KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System LMS popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as...

MS16-032-Cobalt-Strike-LPE-BOF

MS16-032 Beacon Object File BOF A Cobalt Strike Beacon Obje...

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Belarus-aligned threat actor known as Ghostwriter aka UAC-0057 and UNC1151 has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine CERT-UA,...

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particular...

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

Cybersecurity researchers have disclosed details of an advanced persistent threat APT group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. "Silver Dragon gains its initial access by exploiting public-facing...

New Advanced Linux VoidLink Malware Targets Cloud and container Environments

Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that's specifically designed for long-term, stealthy access to Linux-based cloud environments According to a new report from Check Point Research, the cloud-native...

CVE-2022-42948

Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI...

China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research is tracking the cluster under the name Ink Dragon. It's also referenced by t...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

PrintSpoofer Details !Licensehttps://img.shields.io/badge...

UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud

Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in search engine optimization SEO fraud and theft of high-value credentials, configuration files, and certificate data. Cisco's file census and DNS analysis show affected Internet Information Servic...

Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike

A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South America, and Oceania has been assessed to be a Chinese state-sponsored threat actor. Recorded Future, which was tracking...

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT. "CountLoader is being used either as par...

Cobalt-Strike-Aggressor-Scripts

This repository is an offensive tool for Cobalt Strike Aggressor Scripts. It is a collection of PowerShell scripts that aggregate various UAC bypass methods, including the MS16-032, MS16-135, and WScript bypass attacks. The scripts are designed to be used with the Cobalt Strike framework to perfo...

Exploit for CVE-2018-19323

CVE-2018-19323: GIGABYTE GDrv Exploitation Framework ---...

Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools

A Chinese-speaking advanced persistent threat APT actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. The activity has been attributed by Cisco Talo...

UAT-7237 targets Taiwanese web hosting infrastructure

Cisco Talos discovered UAT-7237, a Chinese-speaking advanced persistent threat APT group active since at least 2022, which has significant overlaps with UAT-5918. UAT-7237 conducted a recent intrusion targeting web infrastructure entities within Taiwan and relies heavily on the use of open-source...

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS

Japan's CERT coordination center JPCERT/CC on Thursday revealed it observed incidents that involved the use of a command-and-control C2 framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS for cross-platform system...

Cobalt Strike Beacon delivered via GitHub and social media

Introduction In the latter half of 2024, the Russian IT industry, alongside a number of entities in other countries, experienced a notable cyberattack. The attackers employed a range of malicious techniques to trick security systems and remain undetected. To bypass detection, they delivered...

Exploit for Use After Free in Adobe Flash_Player

CobaltStrike-Toolset Aggressor Script, Kit, Malleable C2 Profiles, External C2 and so on - Kits - ResourceKit - ExploitKit - Aggressor Script - chromedumpmimikatz.cna - nopowershell - SMBexecpsh Further Resources nopowershell smbexecpsh.cna CVE-2018-15982...

Ivanti Flaws Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure ICS appliances. According to a report published by JPCERT/CC today, the threat actors behind the...