CISO2CISO Cyber Security Resources - THREAT INTELLIGENCE - CISO2CISO.COM & CYBER SECURITY GROUP

THREAT INTELLIGENCE Notepads & resources

The Gentlemen Ransomware Detection: New Adversary Campaign Abuses Group Policies and Uses Advanced Tools to Target Critical Organizations – Source: socprime.com

The Gentlemen Ransomware Detection: New Adversary Campaign Abuses Group Policies and Uses Advanced Tools to...

MostereRAT Detection: Attackers Abuse AnyDesk and TightVNC for Persistent Access on Windows Systems – Source: socprime.com

MostereRAT Detection: Attackers Abuse AnyDesk and TightVNC for Persistent Access on Windows Systems – Source:...

Lazarus Group Attack Detection: Hackers Expand Their Toolkit with PondRAT, ThemeForestRAT, and RemotePE Malware Strains – Source: socprime.com

Lazarus Group Attack Detection: Hackers Expand Their Toolkit with PondRAT, ThemeForestRAT, and RemotePE Malware Strains...

CVE-2025-55177: Vulnerability in WhatsApp iOS & macOS Messaging Clients Exploited for Zero-Click Attacks – Source: socprime.com

CVE-2025-55177: Vulnerability in WhatsApp iOS & macOS Messaging Clients Exploited for Zero-Click Attacks – Source:...

CVE-2025-7775 Vulnerability: A New Critical NetScaler RCE Zero-Day Under Active Exploitation – Source: socprime.com

CVE-2025-7775 Vulnerability: A New Critical NetScaler RCE Zero-Day Under Active Exploitation – Source: socprime.com

UNC6384 Attack Detection: China-Linked Group Targets Diplomats and Hijacks Web Traffic Spreading a PlugX Variant – Source: socprime.com

UNC6384 Attack Detection: China-Linked Group Targets Diplomats and Hijacks Web Traffic Spreading a PlugX Variant...

BQTLOCK Ransomware Detection: New RaaS Operators Employ Advanced Detection Evasion Techniques – Source: socprime.com

BQTLOCK Ransomware Detection: New RaaS Operators Employ Advanced Detection Evasion Techniques – Source: socprime.com

CVE-2025-43300 Vulnerability: Zero-Day in iOS, iPadOS, and macOS Under Active Exploitation – Source: socprime.com

CVE-2025-43300 Vulnerability: Zero-Day in iOS, iPadOS, and macOS Under Active Exploitation – Source: socprime.com

CVE-2025-9074: Critical Vulnerability in Docker Desktop Enables Local Container Access to Docker Engine API via Subnet – Source: socprime.com

CVE-2025-9074: Critical Vulnerability in Docker Desktop Enables Local Container Access to Docker Engine API via...

Crypto24 Ransomware Detection: Hackers Hit Large Organizations via Legitimate Tools and Custom Malware to Stay Under the Radar – Source: socprime.com

Crypto24 Ransomware Detection: Hackers Hit Large Organizations via Legitimate Tools and Custom Malware to Stay...

CVE-2025-8088 Detection: WinRAR Zero-Day Is Actively Exploited in the Wild to Install RomCom Malware – Source: socprime.com

CVE-2025-8088 Detection: WinRAR Zero-Day Is Actively Exploited in the Wild to Install RomCom Malware –...

UAC-0099 Attack Detection: Hackers Target Government and Defense Agencies in Ukraine Using MATCHBOIL, MATCHWOK, and DRAGSTARE Malware – Source: socprime.com

UAC-0099 Attack Detection: Hackers Target Government and Defense Agencies in Ukraine Using MATCHBOIL, MATCHWOK, and...

Secret Blizzard Attack Detection: russia-Backed APT Targets Foreign Embassies in Moscow With ApolloShadow Malware – Source: socprime.com

Secret Blizzard Attack Detection: russia-Backed APT Targets Foreign Embassies in Moscow With ApolloShadow Malware –...

CVE-2025-8292: Use-After-Free Vulnerability in Google Chrome Leads to RCE and System Compromise – Source: socprime.com

CVE-2025-8292: Use-After-Free Vulnerability in Google Chrome Leads to RCE and System Compromise – Source: socprime.com

Koske Malware Detection: New AI-Generated Linux Threat in the Wild – Source: socprime.com

Koske Malware Detection: New AI-Generated Linux Threat in the Wild – Source: socprime.com

Epsilon Red Ransomware Detection: New Adversary Campaign Targeting Users Globally via ClickFix – Source: socprime.com

Epsilon Red Ransomware Detection: New Adversary Campaign Targeting Users Globally via ClickFix – Source: socprime.com

Interlock Ransomware Detection: The FBI, CISA, and Partners Issue Joint Alert on Massive Attacks via the ClickFix Social Engineering Technique – Source: socprime.com

Interlock Ransomware Detection: The FBI, CISA, and Partners Issue Joint Alert on Massive Attacks via...

