A threat actor is offering a potential 0-day remote code execution exploit for Fortinet FortiOS versions 7.4-7.6 for 0.5BTC (~$60k) past activity from the actor focused on selling access to Fortinet instances.
Threat Level: Moderate
#cybersecurity #fortinet #cybercrime #zeroday #RCE
Threat Level: Moderate
#cybersecurity #fortinet #cybercrime #zeroday #RCE
August 12, 2025 at 3:33 PM
A threat actor is offering a potential 0-day remote code execution exploit for Fortinet FortiOS versions 7.4-7.6 for 0.5BTC (~$60k) past activity from the actor focused on selling access to Fortinet instances.
Threat Level: Moderate
#cybersecurity #fortinet #cybercrime #zeroday #RCE
Threat Level: Moderate
#cybersecurity #fortinet #cybercrime #zeroday #RCE
A threat actor is selling a zero day to an undisclosed VPS/VDS provider that allows to bypass the payment before deployment. You'd think these providers would eventually find out but this raises a question on their security practices and makes you wonder how safe is your infra #0day #ThreatIntel
August 5, 2025 at 4:00 AM
A threat actor is selling a zero day to an undisclosed VPS/VDS provider that allows to bypass the payment before deployment. You'd think these providers would eventually find out but this raises a question on their security practices and makes you wonder how safe is your infra #0day #ThreatIntel
Venta de acceso a una firma inmobiliaria brasileña no identificada. El actor malicioso afirma vender acceso VPN de administrador de dominio, comprometiendo 60 PCs protegidas por Kaspersky y una empresa con ingresos de $88M. #Ciberseguridad #LATAM #Hack #Brazil
May 20, 2025 at 6:37 PM
Venta de acceso a una firma inmobiliaria brasileña no identificada. El actor malicioso afirma vender acceso VPN de administrador de dominio, comprometiendo 60 PCs protegidas por Kaspersky y una empresa con ingresos de $88M. #Ciberseguridad #LATAM #Hack #Brazil
Venta de acceso a una firma brasileña de servicios empresariales. El actor malicioso afirma vender acceso VPN de administrador de dominio, comprometiendo 7 PCs protegidas por TrendMicro en una empresa con ingresos de $7M. #Ciberseguridad #LATAM #Hack #Amenaza #Brazil
May 20, 2025 at 6:34 PM
Venta de acceso a una firma brasileña de servicios empresariales. El actor malicioso afirma vender acceso VPN de administrador de dominio, comprometiendo 7 PCs protegidas por TrendMicro en una empresa con ingresos de $7M. #Ciberseguridad #LATAM #Hack #Amenaza #Brazil
Slow Pisces, a North Korean state actor is targeting crypto orgs with some solid tradecraft.
They’re posing as recruiters on LinkedIn, baiting devs with coding challenges that drop custom Python malware.
unit42.paloaltonetworks.com/slow-pisces-...
#APT #ThreatIntel #Cyber #OSINT #Crypto #Malware
They’re posing as recruiters on LinkedIn, baiting devs with coding challenges that drop custom Python malware.
unit42.paloaltonetworks.com/slow-pisces-...
#APT #ThreatIntel #Cyber #OSINT #Crypto #Malware
April 17, 2025 at 7:10 AM
Slow Pisces, a North Korean state actor is targeting crypto orgs with some solid tradecraft.
They’re posing as recruiters on LinkedIn, baiting devs with coding challenges that drop custom Python malware.
unit42.paloaltonetworks.com/slow-pisces-...
#APT #ThreatIntel #Cyber #OSINT #Crypto #Malware
They’re posing as recruiters on LinkedIn, baiting devs with coding challenges that drop custom Python malware.
unit42.paloaltonetworks.com/slow-pisces-...
#APT #ThreatIntel #Cyber #OSINT #Crypto #Malware
NVD just marked ~20K pre-2018 CVEs as "Deferred" - dropping CVSS scores and CWE classifications for these vulnerabilities.
This major shift affects critical security data and was implemented with minimal transparency.
Time for security teams to diversify vulnerability intel sources beyond NVD.
This major shift affects critical security data and was implemented with minimal transparency.
Time for security teams to diversify vulnerability intel sources beyond NVD.
