📢 DragonBreath : vulnérabilité 0-day BYOVD dans dragoncore_k.sys liée à APT-Q-27 et APT31
📝 ## 🔍 Contexte

Publié le 22 avril 2026 par Ransom-ISAC (Alex Necula & Ellis Stannard), ce rapport documente une **vulnérabilité 0-day cri...
📖 cyberveille : https://cyberveille.ch/posts/2026-05-09-dragonbreath-vulnerabilite-0-day-byovd-dans-dragoncore-k-sys-liee-a-apt-q-27-et-apt31/
🌐 source : https://ransom-isac.org/blog/dragonbreath-dragon-in-the-kernel/
#APT_Q_27 #APT31 #Cyberveille

It's been a pretty active 24 hours in the cyber world, with CISA warning about an actively exploited Oracle zero-day, new insights into China-linked APT31's stealthy operations against Russian IT, and a fresh look at a fileless, cross-platform phishing framework using browser notifications. Let's dive in:

Critical Oracle Identity Manager Zero-Day Under Active Exploitation ⚠️

- CISA has added CVE-2025-61757, a critical Oracle Identity Manager vulnerability (CVSS 9.8), to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation.
- This flaw allows pre-authenticated remote code execution by bypassing authentication for critical functions, stemming from a faulty security filter that can be tricked with "?WSDL" or ";.wadl" appended to URIs.
- Evidence suggests the vulnerability was exploited as a zero-day between August 30 and September 9, 2025, well before Oracle's October patch, with Federal Civilian Executive Branch agencies mandated to patch by December 12, 2025.

📰 The Hacker News | https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html

China-Linked APT31 Targets Russian IT with Cloud C2 🇨🇳

- The China-linked APT31 (aka Altaire, Violet Typhoon) has been attributed to stealthy cyberattacks against the Russian IT sector between 2024-2025, often remaining undetected for extended periods.
- The group leverages legitimate cloud services like Yandex Cloud for command-and-control (C2) and data exfiltration, blending in with normal traffic, and stages encrypted commands in social media profiles.
- APT31 employs a diverse arsenal of public and custom tools, including CloudyLoader, SharpADUserIP, Tailscale VPN, and unique backdoors like OneDriveDoor and VtChatter, to achieve persistence and exfiltrate sensitive data.

📰 The Hacker News | https://thehackernews.com/2025/11/china-linked-apt31-launches-stealthy.html

Matrix Push C2 Leverages Browser Notifications for Fileless Phishing 🎣

- A new command-and-control (C2) platform, Matrix Push C2, is being used by threat actors to conduct fileless, cross-platform phishing attacks via browser push notifications.
- Victims are socially engineered into allowing notifications, which then deliver fake alerts (e.g., suspicious logins, browser updates) with malicious links, effectively bypassing traditional security controls.
- Offered as a Malware-as-a-Service (MaaS) with tiered subscriptions, Matrix Push C2 includes configurable templates for impersonating brands and analytics, while separate research notes an uptick in legitimate DFIR tool Velociraptor misuse.

📰 The Hacker News | https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html

#CyberSecurity #ThreatIntelligence #ZeroDay #RCE #Oracle #APT31 #NationState #Phishing #Malware #C2 #CloudSecurity #IncidentResponse #InfoSec

{NEW} Chinese hackers are exploiting new SharePoint flaws—Microsoft links attacks to #APT27, #APT31 & Storm-2603.

They’re bypassing patches to steal MachineKeys via remote code execution.

The exploit chain is already in the wild. #CyberSecurity #CyberAttacks https://thehackernews.com/2025/07/microsoft-links-ongoing-sharepoint.html

🇨🇿 CZECHIA
🔴 Envoy Summoned Over Chinese Cyberattacks

🔸 Czech FM summoned China's ambassador over a long-running cyber campaign targeting foreign ministry networks.
🔸 Attacks traced to APT31, linked to China’s Ministry of State Security.
🔸 Minister Lipavsky warned such hostile acts could harm bilateral ties.

#Czechia #China #Cybersecurity #APT31 #Diplomacy

Czechy oskarżyły Chiny o cebyratak na MSZ

Wróbelki w DeepWeb ćwierkają, że atakujący przejęli dane z co najmniej jednego konta Microsoft Exchange. Oczywiście, nie mam jak tego potwierdzić.

https://wp.me/p3fv0T-hrh #Chiny #ChRL #hack #atak #Czechy #MSZ #APT31 #cyberbezpieczeństwo #POLECANE