CVE-2025-53770 Detection: Microsoft SharePoint Zero-Day Vulnerability Is Actively Exploited for RCE Attacks – Source: socprime.com

CVE-2025-53770 Detection: Microsoft SharePoint Zero-Day Vulnerability Is Actively Exploited for RCE Attacks – Source: socprime.com

UAC-0001 (APT28) Attack Detection: The russia-Backed Actor Uses LLM-Powered LAMEHUG Malware to Target Security and Defense Sector – Source: socprime.com

UAC-0001 (APT28) Attack Detection: The russia-Backed Actor Uses LLM-Powered LAMEHUG Malware to Target Security and...

CVE-2025-6558 Vulnerability: Google Chrome Zero-Day Under Active Exploitation – Source: socprime.com

CVE-2025-6558 Vulnerability: Google Chrome Zero-Day Under Active Exploitation – Source: socprime.com

Interlock Ransomware Detection: Adversaries Deploy a Novel PHP-Based RAT Variant via FileFix – Source: socprime.com

Interlock Ransomware Detection: Adversaries Deploy a Novel PHP-Based RAT Variant via FileFix – Source: socprime.com

CVE-2025-25257 Vulnerability: Critical SQL Injection in Fortinet FortiWeb Enables Unauthenticated Remote Code Execution – Source: socprime.com

CVE-2025-25257 Vulnerability: Critical SQL Injection in Fortinet FortiWeb Enables Unauthenticated Remote Code Execution – Source:...

CVE-2025-47981: Critical Heap-Based Buffer Overflow Vulnerability in Windows SPNEGO Extended Negotiation Leads to RCE – Source: socprime.com

CVE-2025-47981: Critical Heap-Based Buffer Overflow Vulnerability in Windows SPNEGO Extended Negotiation Leads to RCE –...

BERT Ransomware Group Activity Detection: Attacks Across Asia, Europe, and the U.S. Targeting Windows and Linux Platforms – Source: socprime.com

BERT Ransomware Group Activity Detection: Attacks Across Asia, Europe, and the U.S. Targeting Windows and...

CVE-2025-32463 and CVE-2025-32462 Detection: Sudo Local Privilege Escalation Vulnerabilities Threaten Linux Environments – Source: socprime.com

CVE-2025-32463 and CVE-2025-32462 Detection: Sudo Local Privilege Escalation Vulnerabilities Threaten Linux Environments – Source: socprime.com

CVE-2025-5777 Detection: A New Critical Vulnerability Dubbed “CitrixBleed 2” in NetScaler ADC Faces Exploitation Risk – Source: socprime.com

CVE-2025-5777 Detection: A New Critical Vulnerability Dubbed “CitrixBleed 2” in NetScaler ADC Faces Exploitation Risk...

CVE-2025-32463 and CVE-2025-32462: Sudo Local Privilege Escalation Vulnerabilities Threaten Linux Environments – Source: socprime.com

CVE-2025-32463 and CVE-2025-32462: Sudo Local Privilege Escalation Vulnerabilities Threaten Linux Environments – Source: socprime.com

CVE-2025-20281 and CVE-2025-20282 Vulnerabilities: Critical RCE Flaws in Cisco ISE and ISE-PIC Enable Root Access – Source: socprime.com

CVE-2025-20281 and CVE-2025-20282 Vulnerabilities: Critical RCE Flaws in Cisco ISE and ISE-PIC Enable Root Access...

CVE-2025-49144 Vulnerability: Critical Privilege Escalation Flaw in Notepad++ Leads to Full System Takeover – Source: socprime.com

CVE-2025-49144 Vulnerability: Critical Privilege Escalation Flaw in Notepad++ Leads to Full System Takeover – Source:...

UAC-0001 (APT28) Activity Detection: The russian State-Sponsored Group Targets Government Agencies Using BEARDSHELL and COVENANT Malware – Source: socprime.com

UAC-0001 (APT28) Activity Detection: The russian State-Sponsored Group Targets Government Agencies Using BEARDSHELL and COVENANT...

CVE-2025-6018 and CVE-2025-6019 Vulnerability Exploitation: Chaining Local Privilege Escalation Flaws Lets Attackers Gain Root Access on Most Linux Distributions – Source: socprime.com

CVE-2025-6018 and CVE-2025-6019 Vulnerability Exploitation: Chaining Local Privilege Escalation Flaws Lets Attackers Gain Root Access...

Mocha Manakin Attack Detection: Hackers Spread a Custom NodeJS Backdoor Dubbed NodeInitRAT Using the Paste-and-Run Technique – Source: socprime.com

Mocha Manakin Attack Detection: Hackers Spread a Custom NodeJS Backdoor Dubbed NodeInitRAT Using the Paste-and-Run...

GrayAlpha Operation Detection: The Fin7-Affiliated Group Spreads PowerNet Loader, NetSupport RAT, and MaskBat Loader – Source: socprime.com

GrayAlpha Operation Detection: The Fin7-Affiliated Group Spreads PowerNet Loader, NetSupport RAT, and MaskBat Loader –...

