Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT. "The campaign opens with a spear phishing delivery - a ZIP...

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat activity cluster it...

[SECURITY] Fedora 42 Update: mupdf-1.26.3-6.fc42

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, su...

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware

A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087 , where CL refers to cluster, and...

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been...

[SECURITY] Fedora 43 Update: mupdf-1.27.1-4.fc43

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

[SECURITY] Fedora 42 Update: mupdf-1.26.3-5.fc42

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota BT in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated...

HoneyMyte (aka Mustang Panda) Deploys ToneShell Backdoor in New Attacks

HoneyMyte Mustang Panda is back with a new ToneShell backdoor. Read how this stealthy attack blinds Microsoft Defender to target government entities in Asia...

[SECURITY] Fedora 42 Update: python-pdfminer-20240706-4.fc42

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks

Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware called PlugXaka Korplug or SOGU. "The new variant's features overlap with both the RainyDay and Turian backdoors,...

Asian Arts Talents Foundation Website 安全漏洞

Asian Arts Talents Foundation Website is a website of Asian Arts Talents Foundation, Inc. A security vulnerability exists in Asian Arts Talents Foundation Website version v5.1.x, which stems from improper handling of the X-Forwarded-For header and could lead to cross-site scripting attacks...

CVE-2025-55473

Asian Arts Talents Foundation AATF Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting XSS. The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output encoding. This allows a...

SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients

Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers. "We first became aware of this threat cluster during a 2024 intrusion conducted against an...

Weak Password Vulnerability in Kingh5stream of Beijing Asian Control Technology Development Co.

Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and informatization software platform, focusing on independent research and development, marketing and service of domestic industrial software. A weak password vulnerability exists in Beijing...

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects

Threat actors have been observed targeting Internet Information Services IIS servers in Asia as part of a search engine optimization SEO manipulation campaign designed to install BadIIS malware. "It is likely that the campaign is financially motivated since redirecting users to illegal gambling...

Chinese-Speaking Group Manipulates SEO with BadIIS

This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment...

Unauthorized Access Vulnerability in KingH5Stream of Beijing Asian Control Technology Development Co.

Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and informatization software platform, focusing on independent research and development, marketing and service of domestic industrial software. An unauthorized access vulnerability exists in...