Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

In 2025, we observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group we have known since 2014. During our investigation, we identified n...

Cloud Atlas activity in the first half of 2025: what changed

Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process CVE-2018-0802 to download and execute malicious cod...

BIT-MOODLE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor

Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization when opening the equation editor, leading to a stored XSS risk when editing another user's equation...

GHSA-9QGQ-93C7-9HM4 Moodle stored Cross-site Scripting (XSS)

Additional sanitizing was required when opening the equation editor to prevent a stored Cross-site Scripting XSS risk when editing another user's equation...

Moodle stored Cross-site Scripting (XSS)

Additional sanitizing was required when opening the equation editor to prevent a stored Cross-site Scripting XSS risk when editing another user's equation...

CVE-2024-33997

Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation...

CVE-2024-33997

Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation...

CVE-2024-33997

Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation...

UBUNTU-CVE-2024-33997

Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation...

CVE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor

Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation...

CVE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor

Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation...

PT-2024-3826 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to a stored Cross-site Scripting XSS risk. When editing another user's equation in the equation editor, additional sanitizing was required to prevent this risk. The...

Cloud Atlas Exploits Six-Year-Old Flaw to Target Russian Companies

Summary: The threat actor Cloud Atlas has been identified in spear-phishing attacks targeting Russian enterprises. The modus operandi involves a phishing message in the initial stage, containing a lure document that exploits CVE-2017-11882, a memory corruption vulnerability in Microsoft Offices...

Agent Tesla’s New Variant Spreads Through Crafted Excel Files

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A phishing campaign has surfaced, disseminating a new iteration of the Agent Tesla malware through a meticulously crafted Microsoft Excel document. This document exploits a longstanding memory corruption...

Bitter APT Group Targets Chinese Energy Sector with New phishing Campaign

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A new cyber espionage campaign targeting the energy sector in China by the South Asian threat group Bitter APT. The campaign involves the use of social engineering tactics through phishing emails that...

Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments

High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the...

Bitter APT Hackers Continue to Target Bangladesh Military Entities

Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans,"...

SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

An "aggressive" advanced persistent threat APT group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attack...

Snake Keylogger Spreads Through Malicious PDFs

While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found. The campaign—discovered by researchers at HP Wolf...