CVE-2025-4123 Vulnerability: “The Grafana Ghost” Zero-Day Enables Malicious Account Hijacking – Source: socprime.com

CVE-2025-4123 Vulnerability: “The Grafana Ghost” Zero-Day Enables Malicious Account Hijacking – Source: socprime.com

Detect SimpleHelp RMM Vulnerability Exploitation: CISA Warns of Threat Actors Abusing Unpatched Flaws for Persistent Access and Ransomware Deployment – Source: socprime.com

Detect SimpleHelp RMM Vulnerability Exploitation: CISA Warns of Threat Actors Abusing Unpatched Flaws for Persistent...

CVE-2025-32711 Vulnerability: “EchoLeak” Flaw in Microsoft 365 Copilot Could Enable a Zero-Click Attack on an AI Agent – Source: socprime.com

CVE-2025-32711 Vulnerability: “EchoLeak” Flaw in Microsoft 365 Copilot Could Enable a Zero-Click Attack on an...

CVE-2025-33053 Detection: A Critical WebDAV Zero-Day RCE Vulnerability Actively Weaponized by Stealth Falcon APT Group – Source: socprime.com

CVE-2025-33053 Detection: A Critical WebDAV Zero-Day RCE Vulnerability Actively Weaponized by Stealth Falcon APT Group...

CVE-2025-33053 Exploitation: A Critical WebDAV Zero-Day RCE Vulnerability Actively Weaponized by Stealth Falcon APT Group – Source: socprime.com

CVE-2025-33053 Exploitation: A Critical WebDAV Zero-Day RCE Vulnerability Actively Weaponized by Stealth Falcon APT Group...

CVE-2025-33073: Windows SMB Client Zero-Day Lets Attackers Gain SYSTEM Privileges – Source: socprime.com

CVE-2025-33073: Windows SMB Client Zero-Day Lets Attackers Gain SYSTEM Privileges – Source: socprime.com

CVE-2025-5419 Vulnerability: New Google Chrome Zero-Day Actively Exploited in the Wild – Source: socprime.com

CVE-2025-5419 Vulnerability: New Google Chrome Zero-Day Actively Exploited in the Wild – Source: socprime.com

CVE-2025-20286 Vulnerability Exploitation: Critical Cisco ISE Flaw Affects AWS, Microsoft Azure, and OCI Cloud Deployments – Source: socprime.com

CVE-2025-20286 Vulnerability Exploitation: Critical Cisco ISE Flaw Affects AWS, Microsoft Azure, and OCI Cloud Deployments...

Zip Archive & C2 Domain Detection in Microsoft Sentinel via Uncoder AI – Source: socprime.com

Zip Archive & C2 Domain Detection in Microsoft Sentinel via Uncoder AI – Source: socprime.com

CyberLock, Lucky_Gh0$t, and Numero Detection: Hackers Weaponize Fake AI Tool Installers in Ransomware and Malware Attacks – Source: socprime.com

CyberLock, Lucky_Gh0$t, and Numero Detection: Hackers Weaponize Fake AI Tool Installers in Ransomware and Malware...

APT41 Attack Detection: Chinese Hackers Exploit Google Calendar and Deliver TOUGHPROGRESS Malware Targeting Government Agencies – Source: socprime.com

APT41 Attack Detection: Chinese Hackers Exploit Google Calendar and Deliver TOUGHPROGRESS Malware Targeting Government Agencies...

BadSuccessor Detection: Critical Windows Server Vulnerability Can Compromise Any User in Active Directory – Source: socprime.com

BadSuccessor Detection: Critical Windows Server Vulnerability Can Compromise Any User in Active Directory – Source:...

Detect APT28 Attacks: russian GRU Unit 26156 Targets Western Logistics and Technology Companies Coordinating Aid to Ukraine in a Two-Year Hacking Campaign – Source: socprime.com

Detect APT28 Attacks: russian GRU Unit 26156 Targets Western Logistics and Technology Companies Coordinating Aid...

ELPACO-Team Ransomware Attack Detection: Hackers Exploit Atlassian Confluence Vulnerability (CVE-2023-22527) to Gain RDP Access and Enable RCE – Source: socprime.com

ELPACO-Team Ransomware Attack Detection: Hackers Exploit Atlassian Confluence Vulnerability (CVE-2023-22527) to Gain RDP Access and...

CVE-2025-4427 and CVE-2025-4428 Detection: Ivanti EPMM Exploit Chain Leading to RCE – Source: socprime.com

CVE-2025-4427 and CVE-2025-4428 Detection: Ivanti EPMM Exploit Chain Leading to RCE – Source: socprime.com

Detect CVE-2025-31324 Exploitation by Chinese APT Groups Targeting Critical Infrastructure – Source: socprime.com

Detect CVE-2025-31324 Exploitation by Chinese APT Groups Targeting Critical Infrastructure – Source: socprime.com

Noodlophile Stealer Detection: Novel Malware Distributed Through Fake AI Video Generation Tools – Source: socprime.com

Noodlophile Stealer Detection: Novel Malware Distributed Through Fake AI Video Generation Tools – Source: socprime.com

Gunra Ransomware Detection: New Threat Targets Various Industries Globally Using Double-Extortion Tactics and Advanced Malicious Behaviors – Source: socprime.com

Gunra Ransomware Detection: New Threat Targets Various Industries Globally Using Double-Extortion Tactics and Advanced Malicious...

