Underpass near Generała Romualda Traugutta street, #Wroclaw

#streetart #urbanart #graffiti #rat #cheese #bicycle #urbex #Poland

Spear Phishing Campaign Delivers VIP Keylogger via Email Attachment

A sophisticated spear phishing campaign has been identified, distributing the VIP keylogger through email attachments. The malware is delivered via a ZIP file containing a malicious executable disguised as a PDF. Once executed, an AutoIt script drops two encrypted files, which are then decrypted and injected into RegSvcs.exe using process hollowing techniques. The VIP keylogger is designed to steal sensitive information by logging keystrokes, capturing credentials from popular web browsers, and monitoring clipboard activity. The campaign employs obfuscation techniques and maintains persistence through a VBS script in the Startup folder. The final payload exfiltrates data through SMTP and communicates with a command and control server.

Pulse ID: 688a355ead4c75a9701f25fd
Pulse Link: https://otx.alienvault.com/pulse/688a355ead4c75a9701f25fd
Pulse Author: AlienVault
Created: 2025-07-30 15:08:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Autoit #Browser #Clipboard #CyberSecurity #Email #InfoSec #KeyLogger #Malware #OTX #OpenThreatExchange #PDF #Phishing #RAT #SpearPhishing #VBS #ZIP #bot #AlienVault

Gunra Ransomware Group Unveils Efficient Linux Variant

Gunra ransomware, first observed in April 2025, has expanded its capabilities with a new Linux variant. This cross-platform move broadens the group's attack surface and demonstrates their intent to grow beyond their initial scope. The Linux variant features advanced capabilities, including parallel encryption with up to 100 threads, partial file encryption, and customizable encryption parameters. Since its emergence, Gunra has targeted enterprises across various countries and industries, including manufacturing, healthcare, IT, and agriculture. The group's tactics include data exfiltration and encryption, with a reported 40 terabytes of data leaked from a Dubai hospital. The Linux variant's sophisticated features, such as multi-threaded encryption and flexible configuration options, make it a formidable threat in the evolving ransomware landscape.

Pulse ID: 688a2dc61af534fff64727ec
Pulse Link: https://otx.alienvault.com/pulse/688a2dc61af534fff64727ec
Pulse Author: AlienVault
Created: 2025-07-30 14:35:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Encryption #Healthcare #Hospital #ICS #InfoSec #Linux #Manufacturing #OTX #OpenThreatExchange #RAT #RansomWare #bot #AlienVault

Targeted attacks leverage accounts on popular online platforms as C2 servers

A sophisticated cyberattack campaign targeted the Russian IT industry and other entities globally in late 2024. The attackers used social media profiles and popular websites to deliver payload information, bypassing detection methods. They employed spear phishing emails with malicious RAR archives, exploiting DLL hijacking techniques to deploy Cobalt Strike Beacon. The campaign used profiles on GitHub, Microsoft Learn Challenge, Quora, and Russian social networks to conceal activities. The attacks primarily focused on Russian companies but also affected organizations in China, Japan, Malaysia, and Peru. The complexity of the methods used highlights the evolving tactics of threat actors in concealing well-known tools and emphasizes the need for robust cybersecurity measures.

Pulse ID: 688a2f161490dbf0763365ef
Pulse Link: https://otx.alienvault.com/pulse/688a2f161490dbf0763365ef
Pulse Author: AlienVault
Created: 2025-07-30 14:41:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#China #CobaltStrike #CyberAttack #CyberSecurity #Email #GitHub #ICS #InfoSec #Japan #Microsoft #OTX #OpenThreatExchange #Phishing #RAT #Russia #SocialMedia #SpearPhishing #bot #AlienVault

#Klamme #Kasse

In #Niederkassel (zwischen #Bonn und #Köln)wurden #Automaten für #GratisHundekotbeutel abgeschafft, um #Geld zu sparen. Sehr zum #Ärger einiger #Hundebesitzer. Jetzt muss sich der #Rat der #Stadt nochmal mit den kleinen #Plastiktüten befassen.

#RheinSiegKreis #Niederkassel

Android Banking Trojan Targets Users with Phishing and RAT Capabilities

A sophisticated Android banking trojan dubbed RedHook, which disguises itself as legitimate applications from Vietnamese government and financial institutions to deceive users.

Pulse ID: 68897b00832dadc005079933
Pulse Link: https://otx.alienvault.com/pulse/68897b00832dadc005079933
Pulse Author: cryptocti
Created: 2025-07-30 01:53:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #ELF #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #Trojan #Vietnam #bot #cryptocti

Hackers Exploit SAP NetWeaver Vulnerability to Deploy Stealthy Auto-Color Linux Malware

Hackers exploited a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company.

Pulse ID: 6889742122e24d36a4d7de43
Pulse Link: https://otx.alienvault.com/pulse/6889742122e24d36a4d7de43
Pulse Author: cryptocti
Created: 2025-07-30 01:23:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberAttack #CyberSecurity #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RAT #Vulnerability #bot #cryptocti