Cybersec Sentinel

Cybersec Sentinel

Cybersec Sentinel: 30+ years of IT expertise, delivering clear, actionable cyber security insights.
CVE-2025-32463 Privilege Escalation in SUDO Triggers Urgent Linux Patching
Linux

CVE-2025-32463 Privilege Escalation in SUDO Triggers Urgent Linux Patching

Threat Group: General Operating System Threat Threat Type: Privilege Escalation Vulnerabilities Exploited Vulnerabilities: CVE-2025-32462, CVE-2025-32463, CVE-2025-46718 Malware Used: None Threat Score: πŸ”₯ Critical (9.3/10) Last Threat Observation: July 1 , 2025 Overview Recent critical vulnerabilities have been identified in the sudo utility and its Rust-based counterpart, sudo-rs, posing significant threats
3 min read
DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution
Malware

DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution

Threat Group: TAG-140 / SideCopy / Transparent Tribe (APT36) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: None directly; leverages social engineering and user execution vectors Malware Used: DRAT V2 (Delphi-compiled) with BroaderAspect.NET Loader Threat Score: 🟠 Elevated (6.5/10) – Due to its attribution to a state-aligned APT group, arbitrary shell
2 min read
Amatera Stealer Launches Sophisticated Multi-Stage Attacks via ClearFake

Amatera Stealer Launches Sophisticated Multi-Stage Attacks via ClearFake

Threat Type: Infostealer malware (Malware-as-a-Service) Exploited Vulnerabilities: CVE-2024-21412 (SmartScreen Bypass), user execution via ClearFake+ClickFix, EtherHiding Malware Used: Amatera Stealer (formerly ACR Stealer) Threat Score: πŸ”΄ High (8.0/10) – Evasive, persistent, dynamically updated MaaS platform with novel C2 and shellcode tactics. Last Threat Observation: June 19, 2025 Overview Amatera Stealer
3 min read
Fog Ransomware Returns with Expanded Toolset and Enterprise Focus
Ransomware

Fog Ransomware Returns with Expanded Toolset and Enterprise Focus

Threat Group: Unknown (Closed group suspected) Threat Type: Ransomware with espionage-like capabilities Exploited Vulnerabilities: SonicWall VPN (CVE-2024-40766), Veeam RCE (CVE-2024-40711), possible Exchange vulnerabilities Malware Used: Fog Ransomware, Syteca (Ekran) client, Adaptix Beacon, GC2, Stowaway, 7-Zip, MegaSync Threat Score: πŸ”΄ High (8.0/10) – Due to advanced persistence techniques, espionage-style data theft,
3 min read
FIN6 Skeleton Spider Escalates Enterprise Threats with More_eggs Campaigns
Malware

FIN6 Skeleton Spider Escalates Enterprise Threats with More_eggs Campaigns

Threat Group: Skeleton Spider (aka FIN6, Gold Franklin, ITG08, TAAL, Camouflage Tempest, ATK88, MageCart Group 6, TA4557, White Giant) Threat Type: Cybercrime Syndicate Exploited Vulnerabilities: Credential theft, social engineering, cloud abuse (AWS, GoDaddy), PoS exploitation (historical) Malware Used: More_eggs (MaaS by Golden Chickens/Venom Spider), historical: Trinity, FrameworkPOS, Ryuk,
3 min read
Sandworm Launches Stealth Attack with PathWiper Malware Against Ukraine’s Critical Networks
Malware

Sandworm Launches Stealth Attack with PathWiper Malware Against Ukraine’s Critical Networks

Threat Group: Sandworm (APT44 / Seashell Blizzard / Iridium / Voodoo Bear) Threat Type: Wiper Malware Exploited Vulnerabilities: Abuse of legitimate endpoint administration frameworks (initial access suspected via phishing, credential harvesting, or exploitation of edge infrastructure) Malware Used: PathWiper Threat Score: πŸ”₯ Critical (9.1/10) – Due to targeted data destruction across infrastructure, stealthy
3 min read
Acreed Infostealer Becomes Top Credential Theft Tool After Lumma Takedown
Infosteeler

Acreed Infostealer Becomes Top Credential Theft Tool After Lumma Takedown

Threat Group: Unknown (Emerging actors on Russian Market) Threat Type: Infostealer Malware Exploited Vulnerabilities: Phishing, Malvertising, SEO Poisoning, ClickFix social engineering, AI-generated deception, DLL-SideLoading Malware Used: Acreed Infostealer Threat Score: πŸ”΄ High (7.8/10) – Rapid adoption, advanced session token theft, and critical infrastructure targeting Last Threat Observation: June 4, 2025
4 min read