China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures - EclecticIQ Blog | News Content: Arda Büyükkaya May 13, 2025 China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures Intelligence Research Executive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations - Microsoft | News Content: The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates high-velocity ransomware campaigns that weaponize N-days, targeting vulnerable, web-facing systems during the window between vulnerability disclosure and widespread patch adoption. Following successful exploitation, Storm-1175 rapidly moves from initial access to data exfiltration and deployment of Medusa ransomware, often within a few days and, in some cases, within 24 hours. The threat actor’s high operational tempo and proficiency in identifying exposed perimeter assets have proven

Fast, smart, and private: Group-IB introduces AI Assistant | Our new LLM-powered chatbot is designed for efficiency and security. Discover how Group-IB AI Assistant enhances threat intelligence workflows and provides security teams with instant insights — without compromising privacy. | News Content: Introduction Love it or hate it, AI in cybersecurity is no longer hype or hypothetical. You can either harness its power or deal with the consequences. Attackers are already using AI to launch faster and more convincing phishing campaigns, generate deepfake videos, and exploit vulnerabilities at scale. Meanwhile, defenders are bogged down by slow, manual workflows and

ISC StormCast for Thursday, February 22nd, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Archive.org Phish; ScreenConnect PoC; Post Quantum iMessage;Phishing Pages Hosted on Archive.org https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/ ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708) https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass iMessage with PQ3 https://security.apple.com/blog/imessage-pq3/

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV - The Hacker News | News Content: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2024-1708 (CVSS score: 8.4) - A path traversal vulnerability in ConnectWise ScreenConnect that could allow an attacker to execute remote code or directly impact confidential data and critical systems. (Fixed in February 2024) CVE-2026-32202 (CVSS score: 4.3) - A protection mechanism failure vulnerability in Microsoft

Breach Roundup: US Cyber Command Flags Election Threats - GovInfoSecurity | News Content: Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE Flaw Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week, U.S. Cyber Command warned of likely foreign interference in upcoming elections, medical device maker Stryker discussed the financial impact of its hack, a convicted Vastaamo hacker sought a final appeal and French authorities arrested a prolific data thief tied to multiple breaches. Swiss police dismantled a Black Axe fraud network, while a China-linked "Spamouflage" campaign targeted Tibetan elections. Meanwhile, active exploitation of ConnectWise and Windows

Microsoft flags China-based hackers using vicious new 'rapid attack' zero-days - TechRadar | News Content: Storm-1175 rapidly moves from access to ransomware deployment Exploits zero-days and n-days across multiple products Targets healthcare, finance, education, and professional services Chinese-speaking hacking collective Storm-1175 is moving fast, going from initial access to full system compromise and data exfiltration in weeks, and sometimes in less than 24 hours, experts have warned. A new report from Microsoft claims the group was seen leveraging multiple flaws, both zero-days and n-days, in their activities. In some cases, they would even