KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System LMS popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as...

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182-GodzillaMemoryShell Help Usage: exploi...

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial...

A Dive into Earth Baku’s Latest Campaign

Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. In this blog entry, we examine the threat actor's latest tools, tactics, and procedures...

RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name...

Exploit for Injection in Atlassian Confluence_Data_Center

Project Introduction This project refers to the project of B...

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

It is an exploit module/toolkit targeting Apache Log4j. The targ...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 Spring Cloud Gateway Actuator API SpEL expres...

Tarrask malware uses scheduled tasks for defense evasion

As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors. The Microsoft Detection and Response Team DART in collaboration with the Microsoft Threat Intelligence Cent...

Exploit for Code Injection in Vmware Spring_Framework

spring-core-rce Spring Core RCE – Simple exploitation Can...

Threat Group Takes Aim Again at Cloud Platform Provider Zoho

State-backed adversaries expanded attacks against cloud platform company Zoho and its ManageEngine ServiceDesk Plus software, a help desk and asset management solution. A recent campaign marks an uptick in attacks against the firm’s platform, which have also included past targeting of Zoho’s...

Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

The Federal Bureau of Investigation FBI, CISA, and Coast Guard Cyber Command CGCYBER have updated the Joint Cybersecurity Advisory CSA published on September 16, 2021, which details the active exploitation of an authentication bypass vulnerability CVE-2021-40539 in Zoho ManageEngine ADSelfService...

Zoho’s ManagedEnginePassword Manager Flaw Torched by Godzilla Webshell, New Data Stealer

A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far technology,...

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on SSO solution. The spying...

Exploit for CVE-2021-3129

laravel-CVE-2021-3129-EXP CVE-2021-3129: One-click g...

TrickBot Banking Trojan Adds New Browser Manipulation Tools

The TrickBot banking Trojan, a close relative to Dyre, has a growing target list and new browser manipulation techniques, experts at IBM X-Force said. “We expect to see it amplify infection campaigns and fraud attacks, sharpen its aim on business and corporate accounts,” wrote Limor Kessem,...

Godzilla: Strike Zone - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Godzilla: Strike Zone published at the 'play' market has multiple vulnerabilities...

Godzilla Hacker Takes Down Several Pakistani Government Websites

While the rest of the world was engaged in cyber security and privacy, an Indian patriotic hacker targeted 43 major Pakistani Government official websites, including ‘President of Pakistan’, ‘Government of Pakistan’, 'Ministry of Defence’, and whole Ministry of Pakistan. Indian hacker Godzilla...