UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools https://firewall.firm.in/wp-content/uploads/2025/03/hacker-cde.png Mar 21, 2025Ravie LakshmananThreat Hunting / Vulnerability Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. “UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination ...

Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 https://firewall.firm.in/wp-content/uploads/2025/03/windows-hacked.png Mar 18, 2025Ravie LakshmananVulnerability / Windows Security An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked ...

New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors https://firewall.firm.in/wp-content/uploads/2025/03/hacks.png Mar 18, 2025Ravie LakshmananAI Security / Software Security Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. “This technique enables ...

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure https://firewall.firm.in/wp-content/uploads/2025/03/apache.png Mar 17, 2025Ravie LakshmananVulnerability / Web Security A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions – ...

Pentesters: Is AI Coming for Your Role? https://firewall.firm.in/wp-content/uploads/2025/03/THN-Article-Header.png We’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI ...

59% of Indian organizations expect cyber breach in 2025: Zscaler study – ET CISO https://etimg.etb2bimg.com/thumb/msid-118927471,imgsize-9494,width-1200,height=765,overlay-etciso/data-breaches/59-of-indian-organizations-expect-cyber-breach-in-2025-zscaler-study.jpg 97% of Indian IT leaders ‘believe’ their current cyber resilience measures are effective, yet ransomware attacks continue to rise and cost organizations billions of dollars per year. But only 53% of Indian IT leaders say their cyber resilience strategy is up-to-date in preparation for modern ...

Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits https://firewall.firm.in/wp-content/uploads/2025/03/chinese-hackers.png Mar 12, 2025Ravie LakshmananCyber Espionage / Vulnerability The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. “The backdoors had varying ...

Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack https://firewall.firm.in/wp-content/uploads/2025/03/code.png Mar 12, 2025Ravie LakshmananCloud Security / Vulnerability Threat intelligence firm GreyNoise is warning of a “coordinated surge” in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. “At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts,” ...

Kaspersky: Stealer malware leaked over 2 million bank cards – ET CISO https://etimg.etb2bimg.com/thumb/msid-118774806,imgsize-3834,width-1200,height=765,overlay-etciso/data-breaches/kaspersky-stealer-malware-leaked-over-2-million-bank-cards.jpg Kaspersky Digital Footprint Intelligence estimates that 2.3 million bank cards were leaked on the dark web, based on an analysis of data-stealing malware log files from 2023-2024. On average, every 14th infostealer infection results in stolen credit card information, with nearly 26 million devices compromised by infostealers, ...

Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates https://firewall.firm.in/wp-content/uploads/2025/03/malware-ransomware.png Mar 04, 2025Ravie LakshmananCybercrime / Threat Intelligence Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. ...