Python-based backdoor used to deploy RansomHub encryptors
Malware Developments
Python-based backdoor used to deploy RansomHub encryptors
A Python-based backdoor was recently identified by security researchers as a critical tool employed by ransomware affiliates to establish persistence and deploy encryptors across compromised networks. The malware demonstrates the use of advanced techniques like obfuscation and AI-assisted coding to evade detection. Its integration with known malware campaigns highlights its role as a second-stage payload in sophisticated, multi-phase attacks. READ MORE.
Microsoft 365 under attack with sophisticated Adversary-in-The-Middle (AiTM) phishing kit named "Sneaky 2FA"
Lately, a novel Adversary-in-the-Middle (AiTM) phishing kit named "Sneaky 2FA" emerged, targeting Microsoft 365 accounts through phishing-as-a-service (PhaaS) operations. Distributed by the "Sneaky Log" service on Telegram, this kit employs sophisticated methods to bypass multi-factor authentication (MFA), leveraging compromised infrastructure and customized phishing pages. Its rapid adoption by cybercriminals highlights the evolving threat landscape, where attackers increasingly seek advanced, cost-effective tools to conduct credential theft and Business Email Compromise (BEC) attacks. READ MORE.
Vulnerabilities and Exploitation Attempts?
Critical SAP vulnerabilities put core business systems at risk
SAP has released patches to address two critical vulnerabilities in its NetWeaver application server, both carrying a CVSS score of 9.9. These vulnerabilities—CVE-2025-0070 and CVE-2025-0066—pose significant risks, including privilege escalation and unauthorized data access. CVE-2025-0070 stems from weak authentication checks in the ABAP platform, enabling attackers to escalate their privileges. On the other hand, CVE-2025-0066 allows unauthorized access to sensitive data by exploiting weak access controls in the Internet Communication Framework, jeopardizing the system's privacy, reliability, and functionality. READ MORE.
Critical vulnerabilities in Ivanti Endpoint Manager versions
Ivanti has released several security updates to address vulnerabilities in its Avalanche, Application Control Engine, and Endpoint Manager (EPM) products. Among these, four critical vulnerabilities in EPM stand out with a 9.8 CVSS score, owing to absolute path traversal weaknesses that could enable remote unauthenticated attackers to access and leak confidential data. The vulnerabilities are CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, which impact EPM versions leading up to the 2024 and 2022 SU6 November security updates.?READ MORE.
Security risks highlighted in popular Unix synchronization tool
Security researchers have identified six vulnerabilities in the widely used Rsync file synchronization tool for Unix systems. Some of these flaws could allow attackers to execute arbitrary code on a client and attackers controlling a malicious server can read and write arbitrary files on connected clients. Sensitive data, including SSH keys, may be exfiltrated, and malicious code could be executed. READ MORE.
Actively exploited vulnerabilities addressed in latest Microsoft Patch Tuesday
Microsoft's January 2025 security update addresses a staggering 161 vulnerabilities, including three zero-day flaws that have been actively exploited in the wild. Among the updates, 11 vulnerabilities are rated as Critical, while 149 are deemed Important. READ MORE.
A sophisticated campaign targeting management interfaces on Fortinet, Fortigate Products
A sophisticated cyber campaign has been detected, targeting Fortinet FortiGate firewall devices, posing a significant security threat. By exploiting vulnerabilities to access the firewalls' management interfaces, the attackers were able to make unauthorized configuration changes and exfiltrate credentials, potentially leading to further intrusions and data breaches. READ MORE.
Gain deeper Cyber Threat Intelligence (CTI) insights!
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.