Cybersec Sentinel

Gamaredon Revives Remcos RAT in Fileless LNK Shortcut Attacks

Gamaredon Revives Remcos RAT in Fileless LNK Shortcut Attacks

$Threat Group: Gamaredon (a.k.a. Primitive Bear, UAC‑0010/UAC‑0184, Hive0156) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: LNK shortcut execution, mshta abuse, PowerShell scripting, DLL sideloading Malware Used: Remcos RAT v6.0.0 Pro Threat Score: 🔴 High (7.5/10) – Due to fileless in-memory execution, sophisticated

Koske AI generated malware hides in panda images to mine cryptocurrency

Koske AI generated malware hides in panda images to mine cryptocurrency

Koske AI generated malware hides in panda images to mine cryptocurrency Threat actor: Unknown – opportunistic attackers exploiting misconfigured JupyterLab servers Threat type: AI‑assisted Linux malware for cryptomining Exploited weakness: Unauthenticated and misconfigured JupyterLab server exposure Malware used: Koske (rootkit and shell script), with associated miners such as ccminer Last

SquidLoader Reemerges with Stealth Upgrades in APAC Financial Attacks

SquidLoader Reemerges with Stealth Upgrades in APAC Financial Attacks

Threat Group: Unknown (APT-level sophistication suspected) Threat Type: Loader / Malware-as-a-Service (MaaS) Exploited Vulnerabilities: No specific CVE; exploits social engineering and security evasion Malware Used: SquidLoader, Cobalt Strike Beacon Threat Score: 🔴 High (8.4/10) – Highly evasive loader, zero-detection rate at launch, APT-style tradecraft, and persistent access via Cobalt Strike Last

CVE-2025-53770 and CVE-2025-53771 Abused in Active Attacks on On-Prem SharePoint

Vulnerabilities

CVE-2025-53770 and CVE-2025-53771 Abused in Active Attacks on On-Prem SharePoint

Threat Group: Linen Typhoon, Violet Typhoon, Storm-2603 Threat Type: Remote Code Execution & Spoofing Exploited Vulnerabilities: CVE-2025-53770 (RCE), CVE-2025-53771 (Spoofing) Malware Used: ToolShell (spinstall0.aspx) Threat Score: 🔴 High (8.0/10) – Active exploitation by nation-state actors, persistent access via cryptographic theft, and potential lateral movement across enterprise networks. Last Threat

Matanbuchus 3.0 Campaign Exploits Quick Assist and Teams for Initial Access

Matanbuchus 3.0 Campaign Exploits Quick Assist and Teams for Initial Access

Threat Group: ShadowSyndicate Threat Type: Malware Loader / Malware-as-a-Service (MaaS) Exploited Vulnerabilities: Social engineering of Microsoft Teams and Quick Assist trust Malware Used: Matanbuchus 3.0 Threat Score: ⛔ High (7.5/10) – Due to its advanced evasion capabilities, stealthy deployment, abuse of collaboration tools, and targeting of high-value enterprise environments. Last

Short-Lived Certs, Long-Term Security Let's Encrypt Secures IPs

Short-Lived Certs, Long-Term Security Let's Encrypt Secures IPs

By Cybersec Sentinel | July 6, 2025 Overview Let's Encrypt has launched IP address certificates as of July 1, 2025. These certificates allow secure, HTTPS connections directly to IP addresses without needing a domain name. This feature addresses long-standing gaps in encrypted communications for infrastructure where traditional domain-based certificates

Scattered Spider Shifts to Aviation, Retail, and Transport in Latest Campaigns

Scattered Spider Shifts to Aviation, Retail, and Transport in Latest Campaigns

Threat Group: Scattered Spider Threat Type: Cybercrime Group (Focused on Cloud Environments, Ransomware) Exploited Vulnerabilities: Azure Cross-Tenant Synchronization, Federated Identity Providers, Cloud Platforms Malware Used: AlphV ransomware, Spectre RAT Threat Score: 🔴 High (8.8/10) – Due to its sophisticated exploitation of cloud-based systems, privilege escalation methods, and use of advanced

CVE-2025-32463 Privilege Escalation in SUDO Triggers Urgent Linux Patching

CVE-2025-32463 Privilege Escalation in SUDO Triggers Urgent Linux Patching

Threat Group: General Operating System Threat Threat Type: Privilege Escalation Vulnerabilities Exploited Vulnerabilities: CVE-2025-32462, CVE-2025-32463, CVE-2025-46718 Malware Used: None Threat Score: 🔥 Critical (9.3/10) Last Threat Observation: July 1 , 2025 Overview Recent critical vulnerabilities have been identified in the sudo utility and its Rust-based counterpart, sudo-rs, posing significant threats

DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution

DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution

Threat Group: TAG-140 / SideCopy / Transparent Tribe (APT36) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: None directly; leverages social engineering and user execution vectors Malware Used: DRAT V2 (Delphi-compiled) with BroaderAspect.NET Loader Threat Score: 🟠 Elevated (6.5/10) – Due to its attribution to a state-aligned APT group, arbitrary shell