Top News

• Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates

"A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia."

Link

TLP¹ : Green

Top News

• HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack

"The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system."

Link

Top News

• Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions

"Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store."

Link

Top News

• Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks

"An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors."

Link

TLP¹ : Green

Top News

• North Korean Hackers Suspected in New Wave of Malicious npm Packages

"The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules."

Link

TLP¹ : Green

Top News

• New Python URL Parsing Flaw Could Enable Command Execution Attacks

"A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution."

Link

Top News

• New SystemBC Malware Variant Targets Southern African Power Company

"An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack."

Link

Top News

• Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization

"Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective. "

Link

Top News

• Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining

"Exposed Kubernetes (K8s) clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors."

Link

TLP¹ : Green

Top News

• Hackers Abusing Cloudflare Tunnels for Covert Communications

"New research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access."

Link

TLP¹ : Green