TerraStealerV2 and TerraLogger Detection: Golden Chickens Threat Actor Behind New Malware Families – Source: socprime.com

TerraStealerV2 and TerraLogger Detection: Golden Chickens Threat Actor Behind New Malware Families – Source: socprime.com

CVE-2025-31324 Detection: SAP NetWeaver Zero-Day Under Active Exploitation Exposes Critical Systems to Remote Code Execution – Source: socprime.com

CVE-2025-31324 Detection: SAP NetWeaver Zero-Day Under Active Exploitation Exposes Critical Systems to Remote Code Execution ...

CVE-2025-32432: Critical Craft CMS Vulnerability Is Actively Exploited in Zero-Day Attacks, Leads to Remote Code Execution – Source: socprime.com

CVE-2025-32432: Critical Craft CMS Vulnerability Is Actively Exploited in Zero-Day Attacks, Leads to Remote Code...

ToyMaker Activity Detection: Initial Access Brokers Compromise Hosts in Critical Infrastructure Organizations via SSH and File Transfer Utilities – Source: socprime.com

ToyMaker Activity Detection: Initial Access Brokers Compromise Hosts in Critical Infrastructure Organizations via SSH and...

CVE-2025-34028 Detection: A Maximum-Severity Vulnerability in the Commvault Command Center Enables RCE – Source: socprime.com

CVE-2025-34028 Detection: A Maximum-Severity Vulnerability in the Commvault Command Center Enables RCE – Source: socprime.com

Billbug Attack Detection: China-Linked Espionage Actors Target Southeast Asian Organizations – Source: socprime.com

Billbug Attack Detection: China-Linked Espionage Actors Target Southeast Asian Organizations – Source: socprime.com

CVE-2025-30406 Detection: Critical RCE Vulnerability in Gladinet CentreStack & Triofox Under Active Exploitation – Source: socprime.com

CVE-2025-30406 Detection: Critical RCE Vulnerability in Gladinet CentreStack & Triofox Under Active Exploitation – Source:...

CVE-2025-29824 Vulnerability: Exploitation of a Windows CLFS Zero-Day Could Trigger Ransomware Attacks – Source: socprime.com

CVE-2025-29824 Vulnerability: Exploitation of a Windows CLFS Zero-Day Could Trigger Ransomware Attacks – Source: socprime.com

UAC-0226 Attack Detection: New Cyber-Espionage Campaign Targeting Ukrainian Innovation Hubs and Government Entities with GIFTEDCROOK Stealer – Source: socprime.com

UAC-0226 Attack Detection: New Cyber-Espionage Campaign Targeting Ukrainian Innovation Hubs and Government Entities with GIFTEDCROOK...

Seashell Blizzard Attack Detection: A Long-Running Cyber-Espionage “BadPilot” Campaign by russian-linked Hacking Group – Source: socprime.com

Seashell Blizzard Attack Detection: A Long-Running Cyber-Espionage “BadPilot” Campaign by russian-linked Hacking Group – Source:...

UAC-0219 Attack Detection: A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL – Source: socprime.com

UAC-0219 Attack Detection: A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL – Source: socprime.com

CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary Commands – Source: socprime.com

CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary...

Gamaredon Campaign Detection: russia-backed APT Group Targets Ukraine Using LNK Files to Spread Remcos Backdoor – Source: socprime.com

Gamaredon Campaign Detection: russia-backed APT Group Targets Ukraine Using LNK Files to Spread Remcos Backdoor...

CoffeeLoader Detection: A New Sophisticated Malware Family Spread via SmokeLoader – Source: socprime.com

CoffeeLoader Detection: A New Sophisticated Malware Family Spread via SmokeLoader – Source: socprime.com

Weaver Ant Attack Detection: China-Linked Group Targets a Telecom Provider in Asia Using Multiple Web Shells, Including China Chopper – Source: socprime.com

Weaver Ant Attack Detection: China-Linked Group Targets a Telecom Provider in Asia Using Multiple Web...

CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE – Source: socprime.com

CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE...

CVE-2025-29927 Next.js Middleware Authorization Bypass Vulnerability – Source: socprime.com

CVE-2025-29927 Next.js Middleware Authorization Bypass Vulnerability – Source: socprime.com

CVE-2025-24813 Detection: Apache Tomcat RCE Vulnerability Actively Exploited in the Wild – Source: socprime.com

CVE-2025-24813 Detection: Apache Tomcat RCE Vulnerability Actively Exploited in the Wild – Source: socprime.com

Operation AkaiRyū Attacks Detection: China-Backed MirrorFace APT Targets Central European Diplomatic Institute Using ANEL Backdoor – Source: socprime.com

Operation AkaiRyū Attacks Detection: China-Backed MirrorFace APT Targets Central European Diplomatic Institute Using ANEL Backdoor...

