Cybersec Sentinel (Page 2)

COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain

COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain

Threat Group – COLDRIVER Threat Type – Espionage malware and social engineering Exploited Vulnerabilities – User execution via ClickFix lure, abuse of rundll32, script execution and registry-based persistence (no CVEs assigned) Malware Used – BAITSWITCH downloader, SIMPLEFIX PowerShell backdoor, LOSTKEYS VBS payload, SPICA backdoor Threat Score – 8.2 🔴 High Last Threat Observation – 25 September

ShadowV2 Botnet Builds Cloud Scale Attacks from Exposed Docker APIs

ShadowV2 Botnet Builds Cloud Scale Attacks from Exposed Docker APIs

Threat Group – ShadowV2 operators cybercrime as a service actors Threat Type – DDoS as a Service and botnet Exploited Vulnerabilities – Publicly exposed or unauthenticated Docker daemon APIs on cloud hosts, weak network segmentation, deficient egress controls, inadequate governance of infrastructure as code Malware Used – Python based spreader and control scripts, Go

Windows BitLocker flaw CVE-2025-54911 raises concerns for unpatched systems

Windows BitLocker

Windows BitLocker flaw CVE-2025-54911 raises concerns for unpatched systems

In Microsoft’s September 2025 Patch Tuesday release, one of the more notable fixes addressed a vulnerability in Windows BitLocker tracked as CVE-2025-54911. While it doesn’t compromise the encryption that BitLocker is known for, it does open the door for attackers who already have a foothold on a machine

Fileless EggStreme Malware Campaign Attributed to Chinese APT Against Military Organisations

Malware, EggStreme, Fileless Malware, DLL Sideloading, Espionage, APT

Fileless EggStreme Malware Campaign Attributed to Chinese APT Against Military Organisations

Threat Group – China-based APT actors Threat Type – Fileless malware and espionage backdoor Exploited Vulnerabilities – DLL sideloading, fileless memory injection (no CVEs assigned) Malware Used – EggStremeFuel, EggStremeLoader, EggStremeReflectiveLoader, EggStremeAgent, EggStremeKeylogger, EggStremeWizard Threat Score – 8.0 🔴 High Last Threat Observation – 11 September 2025 Overview A newly discovered espionage framework named EggStreme has

MostereRAT Expands Post-Exploitation with Remote Access Software

MostereRAT, Remote Access Trojan, AnyDesk, TightVNC, Phishing

MostereRAT Expands Post-Exploitation with Remote Access Software

Threat Group – Unknown Threat Type – Remote Access Trojan with remote administration tool deployment Exploited Vulnerabilities – Phishing vectors, TightVNC privilege escalation CVE-2023-27830 Malware Used – MostereRAT Threat Score – 7.8 🔴 High Last Threat Observation – 9 September 2025 Overview A phishing campaign uncovered by Fortinet on 9 September 2025 is distributing MostereRAT, a

Unknown Actors Launch High Severity NPM Supply Chain Malware Attack

SupplyChain, Malware, OpenSource, NPM, Phishing

Unknown Actors Launch High Severity NPM Supply Chain Malware Attack

Threat Group – Unknown criminal actors via phishing campaign Threat Type – Supply-Chain Attack / Malware Injection Exploited Vulnerabilities – Phishing via typosquatted domain, credential theft, token misuse Malware Used – Crypto-wallet address swap, WebSocket-based backdoor, Scavenger infostealer Threat Score – 7.5 🔴 High – Advanced targeted attack on trusted dev ecosystem; widespread impact and high stealth

Plex users urged to reset passwords after database compromise

Breach, Article, news, Plex

Plex users urged to reset passwords after database compromise

Threat Group – Unknown threat actor Threat Type – Data Breach / Account Compromise Exploited Vulnerabilities – Unauthorised access to Plex authentication database Malware Used – None confirmed Threat Score – 🔴 7.5 High – Large-scale exposure of account credentials with password reuse risks Last Threat Observation – 8 September 2025 Overview On 8 September 2025, Plex confirmed

Windows under threat from Rustonotto Rust backdoor and Python loader operated by APT37

Windows under threat from Rustonotto Rust backdoor and Python loader operated by APT37

Threat Group – APT37 (ScarCruft / Ruby Sleet / Velvet Chollima) Threat Type – Backdoor / Surveillance Exploited Vulnerabilities – Spear-phishing via malicious Windows shortcut (LNK) and CHM help file vectors Malware Used – Rustonotto (Rust-based backdoor), Chinotto (PowerShell), FadeStealer (Python-based stealer) Threat Score – 5.5 🟠 Elevated Justification – Combines multiple stages: stealthy Rust backdoor, multi-stage infection chain,

Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control

Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control

Threat Group: Transparent Tribe / APT36 / Mythic Leopard / G0134 Threat Type: Targeted phishing dropper, Linux desktop shortcut abuse, remote administration tool deployment, cyber espionage Exploited Vulnerabilities: No public CVE exploitation confirmed. Abuse of Linux .desktop launcher behaviour, user execution, weak attachment controls, and trusted cloud storage delivery. Malware Used: Sindoor Dropper