Cybersec Sentinel

Infostealer FormBook Exploits Phishing to Steal Credentials and Deploy Malware

Infostealer FormBook Exploits Phishing to Steal Credentials and Deploy Malware

Threat Group: Multiple Threat Actors (Malware as a Service) Threat Type: Infostealer / Downloader / Trojan Exploited Vulnerabilities: Primarily relies on social engineering and malicious attachments. Occasionally used to deliver secondary payloads that exploit known CVEs. Malware Used: FormBook (rebranded as XLoader) Threat Score: 🔴 High (8.0/10) due to extensive use

PE32 Ransomware Operators Leverage RDP and Phishing to Breach Enterprise Systems

PE32 Ransomware Operators Leverage RDP and Phishing to Breach Enterprise Systems

Threat Group: - Dmc Threat Type: - Ransomware Exploited Vulnerabilities: - None identified (Phishing and RDP compromise suspected) Malware Used: - PE32 Ransomware Threat Score: - 🔴 High (7.5/10) – Due to Telegram-based C2, data exfiltration, and rapid file encryption Last Threat Observation: - 23 April 2025 Overview PE32 ransomware

Earth Bluecrow Deploys BPFDoor Backdoor to Target Asia and Middle East Infrastructure

Earth Bluecrow Deploys BPFDoor Backdoor to Target Asia and Middle East Infrastructure

Threat Group: - Earth Bluecrow (also known as Red Menshen, DecisiveArchitect, and Red Dev 18) Threat Type: - Backdoor Malware Exploited Vulnerabilities: - None (leverages BPF and raw sockets for firewall evasion and passive packet monitoring) Malware Used: - BPFDoor (aka Backdoor.Linux.BPFDOOR or JustForFun) Threat Score: - 🔴 High

Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG

Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG

Threat Group: APT41 (RedGolf, BrazenBamboo, Grayfly, Wicked Panda) Threat Type: APT, Malware, Backdoor Exploited Vulnerabilities: CVE-2023-48788 (FortiClient EMS), CVE-2022-40684 (FortiOS/FortiProxy/FortiSwitchManager) Malware Used: KEYPLUG (Windows and Linux variants), DEEPDATA (distinct APT41 toolset) Threat Score: 🔥 Critical (8.8/10) – Due to threat actor sophistication, vulnerability severity, and cross-platform malware capabilities.

Active Exploitation of NTLM Hash Theft in Windows via CVE-2025-24054

Vulnerabilities

Active Exploitation of NTLM Hash Theft in Windows via CVE-2025-24054

Threat Group: Unattributed (suspected infrastructure overlap with APT28); prior similar CVE exploited by UAC-0194 and Blind Eagle (APT-C-36) Threat Type: NTLM Hash Theft, Relay Attack Vector Exploited Vulnerabilities: CVE-2025-24054 (NTLM Hash Disclosure via .library-ms), variant of CVE-2024-43451 Malware Used: None directly tied; secondary payloads possible (RATs, e.g., SparkRAT in

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Threat Group – Individuals using the aliases ABOLHB and Rino, operating as the Mason Team / FreeMasonry group and distributing the malware through a freemium Malware‑as‑a‑Service model. Threat Type – Remote Access Trojan with credential theft, ransomware, destructive wipe, and clipboard hijacking plug‑ins. Exploited Vulnerabilities – Social‑engineering of users

PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS

PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS

Threat Group: Storm-2460 Threat Type: Modular Malware, Zero-Day Exploitation, Ransomware Deployment Exploited Vulnerabilities: CVE-2025-29824 (CLFS Use-After-Free), CVE-2025-24983 (Win32k Use-After-Free), CVE-2023-28252 (CLFS Out-of-Bounds Write) Malware Used: PipeMagic Trojan Threat Score: 8.4/10 – 🔴 High (due to exploitation of multiple zero-days, advanced evasion techniques, and association with ransomware families like RansomEXX and

Beyond WormGPT – Offline Xanthorox AI Platform Enables Multimodal Cyberattacks

Beyond WormGPT – Offline Xanthorox AI Platform Enables Multimodal Cyberattacks

Threat Group - Unknown Cybercrime Syndicates Threat Type - Malicious AI Platform Exploited Vulnerabilities - None (Self-contained toolkit) Malware Used - Xanthorox Coder output (various strains) Threat Score - 🔥 Critical (9.5/10) – Due to its offline operation, modular architecture, and use by threat actors as an advanced AI-based hacking

Malicious SVG Attachments Bypass Email Filters in Widespread Phishing Campaigns

Malicious SVG Attachments Bypass Email Filters in Widespread Phishing Campaigns

Threat Group: Multiple cybercriminal organizations Threat Type: Phishing, Malware Delivery Exploited Vulnerabilities: Misuse of Scalable Vector Graphics (SVG) file capabilities Malware Used: Agent Tesla Keylogger, XWorm Remote Access Trojan (RAT), QakBot Threat Score: 🔴 High (8.4/10) – Due to its ability to bypass traditional security measures, widespread distribution, and potential

PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps

PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps

Threat Group: Unattributed (Historically linked to SideCopy) Threat Type: Remote Access Trojan (Android RAT) Exploited Vulnerabilities: Social Engineering, Compromised WordPress Sites Malware Used: PJobRAT (latest variant with shell command execution) Threat Score: 🔴 High (8.3/10) – Due to persistence, enhanced capabilities, and deception-based delivery Last Threat Observation: October 2024 (per