UAC-0200 Attack Detection: Cyber-Espionage Activity Targeting Defense Industry Sector and the Armed Forces of Ukraine Using DarkCrystal RAT – Source: socprime.com

UAC-0200 Attack Detection: Cyber-Espionage Activity Targeting Defense Industry Sector and the Armed Forces of Ukraine...

Medusa Ransomware Detection: The FBI, CISA & Partners Warn of Increasing Attacks by Ransomware Developers and Affiliates Against Critical Infrastructure – Source: socprime.com

Medusa Ransomware Detection: The FBI, CISA & Partners Warn of Increasing Attacks by Ransomware Developers...

CVE-2025-24201 Exploitation: Apple Fixes the WebKit Zero-Day Vulnerability Used in Sophisticated Attacks – Source: socprime.com

CVE-2025-24201 Exploitation: Apple Fixes the WebKit Zero-Day Vulnerability Used in Sophisticated Attacks – Source: socprime.com

CVE-2025-27840: Vulnerability Exploitation in Espressif ESP32 Bluetooth Chips Can Lead to Unauthorized Access to Devices – Source: socprime.com

CVE-2025-27840: Vulnerability Exploitation in Espressif ESP32 Bluetooth Chips Can Lead to Unauthorized Access to Devices...

Detect Hellсat Ransomware Attacks: New Ransomware-as-a-Service Threat Group Targeting а Variety of High-Profile Organizations Globally...

CVE-2025-25730 Vulnerability: Authorization Bypass in Motorola Mobility Droid Razr HD (Model XT926) – Source: socprime.com

CVE-2025-25730 Vulnerability: Authorization Bypass in Motorola Mobility Droid Razr HD (Model XT926) – Source: socprime.com

CVE-2025-1001 Vulnerability in Medixant RadiAnt DICOM Viewer Enables Threat Actors to Perform Machine-in-the-Middle Attacks – Source: socprime.com

CVE-2025-1001 Vulnerability in Medixant RadiAnt DICOM Viewer Enables Threat Actors to Perform Machine-in-the-Middle Attacks –...

UAC-0173 Activity Detection: Hackers Launch Phishing Attacks Against Ukrainian Notaries Using the DARKCRYSTALRAT Malware – Source: socprime.com

UAC-0173 Activity Detection: Hackers Launch Phishing Attacks Against Ukrainian Notaries Using the DARKCRYSTALRAT Malware –...

CVE-2025–27364 in MITRE Caldera: Exploitation of a New Max-Severity RCE Vulnerability via Linker Flag Manipulation Can Lead to Full System Compromise – Source: socprime.com

CVE-2025–27364 in MITRE Caldera: Exploitation of a New Max-Severity RCE Vulnerability via Linker Flag Manipulation...

UAC-0212 Attack Detection: Hackers Linked to UAC-0002 aka Sandworm APT Subcluster Launch Targeted Attacks Against the Ukrainian Critical Infrastructure – Source: socprime.com

UAC-0212 Attack Detection: Hackers Linked to UAC-0002 aka Sandworm APT Subcluster Launch Targeted Attacks Against...

CVE-2025-20059: Relative Path Traversal Vulnerability in Ping Identity PingAM Java Policy Agent – Source: socprime.com

CVE-2025-20059: Relative Path Traversal Vulnerability in Ping Identity PingAM Java Policy Agent – Source: socprime.com

CVE-2025-0108 Detection: Active Exploitation of an Authentication Bypass Palo Alto Networks PAN-OS Software – Source: socprime.com

CVE-2025-0108 Detection: Active Exploitation of an Authentication Bypass Palo Alto Networks PAN-OS Software – Source:...

Ghost (Cring) Ransomware Detection: The FBI, CISA, and Partners Warn of Increasing China-Backed Group’s Attacks for Financial Gain – Source: socprime.com

Ghost (Cring) Ransomware Detection: The FBI, CISA, and Partners Warn of Increasing China-Backed Group’s Attacks...

CVE-2025-26465 & CVE-2025-26466 Vulnerabilities Expose Systems to Man-in-the-Middle and DoS Attacks – Source: socprime.com

CVE-2025-26465 & CVE-2025-26466 Vulnerabilities Expose Systems to Man-in-the-Middle and DoS Attacks – Source: socprime.com

CVE-2025-1094 Exploitation, a Critical SQL Injection Vulnerability in PostgreSQL That Can Lead to Arbitrary Code Execution – Source: socprime.com

CVE-2025-1094 Exploitation, a Critical SQL Injection Vulnerability in PostgreSQL That Can Lead to Arbitrary Code...

