Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers
Description: Internet service providers (ISPs) in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity also led to the delivery of various binaries that facilitate data exfiltration as well as offer
Source: TheHackerNews
March 4th, 2025 (about 2 months ago)
Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time
Source: TheRegister
February 27th, 2025 (about 2 months ago)
Wallbleed Flaw in China’s Great Firewall Exposed Private Data
Description: A newly discovered vulnerability in China's Great Firewall (GFW), dubbed Wallbleed, exposed sensitive memory data from its censorship infrastructure for over two years. The flaw leaked up to 125 bytes of internal memory whenever a specially crafted DNS query was injected into the system, offering an unprecedented view into China's nationwide censorship mechanisms. The vulnerability … The post Wallbleed Flaw in China’s Great Firewall Exposed Private Data appeared first on CyberInsider.
Source: CyberInsider
February 26th, 2025 (about 2 months ago)
Xi know what you did last summer: China was all up in Republicans' email, says book
Source: TheRegister
February 25th, 2025 (about 2 months ago)
China's Silver Fox spoofs medical imaging apps to hijack patients' computers
Source: TheRegister
February 25th, 2025 (about 2 months ago)
OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns
Description: OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence (AI)-powered surveillance tool. The social media listening tool is said to likely originate from China and is powered by one of Meta's Llama models, with the accounts in question using the AI company's models to generate detailed descriptions and analyze documents
Source: TheHackerNews
February 22nd, 2025 (about 2 months ago)

CVE-2018-0171
Cisco Confirms Salt Typhoon Exploitation in Telecom Hits
Description: In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using using stolen login credentials for initial access.

CVSS: CRITICAL (9.8)

Source: Dark Reading
February 21st, 2025 (about 2 months ago)
Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations
Description: An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country. Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it's also providing "boutique" solutions in order
Source: TheHackerNews
February 21st, 2025 (about 2 months ago)

CVE-2018-13379
Cybersecurity Snapshot: Ghost Ransomware Group Targets Known Vulns, CISA Warns, While Report Finds Many Cyber Pros Want To Switch Jobs
Description: Check out mitigation recommendations to protect your organization against the Ghost ransomware gang. Plus, get tips on how to attract and retain top cybersecurity professionals. And get the latest on the most prevalent malware; CIS Benchmarks; an AI security hackathon; and much more!Dive into six things that are top of mind for the week ending Feb. 21.1 - CISA: Ghost ransomware gang exploits known vulnerabilitiesFor years, ransomware group Ghost has been making hay out of well-known vulnerabilities for which patches have long been available – and it continues to aggressively pick low-hanging fruit by targeting outdated software.That’s the warning that the U.S.Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) made this week in their joint advisory “#StopRansomware: Ghost (Cring) Ransomware.”Since 2021, China-based Ghost, also known as Cring, Crypt3r and Phantom, has been using publicly available code to attack internet-facing servers whose software and firmware contain years-old vulnerabilities – including one disclosed and patched in 2009.  “This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China,” the advisory reads. Ghost’s main motivation is financial.CVEs that Ghost has specifically targeted include:CVE-2018-13379CVE-2010-2861CVE-2009-3960CVE-2019-0604CVE-2021-34473CVE-2021-34523CVE-2021-31207Securit...

CVSS: CRITICAL (9.1)

Source: Tenable Blog
February 21st, 2025 (about 2 months ago)
Ghost Ransomware Targets Orgs in 70+ Countries
Description: The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.
Source: Dark Reading
February 20th, 2025 (about 2 months ago)