Cybersec Sentinel

NET-STAR Backdoor Exploits IIS Modules for Persistent Access

NET-STAR Backdoor Exploits IIS Modules for Persistent Access

Threat Group – Phantom Taurus (China-linked APT) Threat Type – In-process web server backdoor for IIS (.NET managed and native module tradecraft) Exploited Vulnerabilities – ViewState abuse via compromised ASP.NET machineKey, insecure file write to application bin directory, misconfigured IIS extensibility, weak CI/CD controls, stolen deployment credentials (no CVEs assigned at

LockBit 5.0 Variant Expands Attacks on Windows Linux and Virtual Infrastructure

LockBit 5.0 Variant Expands Attacks on Windows Linux and Virtual Infrastructure

Threat Group – LockBit operators Threat Type – Ransomware as a Service Exploited Vulnerabilities – Exposed remote access services, unpatched internet facing infrastructure, valid credential reuse, weak virtualisation hardening Malware Used – LockBit 5.0 Windows Linux and ESXi variants Threat Score – 7.5 🔴 High – Cross platform impact with ESXi targeting, rapid encryption, and

COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain

COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain

Threat Group – COLDRIVER Threat Type – Espionage malware and social engineering Exploited Vulnerabilities – User execution via ClickFix lure, abuse of rundll32, script execution and registry-based persistence (no CVEs assigned) Malware Used – BAITSWITCH downloader, SIMPLEFIX PowerShell backdoor, LOSTKEYS VBS payload, SPICA backdoor Threat Score – 8.2 🔴 High Last Threat Observation – 25 September

ShadowV2 Botnet Builds Cloud Scale Attacks from Exposed Docker APIs

ShadowV2 Botnet Builds Cloud Scale Attacks from Exposed Docker APIs

Threat Group – ShadowV2 operators cybercrime as a service actors Threat Type – DDoS as a Service and botnet Exploited Vulnerabilities – Publicly exposed or unauthenticated Docker daemon APIs on cloud hosts, weak network segmentation, deficient egress controls, inadequate governance of infrastructure as code Malware Used – Python based spreader and control scripts, Go

Windows BitLocker flaw CVE-2025-54911 raises concerns for unpatched systems

Windows BitLocker

Windows BitLocker flaw CVE-2025-54911 raises concerns for unpatched systems

In Microsoft’s September 2025 Patch Tuesday release, one of the more notable fixes addressed a vulnerability in Windows BitLocker tracked as CVE-2025-54911. While it doesn’t compromise the encryption that BitLocker is known for, it does open the door for attackers who already have a foothold on a machine

Fileless EggStreme Malware Campaign Attributed to Chinese APT Against Military Organisations

Malware, EggStreme, Fileless Malware, DLL Sideloading, Espionage, APT

Fileless EggStreme Malware Campaign Attributed to Chinese APT Against Military Organisations

Threat Group – China-based APT actors Threat Type – Fileless malware and espionage backdoor Exploited Vulnerabilities – DLL sideloading, fileless memory injection (no CVEs assigned) Malware Used – EggStremeFuel, EggStremeLoader, EggStremeReflectiveLoader, EggStremeAgent, EggStremeKeylogger, EggStremeWizard Threat Score – 8.0 🔴 High Last Threat Observation – 11 September 2025 Overview A newly discovered espionage framework named EggStreme has

MostereRAT Expands Post-Exploitation with Remote Access Software

MostereRAT, Remote Access Trojan, AnyDesk, TightVNC, Phishing

MostereRAT Expands Post-Exploitation with Remote Access Software

Threat Group – Unknown Threat Type – Remote Access Trojan with remote administration tool deployment Exploited Vulnerabilities – Phishing vectors, TightVNC privilege escalation CVE-2023-27830 Malware Used – MostereRAT Threat Score – 7.8 🔴 High Last Threat Observation – 9 September 2025 Overview A phishing campaign uncovered by Fortinet on 9 September 2025 is distributing MostereRAT, a

Unknown Actors Launch High Severity NPM Supply Chain Malware Attack

SupplyChain, Malware, OpenSource, NPM, Phishing

Unknown Actors Launch High Severity NPM Supply Chain Malware Attack

Threat Group – Unknown criminal actors via phishing campaign Threat Type – Supply-Chain Attack / Malware Injection Exploited Vulnerabilities – Phishing via typosquatted domain, credential theft, token misuse Malware Used – Crypto-wallet address swap, WebSocket-based backdoor, Scavenger infostealer Threat Score – 7.5 🔴 High – Advanced targeted attack on trusted dev ecosystem; widespread impact and high stealth

Plex users urged to reset passwords after database compromise

Breach, Article, news, Plex

Plex users urged to reset passwords after database compromise

Threat Group – Unknown threat actor Threat Type – Data Breach / Account Compromise Exploited Vulnerabilities – Unauthorised access to Plex authentication database Malware Used – None confirmed Threat Score – 🔴 7.5 High – Large-scale exposure of account credentials with password reuse risks Last Threat Observation – 8 September 2025 Overview On 8 September 2025, Plex confirmed