April 7, 2025 at 5:33 AM
NVD just marked ~20K pre-2018 CVEs as "Deferred" - dropping CVSS scores and CWE classifications for these vulnerabilities.
This major shift affects critical security data and was implemented with minimal transparency.
Time for security teams to diversify vulnerability intel sources beyond NVD.
This major shift affects critical security data and was implemented with minimal transparency.
Time for security teams to diversify vulnerability intel sources beyond NVD.
Vulnerable edge devices attract threat actors like honey. UNC5221 (China-linked Threat Actor) has been actively exploiting CVE-2025-22457 (CVSS 9.0) a critical Ivanti VPN vulnerability since mid-March 2025. Patch version 22.7R2.6
#CVE #Exploited #POC #patch #vulnerability
#CVE #Exploited #POC #patch #vulnerability
April 3, 2025 at 4:35 PM
Vulnerable edge devices attract threat actors like honey. UNC5221 (China-linked Threat Actor) has been actively exploiting CVE-2025-22457 (CVSS 9.0) a critical Ivanti VPN vulnerability since mid-March 2025. Patch version 22.7R2.6
#CVE #Exploited #POC #patch #vulnerability
#CVE #Exploited #POC #patch #vulnerability
Using EclecticIQ’s analysis, I uncovered 39 additional domains linked to Chinese #ThreatActor #SilkSpecter, impersonating brands like IKEA, The North Face, Zalando and Zara.
Key IOCs:
trusttollsvg.js
collect.js
#ThreatIntel #OSINT #Scam #BlackFriday #Phishing
blog.eclecticiq.com/inside-intel...
Key IOCs:
trusttollsvg.js
collect.js
#ThreatIntel #OSINT #Scam #BlackFriday #Phishing
blog.eclecticiq.com/inside-intel...
November 18, 2024 at 10:59 AM
Using EclecticIQ’s analysis, I uncovered 39 additional domains linked to Chinese #ThreatActor #SilkSpecter, impersonating brands like IKEA, The North Face, Zalando and Zara.
Key IOCs:
trusttollsvg.js
collect.js
#ThreatIntel #OSINT #Scam #BlackFriday #Phishing
blog.eclecticiq.com/inside-intel...
Key IOCs:
trusttollsvg.js
collect.js
#ThreatIntel #OSINT #Scam #BlackFriday #Phishing
blog.eclecticiq.com/inside-intel...
I’ve received multiple requests to expand the input options, and I’m happy to share that #CVE_Prioritizer can now process scan results from Nessus and OpenVAS! #SOC #blueteam #vulnerability #CVE #EPSS #KEV #ThreatIntel #Exploit #RedTeam #Nessus #OpenVAS #Patching github.com/TURROKS/CVE_...
November 5, 2024 at 5:42 AM
I’ve received multiple requests to expand the input options, and I’m happy to share that #CVE_Prioritizer can now process scan results from Nessus and OpenVAS! #SOC #blueteam #vulnerability #CVE #EPSS #KEV #ThreatIntel #Exploit #RedTeam #Nessus #OpenVAS #Patching github.com/TURROKS/CVE_...
New phishing domain associated with Scattered Spider APT, targeting Gemini Crypto Exchange
IP: 24.144.123.156
Domain: stargate-gemini[.]com
TTPs align with Sekoia's latest findings blog.sekoia.io/scattered-sp... #ThreatHunting #APT #Phishing #CyberSecurity
IP: 24.144.123.156
Domain: stargate-gemini[.]com
TTPs align with Sekoia's latest findings blog.sekoia.io/scattered-sp... #ThreatHunting #APT #Phishing #CyberSecurity
October 18, 2024 at 7:47 AM
New phishing domain associated with Scattered Spider APT, targeting Gemini Crypto Exchange
IP: 24.144.123.156
Domain: stargate-gemini[.]com
TTPs align with Sekoia's latest findings blog.sekoia.io/scattered-sp... #ThreatHunting #APT #Phishing #CyberSecurity
IP: 24.144.123.156
Domain: stargate-gemini[.]com
TTPs align with Sekoia's latest findings blog.sekoia.io/scattered-sp... #ThreatHunting #APT #Phishing #CyberSecurity