SIEM as a Service
SideCopy APT group Exploiting WinRAR Zero-Day to Deliver Ares RAT

SideCopy APT group Exploiting WinRAR Zero-Day to Deliver Ares RAT

SideCopy, the Pakistani-based threat actor, has been using the WinRAR vulnerability (CVE-2023-38831) to target Indian government entities for delivering multiple RATs (Remote Access Trojans) like AllaKore RAT, Ares RAT, and DRat. The threat actor has...
Russian Threat Actor “farnetwork” Linked With 5 Ransomware Strains

Russian Threat Actor “farnetwork” Linked With 5 Ransomware Strains

In March 2023, the cybersecurity landscape witnessed a significant revelation as Group-IB's Threat Intelligence team delved into the clandestine world of farnetwork, an elusive threat actor linked to five notorious ransomware strains.  Farnetwork, also known...

AWS Patches Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has recently addressed two critical security vulnerabilities affecting its popular cloud-based services: Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV (Desktop Cloud Visualization). The vulnerabilities, identified as CVE-2025-0500 and CVE-2025-0501, could...

Yubico PAM Module Vulnerability Let Attackers Bypass Authentications In Certain Configurations

A leading provider of hardware authentication security keys, Yubico has recently disclosed a significant vulnerability in its PAM (Pluggable Authentication Module) software package. The flaw was identified as "CVE-2025-23013," could potentially allow attackers to evade...

Hackers Exploiting Companies’ Google Ads Accounts To Serve Malicious Ads

In a disturbing trend that has gained momentum since late 2024, cybercriminals are increasingly targeting Google Ads accounts belonging to legitimate businesses to serve malicious advertisements. This sophisticated attack vector, known as malvertising, poses a...

Black Basta Rapid-Fire Attack Blasted 1,165 Emails at 22 Target Mailboxes in 90 Minutes

A recent cyberattack mimicking the notorious Black Basta ransomware group's tactics targeted one of SlashNext's clients, bombarding 22 user inboxes with 1,165 malicious emails in just 90 minutes. This rapid-fire attack, aimed at huge user...

New MintsLoader Employs Domain Generation Algorithm & Anti-VM Techniques for Sophistication

The cybersecurity landscape has witnessed a significant evolution with the emergence of MintsLoader, a sophisticated malware loader that employs advanced techniques to evade detection and enhance its operational effectiveness. Discovered by eSentire's Threat Response Unit...

Researchers Detailed the Ghostwriter APT Infrastructure Used to Launch Cyber Attacks

Cybersecurity researchers have uncovered new details about the infrastructure used by the Ghostwriter advanced persistent threat (APT) group to launch cyber attacks, primarily targeting Ukraine and other Eastern European countries. The findings, published by multiple...

Hackers Weaponize MSI Packages & PNG Files To Deliver Multi-Stage Malware

A sophisticated cyberattack campaign targeting Chinese-speaking organizations in Hong Kong, Taiwan, and mainland China has been uncovered recently by Intezer Labs. The attackers are employing a multi-stage loader, dubbed PNGPlug, to deliver the notorious ValleyRAT...

New Android Malware Mimics Chat App to Steal Sensitive Data

A sophisticated Android malware campaign targeting users in South Asia, particularly in the Kashmir region of India has been recently uncovered by the cybersecurity researchers at Cyfirma. The malware, disguised as a chat application called...
SIEM as a Service

Recent Posts