Cybersec Sentinel - Cybersec Sentinel

Cybersec Sentinel

Cybersec Sentinel: 30+ years of IT expertise, delivering clear, actionable cyber security insights.

CVE-2025-32463 Privilege Escalation in SUDO Triggers Urgent Linux Patching

CVE-2025-32463 Privilege Escalation in SUDO Triggers Urgent Linux Patching

Threat Group: General Operating System Threat Threat Type: Privilege Escalation Vulnerabilities Exploited Vulnerabilities: CVE-2025-32462, CVE-2025-32463, CVE-2025-46718 Malware Used: None Threat Score: 🔥 Critical (9.3/10) Last Threat Observation: July 1 , 2025 Overview Recent critical vulnerabilities have been identified in the sudo utility and its Rust-based counterpart, sudo-rs, posing significant threats

DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution

DRAT V2 TAG-140 Bypasses Perimeter Defenses Using Social Engineering and mshta Execution

Threat Group: TAG-140 / SideCopy / Transparent Tribe (APT36) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: None directly; leverages social engineering and user execution vectors Malware Used: DRAT V2 (Delphi-compiled) with BroaderAspect.NET Loader Threat Score: 🟠 Elevated (6.5/10) – Due to its attribution to a state-aligned APT group, arbitrary shell

Amatera Stealer Launches Sophisticated Multi-Stage Attacks via ClearFake

Amatera Stealer Launches Sophisticated Multi-Stage Attacks via ClearFake

Threat Type: Infostealer malware (Malware-as-a-Service) Exploited Vulnerabilities: CVE-2024-21412 (SmartScreen Bypass), user execution via ClearFake+ClickFix, EtherHiding Malware Used: Amatera Stealer (formerly ACR Stealer) Threat Score: 🔴 High (8.0/10) – Evasive, persistent, dynamically updated MaaS platform with novel C2 and shellcode tactics. Last Threat Observation: June 19, 2025 Overview Amatera Stealer

Fog Ransomware Returns with Expanded Toolset and Enterprise Focus

Fog Ransomware Returns with Expanded Toolset and Enterprise Focus

Threat Group: Unknown (Closed group suspected) Threat Type: Ransomware with espionage-like capabilities Exploited Vulnerabilities: SonicWall VPN (CVE-2024-40766), Veeam RCE (CVE-2024-40711), possible Exchange vulnerabilities Malware Used: Fog Ransomware, Syteca (Ekran) client, Adaptix Beacon, GC2, Stowaway, 7-Zip, MegaSync Threat Score: 🔴 High (8.0/10) – Due to advanced persistence techniques, espionage-style data theft,

FIN6 Skeleton Spider Escalates Enterprise Threats with More_eggs Campaigns

FIN6 Skeleton Spider Escalates Enterprise Threats with More_eggs Campaigns

Threat Group: Skeleton Spider (aka FIN6, Gold Franklin, ITG08, TAAL, Camouflage Tempest, ATK88, MageCart Group 6, TA4557, White Giant) Threat Type: Cybercrime Syndicate Exploited Vulnerabilities: Credential theft, social engineering, cloud abuse (AWS, GoDaddy), PoS exploitation (historical) Malware Used: More_eggs (MaaS by Golden Chickens/Venom Spider), historical: Trinity, FrameworkPOS, Ryuk,

BADBOX 2.0 Botnet Weaponizes Uncertified Devices for Proxies, Fraud, and Credential Theft

BADBOX 2.0 Botnet Weaponizes Uncertified Devices for Proxies, Fraud, and Credential Theft

Threat Group: SalesTracker Group, MoYu Group, Lemon Group, LongTV Threat Type: Android Malware Botnet Exploited Vulnerabilities: Supply chain compromises, malicious third-party apps, uncertified Android devices Malware Used: BB2DOOR (variant of Triada) Threat Score: 🔥 Critical (9.1/10) Last Threat Observation: June 7, 2025 Overview BADBOX 2.0 is a critical

Sandworm Launches Stealth Attack with PathWiper Malware Against Ukraine’s Critical Networks

Sandworm Launches Stealth Attack with PathWiper Malware Against Ukraine’s Critical Networks

Threat Group: Sandworm (APT44 / Seashell Blizzard / Iridium / Voodoo Bear) Threat Type: Wiper Malware Exploited Vulnerabilities: Abuse of legitimate endpoint administration frameworks (initial access suspected via phishing, credential harvesting, or exploitation of edge infrastructure) Malware Used: PathWiper Threat Score: 🔥 Critical (9.1/10) – Due to targeted data destruction across infrastructure, stealthy

Crocodilus Android Malware Emerges as Top-Tier Threat to Banking and Crypto Apps

Crocodilus Android Malware Emerges as Top-Tier Threat to Banking and Crypto Apps

Threat Group: Potentially linked to "sybra" Threat Type: Android Banking Trojan Exploited Vulnerabilities: Abuse of Android Accessibility Services, Android 13+ "Restricted Settings" bypass Malware Used: Crocodilus (variant: Pragma) Threat Score: 🔥 Critical (9.1/10) – Due to advanced obfuscation, bypass of Android protections, cryptocurrency seed collection, and

Acreed Infostealer Becomes Top Credential Theft Tool After Lumma Takedown

Acreed Infostealer Becomes Top Credential Theft Tool After Lumma Takedown

Threat Group: Unknown (Emerging actors on Russian Market) Threat Type: Infostealer Malware Exploited Vulnerabilities: Phishing, Malvertising, SEO Poisoning, ClickFix social engineering, AI-generated deception, DLL-SideLoading Malware Used: Acreed Infostealer Threat Score: 🔴 High (7.8/10) – Rapid adoption, advanced session token theft, and critical infrastructure targeting Last Threat Observation: June 4, 2025

EDDIESTEALER Infostealer Targets Windows Systems with Fake CAPTCHA Campaigns

EDDIESTEALER Infostealer Targets Windows Systems with Fake CAPTCHA Campaigns

Threat Group: Unknown Threat Type: Infostealer Malware Exploited Vulnerabilities: None (Relies on social engineering and fake CAPTCHA delivery) Malware Used: EDDIESTEALER Threat Score: 🔴 High (7.8/10) – Due to its novel Rust implementation, evasive delivery methods, and rapid credential exfiltration techniques. Last Threat Observation: May 30, 2025 Overview EDDIESTEALER is