Category: Uncategorized
-
China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community [email protected] (The Hacker News)
The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama’s 90th birthday on July 6, 2025. The multi-stage attacks have been codenamed Operation GhostChat and Operation PhantomPrayers by Zscaler ThreatLabz. “The attackers compromised a legitimate website, redirecting users via a…
-
Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems [email protected] (The Hacker News)
Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The tech giant, in an update shared Wednesday, said the findings are based on an “expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603.” The threat actor…
-
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace [email protected] (The Hacker News)
Europol on Monday announced the arrest of the suspected administrator of XSS.is (formerly DaMaGeLaB), a notorious Russian-speaking cybercrime platform. The arrest, which took place in Kyiv, Ukraine, on July 222, 2025, was led by the French Police and Paris Prosecutor, in collaboration with Ukrainian authorities and Europol. The action is the result of an investigation…
-
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access [email protected] (The Hacker News)
Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the “mu-plugins” directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the “wp-content/mu-plugins”Read More
-
Apache TomCat AJP File Inclusion Vulnerability
FortiGuard Labs is aware of a new attack on Apache Tomcat Servers dubbed “GhostCat.” Discovered by Chaitin Tech, a vulnerability in Apache Tomcat exists where an attacker has the ability to read and write in the webapp directory of Apache Tomcat. It addition to this, an attacker has the ability to upload files to the…
-
Attacks Observed in the Wild Exploiting CVE-2020-0688 (Microsoft Exchange Validation Key Remote Code Execution Vulnerability)
FortiGuard Labs is aware of reports of active exploitation of CVE-2020-0688 – Microsoft Exchange Validation Key Remote Code Execution Vulnerability. Active in the wild attacks were first observed by Twitter user Troy Mursch (@bad_packets). The vulnerability was disclosed by an anonymous researcher to the Zero Day Initiative. According to the original February Microsoft Security Advisory…
-
Vulnerability in Zyxel Network Attached Storage (NAS) Devices
FortiGuard Labs is aware of a newly disclosed vulnerability in Zyxel network attached storage (NAS) devices in an advisory published today by CERT/CC. Multiple Zyxel devices contain a pre authentication command injection vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on the device. The vulnerability was reported by security journalist Brian…
-
Active Exploitation Against Adobe Commerce and Magento Through CVE-2022-24086/CVE-2022-24087
UPDATE February 17: Added reference to CVE-2022-24087, which Adobe disclosed and issues an out-of-band patch for on February 17th, 2022.FortiGuard Labs is aware of reports that Magento Open Source and Adobe Commerce are actively being targeted and exploited through CVE-2022-24086. This vulnerability can lead to remote code execution (RCE) on an exploited server which means…
-
CVE-2022-22718 on CISA’s Known Exploited Vulnerabilities Catalog
FortiGuard Labs is aware that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-22718 to the Known Exploited Vulnerabilities Catalog. CVE-2022-24481 is a local privilege escalation vulnerability in the Windows Print Spooler and affects multiple versions of Windows OS. Microsoft issued a patch for the vulnerability as part of the February 2022 Patch…
-
Qakbot Delivered Through CVE-2022-30190 (Follina)
FortiGuard Labs is aware of a report that CVE-2022-30190 is exploited in the wild to deliver Qakbot malware. Currently, a patch is not available for CVE-2022-30190. Also known as Qbot and Pinkslipbot, Qakbot started off as a banking malware. In recent years, Qakbot was seen as a delivery vehicle for other malware, which often results…