CVE-2025-37108

creationtimestamp| type| source ---|---|--- 2025-07-31 19:46:51+00:00| seen| Telegram/DoV01kCjKZ6ti7GNyjpdqP2KDU698iyG9Rx0iw2SOxwQ4M...

Evil Ant The Python-Powered Ransomware

Summary: Evil Ant Ransomware, a sophisticated Python-based malware compiled with PyInstaller, operates covertly by hiding its console window and executing tasks discreetly. It aims to gain access to critical system functions and encrypt secured files. Threat Level - Amber | Attack Report For a...

Midnight Blizzard Exploiting Legacy OAuth for Lateral Movement

Summary: Midnight Blizzard exploited a legacy test OAuth application with elevated access due to a common password and lack of multi-factor authentication MFA. The attackers leveraged this access to move laterally within Microsofts network, potentially exfiltrating data and gaining broader contro...

NS-STEALER Utilizes Discord Bots for Covert Exfiltration of Sensitive Data

Summary: A recently discovered Java-based information stealer, named NS-STEALER, employs a Discord bot channel as an EventListener to exfiltrate sensitive data from compromised hosts. This malware is distributed through ZIP archives that disguise themselves as cracked software. Threat Level - Amb...

Anonymous Arabic Hacktivist Group Orchestrating Silver RAT

Summary: Silver RAT, a Windows-based RAT written in C and developed by a group known as "Anonymous Arabic," exhibits advanced capabilities, including antivirus evasion and ransomware encryption. Despite facing bans, the threat actors dynamic activities persist, featuring the sharing of cracked...

Rhadamanthys Stealer Version 0.5.0 Upgrade Overview

Summary: Rhadamanthys, the information-stealing malware, has taken a significant leap with its v0.5.0 upgrade, introducing expanded stealing features, raw syscalls, and an enhanced loader design, showcasing advanced evasion techniques. Its modular architecture allows for continuous updates,...

TA402’s Covert Operation Takes Aim at the Middle East

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TA402 aka Extreme Jackal launched sophisticated phishing campaigns targeting government entities in the Middle East. The objective was to deploy a newly developed initial access downloader called IronWin...

AtlasCross Exploits Organizations with DangerAds and AtlasAgent Trojans

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new threat actor by the name of AtlasCross has been identified employing phishing tactics that use Red Cross-themed lures as part of their attack strategy. These phishing campaigns are being used to...

LokiBot Data Exfiltrating Trojan Targets Windows Systems

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LokiBot, an infamous data-exfiltrating Trojan, has maintained a prominent presence since 2015. This pernicious malware predominantly sets its sights on Windows systems, diligently striving to acquire...

New Variant of BPFDoor Linux Malware Features Enhanced Encryption and Stealthy Communication

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Linux malware BPFDoor has been discovered, featuring more robust encryption and reverse shell communication. It uses the BPF to bypass firewall restrictions, allowing threat actors t...

Korean Word Processor Scam Alert Orcus RAT Lurking in Cracked Versions

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Orcus RAT, formerly known as Schnorchel, first appeared in April 2016 and allows for remote control of infected systems. Intruders are attempting to deploy a variant of Orcus RAT along with XMRig...

Multiple Ransomware groups targets open RDP Ports

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Many ransomware attacks are being launched against exposed Remote Desktop services by Threat Actors. At present, five ransomware families are attacking open RDP ports...

GHSA-MXR5-MC97-63RC

creationtimestamp| type| source ---|---|--- 2022-01-16 18:19:49+00:00| exploited| https://t.me/arvinclub/5124...

Summer SOTI - DDoS by the numbers

Time for a Change The State of the Internet / Security report has been the home for Akamai's research on DDoS, attack traffic and Internet threats for over three years. While the report has evolved and expanded its scope considerably over that time, the content and how it's presented have only se...