Cybersec Sentinel - Cybersec Sentinel (Page 2)

Cybersec Sentinel

Cybersec Sentinel: 30+ years of IT expertise, delivering clear, actionable cyber security insights.

Active Exploitation of NTLM Hash Theft in Windows via CVE-2025-24054

Vulnerabilities

Active Exploitation of NTLM Hash Theft in Windows via CVE-2025-24054

Threat Group: Unattributed (suspected infrastructure overlap with APT28); prior similar CVE exploited by UAC-0194 and Blind Eagle (APT-C-36) Threat Type: NTLM Hash Theft, Relay Attack Vector Exploited Vulnerabilities: CVE-2025-24054 (NTLM Hash Disclosure via .library-ms), variant of CVE-2024-43451 Malware Used: None directly tied; secondary payloads possible (RATs, e.g., SparkRAT in

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Threat Group – Individuals using the aliases ABOLHB and Rino, operating as the Mason Team / FreeMasonry group and distributing the malware through a freemium Malware‑as‑a‑Service model. Threat Type – Remote Access Trojan with credential theft, ransomware, destructive wipe, and clipboard hijacking plug‑ins. Exploited Vulnerabilities – Social‑engineering of users

PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS

PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS

Threat Group: Storm-2460 Threat Type: Modular Malware, Zero-Day Exploitation, Ransomware Deployment Exploited Vulnerabilities: CVE-2025-29824 (CLFS Use-After-Free), CVE-2025-24983 (Win32k Use-After-Free), CVE-2023-28252 (CLFS Out-of-Bounds Write) Malware Used: PipeMagic Trojan Threat Score: 8.4/10 – 🔴 High (due to exploitation of multiple zero-days, advanced evasion techniques, and association with ransomware families like RansomEXX and

Beyond WormGPT – Offline Xanthorox AI Platform Enables Multimodal Cyberattacks

Beyond WormGPT – Offline Xanthorox AI Platform Enables Multimodal Cyberattacks

Threat Group - Unknown Cybercrime Syndicates Threat Type - Malicious AI Platform Exploited Vulnerabilities - None (Self-contained toolkit) Malware Used - Xanthorox Coder output (various strains) Threat Score - 🔥 Critical (9.5/10) – Due to its offline operation, modular architecture, and use by threat actors as an advanced AI-based hacking

Malicious SVG Attachments Bypass Email Filters in Widespread Phishing Campaigns

Malicious SVG Attachments Bypass Email Filters in Widespread Phishing Campaigns

Threat Group: Multiple cybercriminal organizations Threat Type: Phishing, Malware Delivery Exploited Vulnerabilities: Misuse of Scalable Vector Graphics (SVG) file capabilities Malware Used: Agent Tesla Keylogger, XWorm Remote Access Trojan (RAT), QakBot Threat Score: 🔴 High (8.4/10) – Due to its ability to bypass traditional security measures, widespread distribution, and potential

PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps

PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps

Threat Group: Unattributed (Historically linked to SideCopy) Threat Type: Remote Access Trojan (Android RAT) Exploited Vulnerabilities: Social Engineering, Compromised WordPress Sites Malware Used: PJobRAT (latest variant with shell command execution) Threat Score: 🔴 High (8.3/10) – Due to persistence, enhanced capabilities, and deception-based delivery Last Threat Observation: October 2024 (per

Raspberry Robin Malware: USB Worm Turned Initial Access Powerhouse

Raspberry Robin Malware: USB Worm Turned Initial Access Powerhouse

Threat Group: Storm-0856 (Roshtyak) Threat Type: Initial Access Broker (IAB), Malware Loader, USB Worm Exploited Vulnerabilities: CVE-2023-36802, CVE-2023-29360 Malware Used: Raspberry Robin (aka Roshtyak, QNAP worm) Threat Score: 🔴 High (8.4/10) – Ongoing use by ransomware groups and Russian state-backed actors, with evolving delivery techniques and C2 infrastructure. Last Threat

Emerging Malware StilachiRAT Targets Digital Assets

Emerging Malware StilachiRAT Targets Digital Assets

Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Unknown Malware Used: StilachiRAT Threat Score: 🔴 High (8.4/10) – Due to its comprehensive data theft capabilities, advanced evasion techniques, and specific targeting of cryptocurrency assets. Last Threat Observation: March 20, 2025 Overview StilachiRAT is a newly discovered Remote Access Trojan (RAT)

XCSSET Malware Threatens macOS Developer Community

XCSSET Malware Threatens macOS Developer Community

Threat Group: Unattributed Threat Type: Malware, Supply Chain Attack Exploited Vulnerabilities: Transparency Consent and Control (TCC) Zero-day Vulnerabilities Malware Used: XCSSET Threat Score: 🔴 High (8.4/10) – Advanced obfuscation, persistent infection mechanisms, and supply-chain attack potential Last Threat Observation: March 11, 2025 (Microsoft Security Blog) Overview XCSSET is a sophisticated,

Malware Distribution Through Trusted Microsoft Graph API Channels

Malware Distribution Through Trusted Microsoft Graph API Channels

Threat Group: Various Advanced Persistent Threats (APTs) Threat Type: Malware Distribution, Data Exfiltration, Command-and-Control (C2) Exploited Vulnerabilities: Microsoft Graph API Abuse Malware Used: Havoc, FINALDRAFT, BirdyClient, Bluelight, Graphite, Graphican, SiestaGraph Threat Score: High (8.7/10) – Exploitation of trusted Microsoft services, advanced obfuscation, widespread potential data breaches. Last Threat Observation: