Author: Admin
The GitHub “TJ-Actions/Changer-Files” chain attack began as a highly assault on one of the open source Coinbase projects before turning into something wider in the sphere. “The useful load was focused on using the public flow CI/CD one of its open source projects – Agentkit, probably for the use of it for further compromises,” Palo Alto Networks 42 division 42 – Note In the report. “However, the attacker was unable to use Coinbase’s secrets or to publish packages.” A incident It was born on March 14, 2025, when it was established that “TJ-Actions/Change-Files” were compromised in an injection code that…
March 22, 2025Red LakshmananFinancial Security / Cryptocurrency The US Treasury Department has announced that it removes sanctions against the cash tornado, the Mixer Service, which is accused of assistance in North Korea related to the Lazar group to wash their poor revenue. “Based on the consideration of the administration of new legal and political issues that arise through financial sanctions against financial and commercial activities that take place within developing technologies and legal conditions, we expressed our opinion on the removal of economic sanctions against the tornado,” Treasury, “Treasury” – Note In a statement. Combined with the movement ended 100…
March 21, 2025Red LakshmananMalicious software / cyber -ataka Two well -known clusters by threats called cadence -headed goals, and twelve, probably united their strength to target Russian formations, new results are revealed. “The main mare has greatly relied on the twelve -related tools. In addition – Note. “This suggests that potential cooperation and joint companies between two groups.” Both Head of mare and Twelve Previously, Caspersorski was recorded in September 2024, and the former vulnerability was used in Winrar (CVE-2023-3831) to obtain the initial access and delivery of malicious programs, and in some cases, even families of ransom, such as…
March 21, 2025Red LakshmananHunting the threat / vulnerability The threatening scaffolds have discovered a new threatening actor called UAT-5918, which attacks Taiwan in Taiwan’s critical infrastructure since at least 2023. “Uat-5918, actor threats that are believed – Note. In addition to critical infrastructure, some other targeted verticals include information technology, telecommunications, academies and health care. Say uat-5918 is said Volts typhoon. Flax typhoon. Tropical landing. Land estriaand Dalbit. The attack networks organized by the group provides for its initial access, using the N-day security deficiencies in unprocessed Internet servers and applications that are exposed to the Internet. The fixing is…
March 21, 2025Red LakshmananRansomware / Byovd The threats of the actors standing for Jellyfish Operation Ransomware-How Service (RAAS) was observed with the help of a malicious driver called Abrasion Bring your own vulnerable driver (Byovd) An attack intended for disconnecting anti-sanatorium tools. Elastic security laboratories said she observed an attack on Medusa’s ransom, which delivered a slate with a loader packaged using a Packer-A-A-Service (PAAS) called Heartcrypt. “This loader was deployed together with a recalled driver signed by a Chinese provider we called Abyssworker, which he sets by the victim’s car and then uses the purpose and silence of various…
March 21, 2025Red LakshmananCybercrime / Cyber -Spy Chinese Group advanced permanent threat (APT). known as Water panda It was associated with a “global spy company”, which took place in 2022, aimed at seven organizations. These organizations include governments, Catholic charities, non -governmental organizations (NGOs), as well as analytical centers across Taiwan, Hungary, Turkey, Thailand, France and the USA. The activity, which took place within 10 months between January to October 2022, was named Eset Fishmedley. “Operators used implants-back, Shadowpad, Sodamaster and Spyder-which are common or exclusive – Note In the analysis. Water pandaIt is also called a bronze university, charcoal,…
March 21, 2025Red LakshmananCyber -aataka / vulnerability According to the two deficiencies affecting Sans Internet Storm Center. A Two vulnerabilities of a critical evaluation over the question given below – Cve-2024-20439 (CVSS assessment: 9.8) – Having undocumented static account users for an administrative account that the attacker could use to enter the affected system Cve-2024-20440 (CVSS assessment: 9.8) – a vulnerability that arises from -wit the excessively long -word debug log that can apply to access such files by means of a http request and get credentials that can be used to access API Successful exploitation of disadvantages can allow…
March 20, 2025Red LakshmananAnalysis of malicious programs / threats Video on YouTube that promote cheats games Concea Probably focusing on Russian users. “What is intriguing in this malicious program is how much it collects,” Caspersorsky – Note In the analysis. “It seizes information about VPN and gaming customers, as well as all kinds of network utilities such as NGROK, Playit, CyberDuck, Filezilla and Dyndns.” The attack networks provide for the sharing of the links to the archive, protected by the password on the YouTube video, which at the opening unpack the bath.bat package, which is responsible for obtaining another archive…
March 20, 2025Red LakshmananCybersecurity / vulnerability Agency for cybersecurity and US infrastructure (CISA) has added Lack of safety at high speed affectingShip) Catalog, citing evidence of active exploitation. The vulnerability in question is the CVE-2024-48248 (CVSS: 8.6), an absolute traverse mistake that can allow you to read files on the target host, including sensitives, such as “/etc/shadow” through the endpoint “/c/rm.”. This affects all versions of the software to version 10.11.3.86570. “Backup and replication Nakivo contains the absolute path of vulnerability that allows the attackers to read arbitrary files,” Cisa said in the advisory. Successful lack of lack can allow…
March 20, 2025Red LakshmananUpdate vulnerability / software Veeam has released security updates to address a critical security deficiency that affects its backup software and replication, which can lead to the remote code. Vulnerability tracked as Cve-2025-23120Carries CVSS 9.9 out of 10.0. This affects 12.3.0.310 and all previous versions 12. “The vulnerability that allows you – Note in a consultation released on Wednesday. Petr Basidlo Safety Researcher with Watchtowr was credited and the shortage report, which was resolved in version 12.3.1 (collection 12.3.1139). According to Bazydlo and Researcher Sina Hirha, CVE-2025-23120 stems from the inconspicuous management of the VEEAM desserization mechanism,…