Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise

In this article 1. Abuse of trusted relationships as an attack delivery mechanism 2. Methods, tools, and access strategies 3. Campaign conclusion 4. Microsoft Defender detection and hunting guidance In recent years, many sophisticated intrusions have increasingly avoided using noisy exploits,...

Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise

In this article 1. Abuse of trusted relationships as an attack delivery mechanism 2. Methods, tools, and access strategies 3. Campaign conclusion 4. Microsoft Defender detection and hunting guidance In recent years, many sophisticated intrusions have increasingly avoided using noisy exploits,...

UAT-8302 and its box full of malware

Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat APT group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. After successful compromises, UAT-8302 deploys multiple custom-made...

CVE-2026-1842

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime default one year, an authenticated...

CVE-2026-1842

CVE-2026-1842 affects HyperCloud 2.3.5–2.6.8. Root cause: refresh tokens can be used directly for resource access and do not invalidate previously issued access tokens when a refresh token is used, allowing long-lived or concurrent access. Refresh tokens have a default lifetime of about one year,...

CVE-2026-1842 HyperCloud Improper Refresh Token Validation and Access Token Invalidation Allows Long-Term Unauthorized Access

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime default one year, an authenticated...

PT-2026-21250

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime default one year, an authenticated...

From Ransomware to Residency: Inside the Rise of the Digital Parasite

Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and...

Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices

Static Tundra is a Russian state-sponsored cyber espionage group linked to the FSB's Center 16 unit that has been operating for over a decade, specializing in compromising network devices for long-term intelligence gathering operations. The group actively exploits a seven-year-old vulnerability...

New 'Curly COMrades' APT Using NGEN COM Hijacking in Georgia, Moldova Attacks

A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks. "They repeatedly tried to extract the NTDS database from domain controllers --...

Stealthy Zardoor Backdoor Targets Saudi Islamic Charity Organization

An unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop a previously undocumented backdoor called Zardoor. Cisco Talos, which discovered the activity in May 2023, said the campaign has likely persisted since at...

Pakistani Hackers Targeting Indian Students in Latest Malware Campaign

The advanced persistent threat APT group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network ...

X (Formerly Twitter): Abuse of "Remember Me" functionality.

Steps to Reproduce:- 1. Navigate to https://twitter.com/login, Fill up the required details and click on the "Log in" button. Make sure you have checked "Remember Me" check-box. 2. Login Successfully, Analyze the cookie using FireBug, specially "authtoken" and "remembercheckedon". These cookies...

SshdJJFen.txt

J.J.F. / Hackers Team - Security Advisory =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: 05/09/1999 Release: 05/14/1999 Author: Zhodiac URL: http://www.jjf.org Application: sshd2 up to 2.0.11 OS: Unix Risk: Risky :, long term could gain system access. -=-=-=-=-=-=-=-= Introduction...