Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
NailaoLocker Ransomware Uses VPN Flaw to Attack Healthcare Orgs
Description: A newly uncovered cyber campaign, tracked as Green Nailao, has been targeting European organizations, particularly in the healthcare sector, using ShadowPad and PlugX malware to deploy NailaoLocker, a previously unknown ransomware strain. Researchers from Orange Cyberdefense CERT and Trend Micro have independently analyzed the campaign, revealing links to China-nexus threat actors and an evolving malware … The post NailaoLocker Ransomware Uses VPN Flaw to Attack Healthcare Orgs appeared first on CyberInsider.
Source: CyberInsider
February 20th, 2025 (about 2 months ago)
FBI Warns of Ghost Ransomware Attacks Targeting 70 Countries
Description: The FBI, in collaboration with CISA and MS-ISAC, has issued a cybersecurity advisory warning of widespread attacks by the Ghost (Cring) ransomware group, which has compromised organizations across more than 70 countries. The threat actors, based in China, have targeted critical infrastructure, government agencies, educational institutions, healthcare facilities, and businesses of various sizes. According to … The post FBI Warns of Ghost Ransomware Attacks Targeting 70 Countries appeared first on CyberInsider.
Source: CyberInsider
February 20th, 2025 (about 2 months ago)

CVE-2018-13379
#StopRansomware: Ghost (Cring) Ransomware
Description: Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)—(“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware. This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized ...
Source: All CISA Advisories
February 19th, 2025 (about 2 months ago)
New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection
Description: A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. "Typically delivered through phishing emails containing malicious attachments or links,
Source: TheHackerNews
February 19th, 2025 (about 2 months ago)
China-Linked Threat Group Targets Japanese Orgs' Servers
Description: Winnti once used a variety of malware, but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.
Source: Dark Reading
February 18th, 2025 (about 2 months ago)
New Snake Keylogger Variant Launches 280 Million Attacks
Description: A new variant of Snake Keylogger, a credential-stealing malware, has been detected in over 280 million infection attempts, highlighting its widespread impact. The malware’s latest resurgence, which was observed by Fortinet, primarily impacts users in China, Turkey, Indonesia, Taiwan, and Spain. It uses phishing emails to infiltrate systems and steal credentials from browsers like Chrome, … The post New Snake Keylogger Variant Launches 280 Million Attacks appeared first on CyberInsider.
Source: CyberInsider
February 18th, 2025 (about 2 months ago)
Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
Description: The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41
Source: TheHackerNews
February 18th, 2025 (2 months ago)
Salt Typhoon Exploits Cisco Devices in Telco Infrastructure
Description: The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months.
Source: Dark Reading
February 14th, 2025 (2 months ago)
Chinese hackers breach more US telecoms via unpatched Cisco routers
Description: China's Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. [...]
Source: BleepingComputer
February 14th, 2025 (2 months ago)
More victims of China's Salt Typhoon crew emerge – Telcos, unis hit via Cisco bugs
Source: TheRegister
February 13th, 2025 (2 months ago)