Threat Report GAMEREDON IN 2024 A detailed analysis of Gamaredon's evolving cyber threat landscape targeting Ukrainian governmental institutions. Threat Overview Throughout 2024, the Gamaredon group has been actively targeting Ukrainian governmental institutions with sophisticated spearphishing campaigns
Continue ReadingBlog
Apache Under The Lens Tomcat’s Partial PUT And Camel’s Header Hijack
Threat Report APACHE UNDER THE LENS: TOMCAT'S PARTIAL PUT AND CAMEL'S HEADER HIJACK A detailed analysis of critical vulnerabilities in Apache Tomcat and Camel Threat Overview In March 2025, Apache disclosed three critical vulnerabilities that pose
Continue Reading
Windows Shortcut LNK Malware Strategies
Threat Report LNK MALWARE STRATEGIES A detailed analysis of Windows Shortcut (LNK) malware strategies and their implications. Threat Overview Windows Shortcut (LNK) malware is a sophisticated threat that leverages the legitimate functionality of LNK files to
Continue Reading
Dire Wolf Strikes New Ransomware Group Targeting Global Sectors
Threat Report DIRE WOLF STRIKES: NEW RANSOMWARE GROUP TARGETING GLOBAL SECTORS A newly emerged ransomware group called Dire Wolf has been observed since May 2025, targeting multiple sectors globally with a focus on manufacturing and technology.
Continue Reading
Hide Your RDP Password Spray Leads to RansomHub Deployment
Threat Report HIDE YOUR RDP: PASSWORD SPRAY LEADS TO RANSOMHUB DEPLOYMENT A detailed analysis of a sophisticated cyber intrusion involving password spraying and ransomware deployment. Threat Overview The threat report published by AlienVault on June 30,
Continue ReadingSHOE RACK A post-exploitation tool for remote shell access & TCP tunnelling through a victim device
Threat Report SHOE RACK A post-exploitation tool for remote shell access & TCP tunnelling through a victim device Threat Overview SHOE RACK is a sophisticated malware developed in Go 1.18, designed for post-exploitation activities. It connects
Continue Reading
Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware
Threat Overview The Security Operations Center (SOC) has identified a significant cyber threat through a recent report published by CyberHunter_NL on June 25, 2025. The report, titled 'Black Hat SEO Poisoning Search Engine Results For AI
Continue Reading
Threat Actors Abuse Signed ConnectWise Application as Malware Builder
Threat Overview\n\nSince March 2025, there has been a significant increase in infections involving validly signed ConnectWise samples. Threat actors are exploiting ConnectWise's authenticode stuffing practices to create and distribute their own signed malware. This sophisticated attack
Continue Reading
Graphite Caught First Forensic Confirmation of Paragons iOS Mercenary Spyware Finds Journalists Targeted
Threat Overview The Security Operations Center (SOC) has recently identified a new threat report published by CyberHunter_NL on June 20, 2025. The report, titled 'Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists
Continue Reading
GrayAlpha Unmasked New FIN7 Linked Infrastructure PowerNet Loader Fake Update Attacks
Threat Overview The Security Operations Center (SOC) has received a new threat report from CyberHunter_NL published on June 20, 2025. The report, titled GrayAlpha Unmasked: New FIN7-Linked Infrastructure, PowerNet Loader, and Fake Update Attacks, provides detailed
Continue Reading