RedCurl/EarthKapre APT Attack Detection: A Sophisticated Cyber-Espionage Group Uses a Legitimate Adobe Executable to Deploy a Loader – Source: socprime.com

RedCurl/EarthKapre APT Attack Detection: A Sophisticated Cyber-Espionage Group Uses a Legitimate Adobe Executable to Deploy...

Sandworm APT Attacks Detection: russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine – Source: socprime.com

Sandworm APT Attacks Detection: russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine...

XE Group Activity Detection: From Credit Card Skimming to Exploiting CVE-2024-57968 and CVE-2025-25181 VeraCore Zero-Day Vulnerabilities – Source: socprime.com

XE Group Activity Detection: From Credit Card Skimming to Exploiting CVE-2024-57968 and CVE-2025-25181 VeraCore Zero-Day...

CVE-2025-0411 Detection: russian Cybercrime Groups Rely on Zero-Day Vulnerability in 7-Zip to Target Ukrainian Organizations – Source: socprime.com

CVE-2025-0411 Detection: russian Cybercrime Groups Rely on Zero-Day Vulnerability in 7-Zip to Target Ukrainian Organizations...

CVE-2025-21293 Detection: PoC Exploit Released for a Privilege Escalation Vulnerability in Active Directory Domain Services – Source: socprime.com

CVE-2025-21293 Detection: PoC Exploit Released for a Privilege Escalation Vulnerability in Active Directory Domain Services...

Lumma Stealer Detection: Sophisticated Campaign Using GitHub Infrastructure to Spread SectopRAT, Vidar, Cobeacon, and Other Types of Malware – Source: socprime.com

Lumma Stealer Detection: Sophisticated Campaign Using GitHub Infrastructure to Spread SectopRAT, Vidar, Cobeacon, and Other...

TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads – Source: socprime.com

TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads...

CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities – Source: socprime.com

CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains...

CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution – Source: socprime.com

CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution –...

Hackers Exploit AnyDesk Impersonating CERT-UA to Launch Cyber-Attacks – Source: socprime.com

Hackers Exploit AnyDesk Impersonating CERT-UA to Launch Cyber-Attacks – Source: socprime.com

CVE-2024-49113 Detection: Windows LDAP Denial-of-Service Vulnerability aka LDAPNightmare Exploited via a Publicly Available PoC – Source: socprime.com

CVE-2024-49113 Detection: Windows LDAP Denial-of-Service Vulnerability aka LDAPNightmare Exploited via a Publicly Available PoC –...

CVE-2024-55591 Detection: Critical Zero-Day Vulnerability in Fortinet FortiOS and FortiProxy Actively Exploited in the Wild – Source: socprime.com

CVE-2024-55591 Detection: Critical Zero-Day Vulnerability in Fortinet FortiOS and FortiProxy Actively Exploited in the Wild...

Detect Banshee Stealer: Stealthy Apple macOS Malware Evades Detection Using XProtect Encryption – Source: socprime.com

Detect Banshee Stealer: Stealthy Apple macOS Malware Evades Detection Using XProtect Encryption – Source: socprime.com

EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East – Source: socprime.com

EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the...

NonEuclid RAT Detection: Malware Enables Adversaries to Gain Unauthorized Remote Access and Control Over a Targeted System – Source: socprime.com

NonEuclid RAT Detection: Malware Enables Adversaries to Gain Unauthorized Remote Access and Control Over a...

CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers – Source: socprime.com

CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows...

Strela Stealer Attack Detection: New Malware Variant Now Targets Ukraine Alongside Spain, Italy, and Germany – Source: socprime.com

Strela Stealer Attack Detection: New Malware Variant Now Targets Ukraine Alongside Spain, Italy, and Germany...

KRaft: Apache Kafka Without ZooKeeper – Source: socprime.com

KRaft: Apache Kafka Without ZooKeeper – Source: socprime.com

UAC-0125 Attack Detection: Hackers Use Fake Websites on Cloudflare Workers to Exploit the “Army+” Application – Source: socprime.com

UAC-0125 Attack Detection: Hackers Use Fake Websites on Cloudflare Workers to Exploit the “Army+” Application...

Understanding OpenSearch Routing Allocation Settings – Source: socprime.com

Understanding OpenSearch Routing Allocation Settings – Source: socprime.com

Using Ruby Code in Logstash for Translating Text from HEX – Source: socprime.com

Using Ruby Code in Logstash for Translating Text from HEX – Source: socprime.com

DarkGate Malware Attack Detection: Voice Phishing via Microsoft Teams Leads to Malware Distribution – Source: socprime.com

DarkGate Malware Attack Detection: Voice Phishing via Microsoft Teams Leads to Malware Distribution – Source:...

UAC-0099 Attack Detection: Cyber-Espionage Activity Against Ukrainian State Agencies Using WinRAR Exploit and LONEPAGE Malware – Source: socprime.com

UAC-0099 Attack Detection: Cyber-Espionage Activity Against Ukrainian State Agencies Using WinRAR Exploit and LONEPAGE Malware...

