The Threat Codex4d ago
Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape
#CVE_2024_21762 #CVE_2021_27877 #CVE_2021_27878 #CVE_2021_40539 #CVE_2024_55591 #CVE_2019_6693 #CVE_2024_40766 #CVE_2023_4966 #CVE_2025_53771 #CVE_2025_53770 #CVE_2025_31324 #CVE_2024_3400 #CVE_2025_31161 #QilinGroup #QilinRansomware #Akira #REDBIKE #Cl0p #PLAY #SafePay #INCRansomware #RansomHub #DragonForce #UNC6016 #UNC2465
https://cloud.google.com/blog/topics/threat-intelligence/ransomware-ttps-shifting-threat-landscape/
Ransomware Tactics, Techniques, and Procedures in a Shifting Threat Landscape | Google Cloud Blog

An overview of the ransomware landscape and common TTPs directly observed in 2025 ransomware incidents.

Google Cloud Blog
The Threat CodexFeb 27, 2025
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
#BlackBastaGroup #CVE_2023_6875 #CVE_2024_3400 #CVE_2024_27198 #CVE_2024_24919 #CVE_2024_23897 #CVE_2024_1709 #CVE_2023_4966 #CVE_2023_42793 #CVE_2023_36845 #CVE_2023_36844 #CVE_2023_29357 #CVE_2023_22515 #CVE_2023_20198 #CVE_2022_41082 #CVE_2022_41040 #CVE_2022_37042 #CVE_2022_30525 #CVE_2022_27925 #CVE_2022_26134 #CVE_2022_22965 #CVE_2022_1388 #CVE_2021_44228 #CVE_2021_26855
https://www.greynoise.io/blog/greynoise-detects-active-exploitation-cves-black-bastas-leaked-chat-logs
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs

Ransomware group Black Basta’s chat logs were leaked, revealing 62 mentioned CVEs. GreyNoise identified 23 of these CVEs as actively exploited, with some targeted in the last 24 hours.

Taggart Nov 2, 2023
Full list of all known #CitrixBleed exploiters, care of @GossiTheDog and @greynoise.

https://viz.greynoise.io/query?gnql=tags%3A%22Citrix%20ADC%20Netscaler%20CVE-2023-4966%20Information%20Disclosure%20Attempt%22

#CVE_2023_4966
Konstantin Oct 27, 2023

@simontsui Good question. It's not that simple :)

I agree with all of your observations. Personally, I like #CVE_2023_4966 the best for readability.

The cvecrowd crawler searches for #CVE20234966, #CVE2023_4966, #CVE_20234966, #CVE_2023_4966 just to not miss anything. However, the thing that makes it complicated is searching for the hashtags used. There are too many CVE numbers to search for all of them regularly.

When searching for #CVE results do not include ANY of the above formats. Ironically, what it does find is #CVE-2023-4966.

In addition to hashtags, I also use full text search. When searching for "CVE" it finds CVE-2023-4966, but not when its written as a hashtag.

So a reliable way to get my crawler to find CVE posts is to use either the word "CVE", perhaps in combination with a CVE ID as described above, or the hashtag #CVE.

Taggart Oct 26, 2023
Apparently #CVE_2023_4966 is "undergoing reanalysis." Wonder if it'll be higher or lower... 👀

https://nvd.nist.gov/vuln/detail/CVE-2023-4966
NVD - CVE-2023-4966

KyanHexagonOct 25, 2023

POC for CVE-2023-4966 - Info disclosure in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).

https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966

Related blog post: https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966

#pentesting #redteam #hacking #CVE_2023_4966 #CVE_2023_4966 #CVE20234966

exploits/citrix/CVE-2023-4966 at main · assetnote/exploits

Repository to store exploits created by Assetnotes Security Research team - assetnote/exploits

GitHub