SVG → CountLoader / PureRAT – From picture to problem. Phishing emails impersonating Ukrainian authorities deliver SVG attachments that start a chain: SVG → ZIP → CHM → CountLoader → payloads like Amatera Stealer and PureMiner; related campaigns evolve to PureRAT backdoors. Fileless techniques (AOT, process hollowing) and credential theft feature heavily. Those harmless-looking SVGs […]
AI meets phishing: SVGs with a suit and tie. Microsoft warns of a phishing campaign using LLM-generated, business-themed SVG files to hide malicious JavaScript and evade filters. The attack used self-addressed emails (BCC targets) and fake file-share lures; the SVG redirected via CAPTCHA to credential harvest pages. Microsoft’s analysis notes verbose, over-engineered code and business […]
SAP patches critical NetWeaver bugs (CVSS up to 10). Time to patch, not panic. SAP has released September patches addressing multiple flaws, including three critical issues in SAP NetWeaver (CVSS scores up to 10.0) that could allow code execution, arbitrary file upload, or unauthorised access—one via the RMI-P4 module. A high-severity bug in SAP S/4HANA […]
Salty2FA: the phishing kit that pinches your codes (not your chips) Researchers at ANY.RUN have identified Salty2FA, a phishing-as-a-service kit used across the US and EU that steals credentials and bypasses 2FA (including push, SMS and voice). Campaigns ramped up from June 2025 and target sectors such as finance, energy, telecoms, healthcare and government. A […]
Microsoft Patch Tuesday (September 2025): 80 fixes, one very nosey SMB bug Microsoft’s September 2025 Patch Tuesday fixes 80 vulnerabilities: 8 Critical and 72 Important. None are known to be exploited, but one flaw was publicly disclosed before patching: CVE-2025-55234 in Windows SMB, which can enable relay attacks leading to privilege escalation if SMB signing/EPA […]
AsyncRAT rides ScreenConnect: what’s going on? Researchers detail a campaign abusing ConnectWise ScreenConnect to deploy AsyncRAT and pinch credentials and crypto. Attackers either hijack a ScreenConnect session or lure victims with trojanised installers in phishing emails. Once in, they run a layered VBScript + PowerShell loader that fetches two payloads (“logs.ldk” and “logs.ldr”), sets up […]
FBI warning: crime rings are nicking your Salesforce data The FBI has issued a flash alert about two financially motivated threat clusters, UNC6395 and UNC6040, actively raiding Salesforce environments for data theft and extortion. UNC6395 piggy-backed on the Salesloft Drift incident by abusing compromised OAuth tokens, a breach Salesloft links to an earlier GitHub account […]
HybridPetya: the ransomware that slips past Secure Boot Security researchers (ESET) have analysed a new ransomware strain dubbed HybridPetya, which echoes Petya/NotPetya but adds a modern twist: it can bypass UEFI Secure Boot using a now-patched flaw (CVE-2024-7344) in a UEFI component. Samples appeared on VirusTotal in February 2025. HybridPetya works via an installer + […]
Automation is redefining pentesting (and yes, it’s about time) While penetration testing remains essential, the delivery of results hasn’t kept pace. Many teams still receive long, static PDFs and then manually copy findings into tools like Jira or ServiceNow—adding delays and eroding value. It promotes automated pentest delivery: streaming findings in real time into the […]