How to Deal with the Warning: “No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate Basic’” – Source: socprime.com

How to Deal with the Warning: “No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate Basic’”...

Secret Blizzard Attack Detection: The russia-Linked APT Group Targets Ukraine via Amadey Malware to Deploy the Updated Kazuar Backdoor Version – Source: socprime.com

Secret Blizzard Attack Detection: The russia-Linked APT Group Targets Ukraine via Amadey Malware to Deploy...

CVE-2024-50623 Detection: Attackers Actively Exploit a RCE Vulnerability in Cleo Harmony, VLTrader, and LexiCom File Transfer Products – Source: socprime.com

CVE-2024-50623 Detection: Attackers Actively Exploit a RCE Vulnerability in Cleo Harmony, VLTrader, and LexiCom File...

New Cyber-Espionage Campaign Detection: Suspected China-Backed Actors Target High-Profile Organizations in Southeast Asia – Source:...

UAC-0185 aka UNC4221 Attack Detection: Hackers Target the Ukrainian Defense Forces and Military-Industrial Complex – Source: socprime.com

UAC-0185 aka UNC4221 Attack Detection: Hackers Target the Ukrainian Defense Forces and Military-Industrial Complex –...

BlueAlpha Attack Detection: russia-affiliated Hacking Collective Abuses Cloudflare Tunnels to Distribute GammaDrop Malware – Source: socprime.com

BlueAlpha Attack Detection: russia-affiliated Hacking Collective Abuses Cloudflare Tunnels to Distribute GammaDrop Malware – Source:...

RevC2 and Venom Loader Detection: New Malware Strains Massively Deployed via MaaS in a Sophisticated Campaign – Source: socprime.com

RevC2 and Venom Loader Detection: New Malware Strains Massively Deployed via MaaS in a Sophisticated...

SmokeLoader Malware Detection: Notorious Loader Reemerges to Target Companies in Taiwan – Source: socprime.com

SmokeLoader Malware Detection: Notorious Loader Reemerges to Target Companies in Taiwan – Source: socprime.com

HATVIBE and CHERRYSPY Malware Detection: Cyber-Espionage Campaign Conducted by TAG-110 aka UAC-0063 Targeting Organizations in Asia and Europe – Source: socprime.com

HATVIBE and CHERRYSPY Malware Detection: Cyber-Espionage Campaign Conducted by TAG-110 aka UAC-0063 Targeting Organizations in...

BlackSuit Ransomware Detection: Ignoble Scorpius Escalates Attacks, Targets 90+ Organizations Worldwide – Source: socprime.com

BlackSuit Ransomware Detection: Ignoble Scorpius Escalates Attacks, Targets 90+ Organizations Worldwide – Source: socprime.com

BianLian Ransomware Detection: AA23-136A Joint Cybersecurity Advisory Details on TTPs Leveraged by BianLian Operators in the Ongoing Malicious Campaigns – Source: socprime.com

BianLian Ransomware Detection: AA23-136A Joint Cybersecurity Advisory Details on TTPs Leveraged by BianLian Operators in...

Fickle Stealer Malware Detection: New Rust-Based Stealer Disguises as Legitimate Software to Steal Data from Compromised Devices – Source: socprime.com

Fickle Stealer Malware Detection: New Rust-Based Stealer Disguises as Legitimate Software to Steal Data from...

PXA Stealer Detection: Vietnamese Hackers Hit the Public and Education Sectors in Europe and Asia – Source: socprime.com

PXA Stealer Detection: Vietnamese Hackers Hit the Public and Education Sectors in Europe and Asia...

New Remcos RAT Activity Detection: Phishing Campaign Spreading a Novel Fileless Malware Variant – Source: socprime.com

New Remcos RAT Activity Detection: Phishing Campaign Spreading a Novel Fileless Malware Variant – Source:...

Interlock Ransomware Detection: High-Profile and Double-Extortion Attacks Using a New Ransomware Variant – Source: socprime.com

Stealthy Strela Stealer Detection: Info-Stealing Malware Resurfaces with Enhanced Capabilities to Target Central and Southwestern Europe – Source: socprime.com

Stealthy Strela Stealer Detection: Info-Stealing Malware Resurfaces with Enhanced Capabilities to Target Central and Southwestern...

UAC-0050 Phishing Attack Detection: The russia-Backed Group Massively Spreads Tax-Related Phishing Emails and Exploit LITEMANAGER – Source: socprime.com

UAC-0050 Phishing Attack Detection: The russia-Backed Group Massively Spreads Tax-Related Phishing Emails and Exploit LITEMANAGER...

UAC-0001 aka APT28 Attack Detection: Leveraging PowerShell Command in Clipboard as Initial Entry Point – Source: socprime.com

UAC-0001 aka APT28 Attack Detection: Leveraging PowerShell Command in Clipboard as Initial Entry Point –...

