Files: A New Attack Vector
By Samarth Desai • 3/12/2025
Attackers are leveraging .URL files disguised as documents to initiate WebDAV requests and download malware, impacting over 1,600 victims in Colombia.
Ransomware via Webcam: Akira’s Exploit of IoT Vulnerabilities
By Samarth Desai • 3/12/2025
The Akira ransomware group exploited an insecure webcam to generate malicious SMB traffic, enabling silent file encryption within a network, highlighting the need for IoT security.
Prompt Injection: A Hidden Cybersecurity Threat to AI Systems
By Navinisha Mohan • 3/8/2025
Attackers can exploit Large Language Models (LLMs) using prompt injection to bypass safeguards, spread misinformation, and manipulate AI outputs.
How BitLocker Keeps Your Data Secure: Encryption & Vulnerabilities
By Navinisha Mohan • 3/7/2025
BitLocker encrypts your Windows drive using AES and TPM to protect your data, but vulnerabilities like ROCA and DMA attacks highlight the need for updates and strong security practices.
Detecting Phantom Goblin: ABE Bypass and VSCode Abuse
By Samarth Desai • 3/7/2025
Phantom Goblin malware exploits social engineering to deploy stealers, bypass App Bound Encryption, and abuse VSCode tunnels for credential theft and data exfiltration.
Critical VMware Zero-Days Allow VM Escape and Host Takeover
By Navinisha Mohan • 3/4/2025
Three actively exploited VMware zero-day flaws (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) allow attackers to escape VMs, take control of hosts, and compromise entire environments—patch immediately.
Abusing Windows Services for Persistence: Lotus Blossom's Sagerunex Backdoor
By Samarth Desai • 3/4/2025
Lotus Blossom, an espionage group, modifies Windows service registry keys to persist the Sagerunex backdoor, leveraging reg.exe to manipulate ServiceDll values and ensure execution on infected systems.
12,000+ API Keys and Passwords Found in Public Datasets: A Growing Security Threat
By Navinisha Mohan • 3/3/2025
Over 12,000 API keys and passwords were found exposed in public datasets used for training LLMs, posing a major security risk due to poor security practices and web scraping.
Threat Actors Abuse FTP to Execute Malicious Scripts
By Samarth Desai • 3/3/2025
Mustang Panda exploits ftp.exe to execute malicious scripts hidden in masqueraded PDF files, enabling persistence, credential theft, and data exfiltration.
Ghostwriter Strikes Back: New Phishing Campaign Targets Ukraine and Belarus
By Samarth Desai • 3/3/2025
Ghostwriter targets Ukraine and Belarus with weaponized Excel files and rundll32.exe abuse.
Hackers Use Fake GitHub Repositories to Steal Bitcoin and Personal Data
By Vinayak Dhanwai • 2/28/2025
Hackers use fake GitHub projects to spread malware, stealing Bitcoin and personal data.
Security Flaw in ChatGPT Operator Exposes Private Data to Hackers
By Vinayak Dhanwai • 2/22/2025
OpenAI’s ChatGPT Operator has a security flaw that allows hackers to steal private data by tricking the AI into accessing sensitive websites.
Fake deepseek site infects mac users with poseidon stealer
By Samarth Desai • 2/22/2025
Atomic macOS Stealer (AMOS) is a malware targeting macOS to steal sensitive data like passwords, browser info, and cryptocurrency wallets, often spread through malvertising or infected websites, with stolen data exfiltrated to attacker-controlled servers.
Dirty Wolf's Tunneling Tool
By Samarth Desai • 2/22/2025
Dirty Wolf is a new cyber threat utilizing a novel tunneling tactic through phishing, persistence via a .vbs file, and connections to localtonet domains, associated with ransomware activity.
Earth Preta’s Latest Tactics: MAVInject Abuse for Evasion
By Samarth Desai • 2/19/2025
Mustang Panda (Earth Preta) exploits MAVInject.exe to inject malicious DLLs, bypassing security detection and leveraging legitimate tools like Setup Factory for stealthy attacks.
Kimsuky's Monolithic Werewolf: LNK & PowerShell Abusing Dropbox for Stealthy Attacks
By Samarth Desai • 2/19/2025
Kimsuky (Monolithic Werewolf) is using malicious LNK files and PowerShell to exploit Dropbox for stealthy malware delivery and data exfiltration.
PowerShell Cmdlet Abuse for Persistence in Malware Attacks
By Samarth Desai • 2/18/2025
Attackers are leveraging PowerShell cmdlets to create scheduled tasks disguised as Microsoft Edge updates, enabling persistence and evading detection.
New Phishing Kit Bypasses 2FA to Steal Credentials
By Vinayak Dhanwai • 2/17/2025
The Astaroth phishing kit uses session hijacking to bypass 2FA and steal credentials from Gmail, Yahoo, O365, and other platforms in real time.
South Korea Suspends DeepSeek AI Chatbot Over Privacy Concerns
By Vinayak Dhanwai • 2/17/2025
South Korea has temporarily halted new downloads of the Chinese AI chatbot DeepSeek due to privacy law violations, citing excessive data collection and security vulnerabilities.
Lazarus Group Unleashes Marstech1: A New JavaScript Threat Targeting Developers
By Vinayak Dhanwai • 2/16/2025
Lazarus Group's Marstech1 malware targets developers and crypto wallets via open-source supply chain attacks.
Privilege Escalation via Group Policy Preferences (GPP)
By Samarth Desai • 2/14/2025
Hackers exploit improperly stored credentials in Group Policy Preferences (GPP) to extract plaintext passwords from SYSVOL, targeting privileged accounts.
StrelaStealer - A Credential-Stealing Malware Campaign
By Samarth Desai • 2/14/2025
StrelaStealer is a phishing-based malware campaign that uses obfuscated JScript and WebDAV to steal email credentials while evading detection.
Sandworm targets Microsoft KMS Activation Tools
By Samarth Desai • 2/12/2025
The Sandworm campaign uses trojanized KMS activation tools to deploy BACKORDER and Dark Crystal RAT, leveraging system tools for evasion and persistence against Ukrainian Windows users.
-RckFSTm2o3YkFegCl4mCeCKQviSHeX.jpg&w=828&q=75)
Neural Networks & Deep Learning: Understanding AI for Cybersecurity
By Samarth Desai • 2/11/2025
Neural networks and deep learning power modern AI, with architectures like CNNs and RNNs enabling image recognition, speech processing, and cybersecurity advancements.
EDR evasion using Path masquerading
By Samarth Desai • 2/11/2025
Attackers evade EDR using file and path masquerading, highlighting the need for SIEM monitoring of process creation events.
BadIIS Malware Exploits IIS Servers for SEO Manipulation and Redirection
By Samarth Desai • 2/11/2025
BadIIS malware hijacks IIS servers for SEO manipulation; monitor IIS commands, AppCmd.exe abuse, and file changes for detection.
PowerShell Based Outlook Email Stealer
By Samarth Desai • 2/11/2025
A PowerShell-based infostealer exploits phishing emails with malicious HTA files to steal Outlook data via mshta.exe execution.
Adversaries Abuse PowerShell for Persistence
By Samarth Desai • 2/11/2025
Attackers use PowerShell cmdlets to persist via fake Microsoft Edge updates, executing via regsvr32, detectable through cmdlet analysis.