Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware

The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a...

Muddywater Utilizes Custom Tools to Target Telecom Companies

Summary: Iranian espionage group Muddywater,targeted telecommunications companies in Egypt, Sudan, and Tanzania in November 2023. The attackers employed a diverse set of tools for this activity, including leveraging the MuddyC2Go infrastructure. Additionally, they utilized the SimpleHelp remote...

YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group

A relatively new threat actor known as YoroTrooper is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani...

TA866 New Financially-Motivated Threat Actor Targeting US and Germany Organizations

Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A new financially motivated threat actor named TA866 has been active since October 2022 and targets organizations in the United States and Germany. The attack chain...

RedGuard - C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check

0x00 Introduction Tool introduction RedGuard is a derivative work of the C2 facility pre-flow control technology. It has a lighter design, efficient flow interaction, and reliable compatibility with go language development. The core problem it solves is also in the face of increasingly complex re...

aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +33 more potentially affected by CVE-2020-2225 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.14)

org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.0, =1.4.2, =0.34, =1.561, =1.599 - org.jenkins-ci.plugins:Matrix-sorter-plugin =1.3 and more Source cves: CVE-2020-2225 Source advisory: OSV:GHSA-W43X-5F8F-686P...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +698 more potentially affected by CVE-2012-6072 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.480)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.9, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =0.1, =0.1, =0.17 and more Source cves: CVE-2012-6072 Source advisory: SNYK:JAVA-ORGJENKINSCIMAIN-9404603...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +745 more potentially affected by CVE-2013-0328 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.501)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.9, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =1.0, =0.1, =0.1, =0.17 and more Source cves: CVE-2013-0328 Source advisory: OSV:GHSA-Q5F8-FXRX-PW6F...

U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems ICS and supervisory control and data acquisition SCADA devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple...

com.cloudbees.jenkins.plugins:custom-tools-plugin (>=0.4 <=0.6) potentially affected by CVE-2022-29038 via org.jenkins-ci.plugins:extended-choice-parameter (=0.28)

org.jenkins-ci.plugins:extended-choice-parameter MAVEN version =0.28 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:extended-choice-parameter and may be impacted: - com.cloudbees.jenkins.plugins:custom-tools-plugin =0.4, =0.6...

com.cloudbees.jenkins.plugins:custom-tools-plugin (>=0.4 <=0.6) potentially affected by CVE-2022-27203 via org.jenkins-ci.plugins:extended-choice-parameter (=0.28)

org.jenkins-ci.plugins:extended-choice-parameter MAVEN version =0.28 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:extended-choice-parameter and may be impacted: - com.cloudbees.jenkins.plugins:custom-tools-plugin =0.4, =0.6...

com.cloudbees.jenkins.plugins:custom-tools-plugin (>=0.4 <=0.6) potentially affected by CVE-2022-27202 via org.jenkins-ci.plugins:extended-choice-parameter (=0.28)

org.jenkins-ci.plugins:extended-choice-parameter MAVEN version =0.28 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:extended-choice-parameter and may be impacted: - com.cloudbees.jenkins.plugins:custom-tools-plugin =0.4, =0.6...

com.cloudbees.jenkins.plugins:custom-tools-plugin (>=0.4 <=0.6) potentially affected by CVE-2022-27205 via org.jenkins-ci.plugins:extended-choice-parameter (=0.28)

org.jenkins-ci.plugins:extended-choice-parameter MAVEN version =0.28 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:extended-choice-parameter and may be impacted: - com.cloudbees.jenkins.plugins:custom-tools-plugin =0.4, =0.6...

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen...

aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +34 more potentially affected by CVE-2022-20615 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.18)

org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =2021.12.0, =1.0, =1.4.2, =0.34, =1.561, =1.599 and more Source cves: CVE-2022-20615 Source advisory: OSV:GHSA-VQWG-4V6F-H6X5...

Palestinian Hackers Tricked Victims to Install iOS Spyware

The groups used social engineering techniques on Facebook to direct targets to a wide range of malware, including custom tools...

I know what you did last summer, MuddyWater blending in the crowd

Introduction MuddyWater is an APT with a focus on governmental and telco targets in the Middle East Iraq, Saudi Arabia, Bahrain, Jordan, Turkey and Lebanon and also a few other countries in nearby regions Azerbaijan, Pakistan and Afghanistan. MuddyWater first surfaced in 2017 and has been active...

Phishing Spy Campaign Targets Top Mideast Officials

Researchers have discovered a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. Researchers at Lookout Security told Threatpost that the tool, dubbed Stealth Mango, has been used to collect over ...

B4Tm4N - PHP WEBSHELL

Features 0 File Manager 1 Sec. Info 2 Simply Database 3 Interactive terminal 4 PHP Reverse Back Connect 5 Run PHP Code 6 Custom Toolz 7 Self Script Encryptor ! Download B4Tm4N...

CopyKittens Exposed by ClearSky and Trend Micro

CopyKittens is a cyberespionage group that ClearSky has been reporting on since 2015, tracking their attacks on government-related bodies around the world. Trend Micro has supported this research at several points, including for their latest report released today on the group’s vast espionage...