27 matches found
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416 , a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich,...
Iran-Linked MuddyWater Targets 100+ Organizations in Global Espionage Campaign
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa MENA region, including over 100 government entities. The...
EUVD-2024-21679
Malicious code in bioql PyPI...
Dutch Teens Arrested Over Alleged Spying for Pro-Russian Hackers
Dutch authorities arrest two teens recruited by pro-Russian hackers for spying missions. Learn how Russia is using disposable agents for sabotage across Europe...
CVE-2024-24255
A Race Condition discovered in geofence.cpp and missionfeasibilitychecker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions...
Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed
Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat APT group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor's activity reveals long-term...
Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions
An unnamed European Ministry of Foreign Affairs MFA and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail. ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned...
CVE-2024-24255
A Race Condition discovered in geofence.cpp and missionfeasibilitychecker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions...
Race condition
A Race Condition discovered in geofence.cpp and missionfeasibilitychecker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions...
CVE-2024-24255
A Race Condition discovered in geofence.cpp and missionfeasibilitychecker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions...
PX4 Drone Autopilot Security Vulnerability
PX4 Drone Autopilot is a PX4 Drone Autopilot for Drones open source. A security vulnerability exists in PX4 Autopilot version 1.14 and earlier. An attacker exploited the vulnerability to send a drone on an unexpected mission...
NSA Admits Secretly Buying Your Internet Browsing Data without Warrants
The U.S. National Security Agency NSA has admitted to buying internet browsing records from data brokers to identify the websites and apps Americans use that would otherwise require a court order, U.S. Senator Ron Wyden said last week. "The U.S. government should not be funding and legitimizing a...
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor
Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets...
missions-resplandor.com Cross Site Scripting vulnerability OBB-3394738
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware
The North Korean advanced persistent threat APT group known as Kimsuky has been observed using a piece of custom malware called RandomQuery as part of a reconnaissance and information exfiltration operation. "Lately, Kimsuky has been consistently distributing custom malware as part of...
APT29 utilizes cloud storage service to deliver malicious payloads
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary APT29, a cyber espionage gang uses cloud storage services such as Google Drive and Dropbox to distribute malware to compromised systems. The gang used a phishing campaign that targeted several Western diplomatic...
Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads — The Hacker News
The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several...
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection
The Chinese advanced persistent threat APT Mustang Panda a.k.a. Temp.Hex, HoneyMyte, TA416 or RedDelta has upgraded its espionage campaign against diplomatic missions, research entities and internet service providers ISPs – largely in and around Southeast Asia. For one thing, the APT has deployed...
Smersh - A Pentest Oriented Collaborative Tool Used To Track The Progress Of Your Company'S Missions
Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions and generate rapport. Preview front Angular: Documentation All information is available at the following address: https://docs.smersh.app How to contribute ? Just fork repository then create...
MISSIONS — The Next Level of Interactive Developer Security Training
If organizations want to get serious about software security, they need to empower their engineers to play a defensive role against cyberattacks as they craft their code. The problem is, developers haven't had the most inspiring introduction to security training over the years, and anything that...