Threat Intelligence
-
Taiwan Web Infrastructure Targeted by UAT-7237, Cisco Talos Says
Cisco Talos links a China-aligned APT cluster, UAT-7237, to attacks on Taiwan’s web infrastructure, using customized open-source tooling and a SoundBill shellcode loader to deploy backdoors and credentials-stealing utilities. The operation, active since 2022 and considered a sub-group of UAT-5918, also employs VPN persistence and RDP access, with updates to embed Mimikatz and broader lateral…
-
Discovery of Malicious Go Packages Exposes Supply Chain Vulnerabilities
Recent cybersecurity research highlights a critical vulnerability in the Go programming ecosystem with the discovery of 11 malicious packages designed for covert data exfiltration on Windows and Linux systems. The malware exploits the decentralized nature of Go modules, undermining developer confidence.
-
Coordinated Scanning Operation Targets Exposed Systems in Japan
A recent coordinated reconnaissance campaign involving 251 malicious IP addresses aims at exploiting vulnerabilities in web infrastructure, according to cybersecurity firm GreyNoise. The firm warns that organizations should take immediate action to block these IPs to reduce exposure.
-
Emerging Threat: Nitrogen Ransomware Targets Financial Sector in US, UK, and Canada
The Nitrogen ransomware strain has emerged as a significant threat to financial organizations in the US, UK, and Canada, encrypting crucial data and demanding hefty ransoms from victims. Cybersecurity experts warn that its sophisticated tactics pose a severe risk to unprepared entities.
-
Future of CVE Program in Jeopardy: Cybersecurity Community Calls for Stability
The CVE Program faces potential instability as US government funding decreases, raising concerns within the cybersecurity community about future preparedness and response to vulnerabilities. Experts stress the importance of this critical program and call for stable governance to mitigate risks.
