Tag: threat intelligence
-
Mandiant Warns: A Tool for Hackers Exploiting the WinRAR CVE-2025-8088 Threat
Introduction: A Persistent WinRAR Weakness Security researchers at Mandiant have warned that a critical path traversal vulnerability in WinRAR, tracked as CVE-2025-8088, remains a serious hotspot for attackers. Despite a fix being released more than half a year ago, state-sponsored hackers and financially motivated adversaries continue to exploit the flaw via malicious archives and plausible…
-
Warning to Defenders: CVE-2025-8088 WinRAR Flaw Used by State-Sponsored and Financially Motivated Hackers
Overview: A Persistent WinRAR Vulnerability Still Ranked High for Threat Actors Security researchers, including Mandiant, warn that a critical path-traversal vulnerability in WinRAR, CVE-2025-8088, continues to be weaponized by both state-sponsored hackers and financially motivated actors. Even though a fix was issued well over half a year ago, threat groups reportedly rely on this flaw…
-
Researchers Uncover Haxor SEO Poisoning Marketplace
New Findings Spotlight a Global Backlink Marketplace Security researchers have uncovered an expansive marketplace that weaponizes search engine optimization (SEO) tactics for illicit ends. Dubbed the “HaxorSEO” or “HxSEO” operation, the platform provides threat actors with a ready-made ecosystem to acquire, manage, and deploy backlinks designed to push malicious pages higher in organic search results.…
-
Researchers Expose HaxorSEO: A Large-Scale Backlink Poisoning Marketplace
Overview: Unveiling a Hidden Marketplace Security researchers have revealed a sprawling backlink marketplace that enables threat actors to boost the search rankings of malicious web pages. The operation, known as HaxorSEO or HxSEO, appears tailored to support a range of abusive SEO tactics, including the creation and exchange of backlinks designed to manipulate search engine…
-
HaxorSEO: The Hidden Backlink Marketplace Fueling SEO Poisoning Attacks
Overview: A New Front in SEO-Based Attacks Security researchers have uncovered a sprawling marketplace that peddles backlinks to boost malicious pages in search engine rankings. The operation, identified by Fortra’s Intelligence and Research Experts (FIRE) as “HaxorSEO” or “HxSEO,” demonstrates how threat actors monetize search engine optimization (SEO) manipulation at scale. By providing a steady…
-
Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers
Overview: APT Konni Turns to AI-Generated PowerShell in Blockchain Attacks Security researchers have flagged a notable shift in the operation of the North Korean threat actor known as Konni. In recent campaigns, Konni has leveraged AI-assisted tools to generate PowerShell payloads that form backdoors aimed at blockchain developers and engineering teams. The attacker group appears…
-
Konni Hackers Use AI-Generated PowerShell Backdoor to Target Blockchain Developers
Overview A North Korean threat actor known as Konni has been observed deploying a PowerShell-based backdoor generated with artificial intelligence to target blockchain developers and engineering teams. The campaign, which has focused on Japan among other regions, underscores an emerging trend where cybercriminal groups leverage AI-assisted tooling to craft more convincing malware payloads and phishing…
-
New PHALT#BLYX Attack Campaign Targets Hospitality Sector with Malicious Paste-and-Execute Tactics
Overview of the PHALT#BLYX Campaign Cybersecurity researchers have identified a new attack campaign designated PHALT#BLYX that specifically targets the hospitality sector. The operation is described as an infection chain with multiple stages, leveraging sophisticated social engineering to trick victims into pasting malicious code into trusted environments. The campaign’s progression relies on user interaction and a…
-
PHALT#BLYX: New Attack Campaign Targets Hospitality Sector with Malicious Paste-and-Deploy Tactics
Overview of the PHALT#BLYX Campaign Cybersecurity researchers have issued a warning about a new campaign aimed squarely at the hospitality sector. The operation, tracked as PHALT#BLYX, is described as an infection chain with multiple stages designed to trick hospitality workers and guests into pasting or injecting malicious code into legitimate systems. While the campaign’s exact…
-
Amazon Reveals Exploitation of Cisco ISE and Citrix NetScaler Zero-Days by Advanced Threat Actor
Uncovering a Sophisticated Targeting Campaign Amazon’s threat intelligence team has disclosed an alarming trend in which an advanced threat actor exploited two zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix NetScaler ADC. The revelations shed light on a calculated campaign designed to penetrate certain networks before security teams could fully recognize the scope…