Cybersec Sentinel

Short-Lived Certs, Long-Term Security Let's Encrypt Secures IPs

Short-Lived Certs, Long-Term Security Let's Encrypt Secures IPs

By Cybersec Sentinel | July 6, 2025 Overview Let's Encrypt has launched IP address certificates as of July 1, 2025. These certificates allow secure, HTTPS connections directly to IP addresses without needing a domain name. This feature addresses long-standing gaps in encrypted communications for infrastructure where traditional domain-based certificates

Scattered Spider Shifts to Aviation, Retail, and Transport in Latest Campaigns

Scattered Spider Shifts to Aviation, Retail, and Transport in Latest Campaigns

Threat Group: Scattered Spider Threat Type: Cybercrime Group (Focused on Cloud Environments, Ransomware) Exploited Vulnerabilities: Azure Cross-Tenant Synchronization, Federated Identity Providers, Cloud Platforms Malware Used: AlphV ransomware, Spectre RAT Threat Score: 🔴 High (8.8/10) – Due to its sophisticated exploitation of cloud-based systems, privilege escalation methods, and use of advanced

CVE-2025-32463 Privilege Escalation in SUDO Triggers Urgent Linux Patching

CVE-2025-32463 Privilege Escalation in SUDO Triggers Urgent Linux Patching

Threat Group: General Operating System Threat Threat Type: Privilege Escalation Vulnerabilities Exploited Vulnerabilities: CVE-2025-32462, CVE-2025-32463, CVE-2025-46718 Malware Used: None Threat Score: 🔥 Critical (9.3/10) Last Threat Observation: July 1 , 2025 Overview Recent critical vulnerabilities have been identified in the sudo utility and its Rust-based counterpart, sudo-rs, posing significant threats

DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution

DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution

Threat Group: TAG-140 / SideCopy / Transparent Tribe (APT36) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: None directly; leverages social engineering and user execution vectors Malware Used: DRAT V2 (Delphi-compiled) with BroaderAspect.NET Loader Threat Score: 🟠 Elevated (6.5/10) – Due to its attribution to a state-aligned APT group, arbitrary shell

Amatera Stealer Launches Sophisticated Multi-Stage Attacks via ClearFake

Amatera Stealer Launches Sophisticated Multi-Stage Attacks via ClearFake

Threat Type: Infostealer malware (Malware-as-a-Service) Exploited Vulnerabilities: CVE-2024-21412 (SmartScreen Bypass), user execution via ClearFake+ClickFix, EtherHiding Malware Used: Amatera Stealer (formerly ACR Stealer) Threat Score: 🔴 High (8.0/10) – Evasive, persistent, dynamically updated MaaS platform with novel C2 and shellcode tactics. Last Threat Observation: June 19, 2025 Overview Amatera Stealer

Fog Ransomware Returns with Expanded Toolset and Enterprise Focus

Fog Ransomware Returns with Expanded Toolset and Enterprise Focus

Threat Group: Unknown (Closed group suspected) Threat Type: Ransomware with espionage-like capabilities Exploited Vulnerabilities: SonicWall VPN (CVE-2024-40766), Veeam RCE (CVE-2024-40711), possible Exchange vulnerabilities Malware Used: Fog Ransomware, Syteca (Ekran) client, Adaptix Beacon, GC2, Stowaway, 7-Zip, MegaSync Threat Score: 🔴 High (8.0/10) – Due to advanced persistence techniques, espionage-style data theft,

FIN6 Skeleton Spider Escalates Enterprise Threats with More_eggs Campaigns

FIN6 Skeleton Spider Escalates Enterprise Threats with More_eggs Campaigns

Threat Group: Skeleton Spider (aka FIN6, Gold Franklin, ITG08, TAAL, Camouflage Tempest, ATK88, MageCart Group 6, TA4557, White Giant) Threat Type: Cybercrime Syndicate Exploited Vulnerabilities: Credential theft, social engineering, cloud abuse (AWS, GoDaddy), PoS exploitation (historical) Malware Used: More_eggs (MaaS by Golden Chickens/Venom Spider), historical: Trinity, FrameworkPOS, Ryuk,

BADBOX 2.0 Botnet Weaponizes Uncertified Devices for Proxies, Fraud, and Credential Theft

BADBOX 2.0 Botnet Weaponizes Uncertified Devices for Proxies, Fraud, and Credential Theft

Threat Group: SalesTracker Group, MoYu Group, Lemon Group, LongTV Threat Type: Android Malware Botnet Exploited Vulnerabilities: Supply chain compromises, malicious third-party apps, uncertified Android devices Malware Used: BB2DOOR (variant of Triada) Threat Score: 🔥 Critical (9.1/10) Last Threat Observation: June 7, 2025 Overview BADBOX 2.0 is a critical

Sandworm Launches Stealth Attack with PathWiper Malware Against Ukraine’s Critical Networks

Sandworm Launches Stealth Attack with PathWiper Malware Against Ukraine’s Critical Networks

Threat Group: Sandworm (APT44 / Seashell Blizzard / Iridium / Voodoo Bear) Threat Type: Wiper Malware Exploited Vulnerabilities: Abuse of legitimate endpoint administration frameworks (initial access suspected via phishing, credential harvesting, or exploitation of edge infrastructure) Malware Used: PathWiper Threat Score: 🔥 Critical (9.1/10) – Due to targeted data destruction across infrastructure, stealthy

Crocodilus Android Malware Emerges as Top-Tier Threat to Banking and Crypto Apps

Crocodilus Android Malware Emerges as Top-Tier Threat to Banking and Crypto Apps

Threat Group: Potentially linked to "sybra" Threat Type: Android Banking Trojan Exploited Vulnerabilities: Abuse of Android Accessibility Services, Android 13+ "Restricted Settings" bypass Malware Used: Crocodilus (variant: Pragma) Threat Score: 🔥 Critical (9.1/10) – Due to advanced obfuscation, bypass of Android protections, cryptocurrency seed collection, and