YAMAGoya: Open-Source Tool
Modern threats have evolved far beyond static malware files. Today’s adversaries rely on fileless malware, obfuscation, and memory-resident techniques that easily bypass traditional antivirus tools. To counter these stealthy behaviors, JPCERT/CC has released YAMAGoya, an open-source endpoint monitoring tool that combines Sigma and YARA rules for real-time detection. YAMAGoya integrates Windows Event Tracing (ETW) with […]
ShadowMQ and Other Critical RCE Flaws
Researchers have identified a worrying class of remote code execution (RCE) vulnerabilities across multiple AI inference engines. These flaws affect major AI serving platforms-from Meta’s Llama to NVIDIA Triton and open-source inference systems—raising serious risks around model theft, persistent compromise, and infrastructure hijacking. What’s the Core Issue? The root cause is a pattern dubbed ShadowMQ, […]
RondoDox Botnet Exploits Unpatched
Security researchers have confirmed that the RondoDox botnet, a global threat actor known for IoT-based exploitaiton and DDoS infrastructure, is now actively leveraging unpatched vulnerabilities in XWiki installations to expand its reach and control. How the Exploit Works RondoDox operators scan for internet-accessible XWiki instances that are running outdated or vulnerable software versions. Exploiting these […]
Operation Endgame
An unprecedented international strike under Operation Endgame has delivered one of the most significant blows yet to cyber-crime infrastructure. Coordinated by Europol, Eurojust and partner agencies, the operation disrupted the backend of major malware platforms such as Rhadamanthys (an infostealer), VenomRAT (a remote-access trojan) and Elysium (a large-scale botnet). Key Facts The latest phase resulted […]
English-Speaking Cybercriminal Ecosystem
A comprehensive analysis reveals how the underground English-language cybercriminal network, known colloquially as The COM, has transformed from scattered forums trading social-media handles into a fully-fledged industrialised illicit economy. Evolution of The COM The origins of The COM trace back to forums like Dark0de, RaidForums and OGUsers, where early-adopters traded usernames, SIM-swap tools and account […]
Critical Amazon WorkSpaces for Linux Vulnerability
A new vulnerability identified in Amazon WorkSpaces Client for Linux (versions 2023.0 through 2024.8) has raised serious concerns across enterprises relying on cloud-based virtual desktop environments. Tracked as CVE-2025-12779, this flaw could allow unauthorized local users to extract authentication tokens, effectively granting them access to other users’ virtual desktops – a direct compromise of sensitive […]
Cavalry Werewolf Targets Government Institutions
A highly capable threat actor known as Cavalry Werewolf has launched a complex cyber-espionage campaign against Russian government agencies and industrial organisations. What the Campaign Involves The group uses spear-phishing emails disguised as official communications from the Kyrgyz government, often via compromised or spoofed government-email accounts. Initial access is achieved through password-protected archive attachments hosting […]
NGate Malware Enables ATM Cash Withdrawals
Security researchers from CERT Polska have identified a sophisticated Android-based malware campaign – NGate – that allows criminals to withdraw cash from ATMs using victims’ payment cards without physically taking the card. This attack demonstrates how mobile devices and near-field communication (NFC) capabilities are being weaponised to facilitate highly targeted financial fraud across banking systems. […]
Insider Threats Soar
An unsettling incident has emerged: three U.S. professionals previously working in cybersecurity roles are now indicted for orchestrating a ransomware campaign in partnership with the ALPHV BlackCat ransomware group. What we know The defendants include Ryan Clifford Goldberg (former incident-response manager at Sygnia) and Kevin Tyler Martin (former ransomware negotiator at DigitalMint). Both are charged […]
Misconfigured Jupyter Notebook Deployments
Recent security research has revealed a serious risk in many installations of Jupyter Notebook environments: misconfiguration-not a software bug-can allow attackers to gain root-level privileges on the host system. The vulnerability stems from notebook servers running as root with the terminal API enabled and without authentication, exposing a direct path from notebook access to full […]