CVE-2024-47575 Detection: FortiManager API Vulnerability Exploited in Zero-Day Attacks – Source: socprime.com

CVE-2024-47575 Detection: FortiManager API Vulnerability Exploited in Zero-Day Attacks – Source: socprime.com

UAC-0218 Attack Detection: Adversaries Steal Files Using HOMESTEEL Malware – Source: socprime.com

UAC-0218 Attack Detection: Adversaries Steal Files Using HOMESTEEL Malware – Source: socprime.com

“Rogue RDP” Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers – Source: socprime.com

“Rogue RDP” Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian...

Detect Brute Force and Credential Access Activity Linked to Iranian Hackers: The FBI, CISA, and Partners Warn Defenders of Growing Attacks Against Critical Infrastructure Organizations – Source: socprime.com

Detect Brute Force and Credential Access Activity Linked to Iranian Hackers: The FBI, CISA, and...

MEDUZASTEALER Detection: Hackers Distribute Malware Masquerading the Sender as Reserve+ Technical Support via Telegram Messaging Service – Source: socprime.com

MEDUZASTEALER Detection: Hackers Distribute Malware Masquerading the Sender as Reserve+ Technical Support via Telegram Messaging...

UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine – Source: socprime.com

UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine...

Earth Simnavaz (aka APT34) Attack Detection: Iranian Hackers Leverage Windows Kernel Vulnerability to Target UAE and Gulf Region – Source: socprime.com

Earth Simnavaz (aka APT34) Attack Detection: Iranian Hackers Leverage Windows Kernel Vulnerability to Target UAE...

LemonDuck Malware Detection: Exploits CVE-2017-0144 and Other Microsoft’s Server Message BlockSMB Vulnerabilities for Cryptocurrency Mining – Source: socprime.com

LemonDuck Malware Detection: Exploits CVE-2017-0144 and Other Microsoft’s Server Message BlockSMB Vulnerabilities for Cryptocurrency Mining...

Shrouded#Sleep Campaign Detection: North Korean Hackers Linked to the APT37 Group Use New VeilShell Malware Targeting Southeast Asia – Source: socprime.com

Shrouded#Sleep Campaign Detection: North Korean Hackers Linked to the APT37 Group Use New VeilShell Malware...

Detecting CUPS Exploits: Critical Security Vulnerabilities in Linux and Unix Systems Allow Remote Code Execution – Source: socprime.com

Detecting CUPS Exploits: Critical Security Vulnerabilities in Linux and Unix Systems Allow Remote Code Execution...

Gamaredon Attack Detection: Cyber-Espionage Operations Against Ukraine by the russia-linked APT – Source: socprime.com

Gamaredon Attack Detection: Cyber-Espionage Operations Against Ukraine by the russia-linked APT – Source: socprime.com

SnipBot Detection: A New RomCom Malware Variant Leverages a Custom Code Obfuscation Method and Sophisticated Evasion Techniques – Source: socprime.com

SnipBot Detection: A New RomCom Malware Variant Leverages a Custom Code Obfuscation Method and Sophisticated...

Ransomware, extorsion and the cyber crime ecosystem by NCSC & NCA

Ransomware, extorsion and the cyber crime ecosystem by NCSC & NCA

Countering Ransomware Financing – FATF Report March 2023

Countering Ransomware Financing – FATF Report March 2023

396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint

396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection...

Orange Cyberdefense

Orange Cyberdefense Security Navigator 2023 – Research-driven insights to build a safer digital society

Orange Cyberdefense Security Navigator 2023 – Research-driven insights to build a safer digital society

A Practical Guide for OSINT Investigators to Combat Disinformation and Fake Reviews Driven by AI (ChatGPT) by ShadowDragon

A Practical Guide for OSINT Investigators to Combat Disinformation and Fake Reviews Driven by AI...

BlackBerry CyberSecurity

Global Threat Intelligence Report – Delivering Actionable and Contextualized Intel to Increase Cyber Resilience by BlackBerry Cybersecurity.

Global Threat Intelligence Report – Delivering Actionable and Contextualized Intel to Increase Cyber Resilience by...

MORE RESOURCES

CISO Strategics

cyber operations & soc

red - blue & purple teams

THREAT INTELLIGENCE

VULNERABILITIES

CYBER ATTACKS

DATA BREACH

MALLWARE

RANSOMWARE

DDOS ATTACKS

CLOUD SECURITY

IOT SECURITY

ot security

devsecops

hacking

risk & compliance

governance

data privacy

MORE CISO2CISO RESOURCES LIBRARY TO VIEW

CISO Strategics

SOC OPERATIONS

THREAT INTELLIGENCE

vulnerabilities

cyber attacks

RansoNWARE

DDOS ATTACKS

RED - BLUE & PURPLE

DATA BREACH

DATA PRIVACY

CLOUD SECURITY

IOT - OT SECURITY

RISK & COMPLIANCE

DEVSECOPS

Views: 10