Vulnerability - Cybersec Sentinel

Vulnerability

A collection of 16 posts

F5 Security Breach – Elevated Risk to Customers

Vulnerabilities

F5 Security Breach – Elevated Risk to Customers

Threat Group – Highly sophisticated nation state actor Threat Type – Data breach and supply chain compromise Exploited Vulnerabilities – Initial access vector undisclosed. CVE 2025 54500 is a separate HTTP2 data plane denial of service flaw, not the entry point for the breach. Malware Used – Not publicly disclosed Threat Score – 🔴 7.5

ShadowV2 Botnet Builds Cloud Scale Attacks from Exposed Docker APIs

ShadowV2 Botnet Builds Cloud Scale Attacks from Exposed Docker APIs

Threat Group – ShadowV2 operators cybercrime as a service actors Threat Type – DDoS as a Service and botnet Exploited Vulnerabilities – Publicly exposed or unauthenticated Docker daemon APIs on cloud hosts, weak network segmentation, deficient egress controls, inadequate governance of infrastructure as code Malware Used – Python based spreader and control scripts, Go

Windows BitLocker flaw CVE-2025-54911 raises concerns for unpatched systems

Windows BitLocker

Windows BitLocker flaw CVE-2025-54911 raises concerns for unpatched systems

In Microsoft’s September 2025 Patch Tuesday release, one of the more notable fixes addressed a vulnerability in Windows BitLocker tracked as CVE-2025-54911. While it doesn’t compromise the encryption that BitLocker is known for, it does open the door for attackers who already have a foothold on a machine

Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG

Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG

Threat Group: APT41 (RedGolf, BrazenBamboo, Grayfly, Wicked Panda) Threat Type: APT, Malware, Backdoor Exploited Vulnerabilities: CVE-2023-48788 (FortiClient EMS), CVE-2022-40684 (FortiOS/FortiProxy/FortiSwitchManager) Malware Used: KEYPLUG (Windows and Linux variants), DEEPDATA (distinct APT41 toolset) Threat Score: 🔥 Critical (8.8/10) – Due to threat actor sophistication, vulnerability severity, and cross-platform malware capabilities.

Active Exploitation of NTLM Hash Theft in Windows via CVE-2025-24054

Vulnerabilities

Active Exploitation of NTLM Hash Theft in Windows via CVE-2025-24054

Threat Group: Unattributed (suspected infrastructure overlap with APT28); prior similar CVE exploited by UAC-0194 and Blind Eagle (APT-C-36) Threat Type: NTLM Hash Theft, Relay Attack Vector Exploited Vulnerabilities: CVE-2025-24054 (NTLM Hash Disclosure via .library-ms), variant of CVE-2024-43451 Malware Used: None directly tied; secondary payloads possible (RATs, e.g., SparkRAT in

UEFI Secure Boot Vulnerability Highlighted in CVE 2024 7344

Vulnerabilities

UEFI Secure Boot Vulnerability Highlighted in CVE 2024 7344

Threat Group: N/A Threat Type: Vulnerability Exploitation Exploited Vulnerabilities: CVE-2024-7344 Malware Used: Custom PE Loader with Encrypted Payload Threat Score: High (9.2/10) – Due to its ability to bypass foundational security mechanisms like UEFI Secure Boot, enabling undetectable and persistent compromises. Overview CVE-2024-7344 is a critical vulnerability found

DoubleClickjacking Exploit Turns Your Clicks into Chaos

DoubleClickjacking Exploit Turns Your Clicks into Chaos

Threat Group: Unattributed Threat Type: Clickjacking Variant Exploited Vulnerabilities: User Interface (UI) Redressing Vulnerabilities Malware Used: None Threat Score: High (8.0/10) – Due to its ability to bypass existing clickjacking defenses and exploit common user interactions. Last Threat Observation: January 3, 2025 Overview DoubleClickjacking is an advanced form of

Evolving Techniques in Cloud Atlas Cyber Attacks

Evolving Techniques in Cloud Atlas Cyber Attacks

Threat Group: Cloud Atlas (also known as Inception) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: * CVE-2017-11882: Memory corruption in Microsoft Office. * CVE-2018-0802: Formula editor vulnerability in Microsoft Office exploited via malicious RTF files. Malware Used: * VBShower: Polymorphic VBS-based backdoor. * PowerShower: PowerShell-based malware for reconnaissance and lateral movement. * VBCloud: New

FortiWLM Security Alert Critical Remote Code Execution Flaw Discovered

Vulnerabilities

FortiWLM Security Alert Critical Remote Code Execution Flaw Discovered

Threat Group: Unknown Threat Actor(s) Threat Type: Remote Code Execution (RCE) Exploited Vulnerabilities: CVE-2023-34990 (Critical) Malware Used: None identified Threat Score: High (9.8/10) – Due to remote code execution potential, unauthenticated access, and widespread use in enterprise environments. Last Threat Observation: December 2024 Overview CVE-2023-34990 is a critical

APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities

APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities

Threat Group: Mysterious Elephant (APT-K-47) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: WinRAR Vulnerability (CVE-2023-38831) Malware Used: Asyncshell (versions 1 through 4), ORPCBackdoor, MSMQSPY Threat Score: High (8.5/10) — Due to its targeted approach, advanced obfuscation techniques, and evolving attack vectors. Last Threat Observation: November 27, Overview APT-K-47,