Advanced Persistent Threat (APT) MuddyWater has orchestrated a sophisticated phishing campaign targeting over 100 government entities across the Middle East, North Africa, and international organizations worldwide. Group-IB Threat Intelligence has attributed the campaign to the Iran-linked threat actor with high confidence, revealing an alarming escalation in the group’s espionage capabilities and operational sophistication. The attack […]
Microsoft has unveiled a critical vulnerability in ASP.NET Core that could enable attackers to sidestep essential security measures.
Disclosed on October 24, 2025, under CVE-2025-55315, this flaw stems from HTTP Request Smuggling (CWE-444) and poses risks to systems relying on outdated .NET components.
QNAP, a leading provider of network-attached storage solutions, has issued urgent guidance, emphasizing the need for immediate updates to mitigate potential exploits.
The vulnerability affects ASP.NET Core, a foundational framework for web applications, allowing authenticated attackers to craft malicious HTTP requests.
Successful exploitation could lead to unauthorized access to sensitive data, server file modifications, or even limited denial-of-service disruptions.
While the severity is rated as “Important” by Microsoft, the implications extend to QNAP’s ecosystem, particularly the NetBak PC Agent software, which integrates these .NET components during installation.
Technical Details And Affected Systems
NetBak PC Agent, designed for seamless backups from Windows PCs to QNAP NAS devices, automatically installs Microsoft ASP.NET Core runtimes.
If users have not applied recent patches, their systems remain exposed. The flaw exploits ambiguities in HTTP request parsing, enabling attackers to inject smuggling payloads that bypass authentication and authorization controls.
QNAP’s investigation is ongoing, but the company confirms that unpatched installations of NetBak PC Agent on Windows systems are at risk.
This includes versions prior to the latest updates, where ASP.NET Core versions below 8.0.21 harbor the vulnerability.
Attackers need authenticated access, lowering the barrier for insiders or those with compromised credentials, but the potential for data exfiltration or tampering underscores the urgency.
CVE ID
Affected Product
CVSS Score
Description
Impact
CVE-2025-55315
NetBak PC Agent (via ASP.NET Core)
7.5 (Important)
HTTP Request Smuggling in ASP.NET Core allowing bypass of security controls
Unauthorized data access, file modification, limited DoS
Microsoft’s patch addresses the parsing issue in the framework’s request handling, but QNAP users must act to ensure compatibility.
Mitigation Steps
QNAP urges all users to verify and update their systems promptly. The simplest approach involves reinstalling NetBak PC Agent: uninstall the current version via Windows Settings > Apps > Installed Apps, then download the latest installer from QNAP’s official site.
This process automatically fetches and installs the updated ASP.NET Core 8.0.21 runtime.
For those preferring manual intervention, head to dotnet.microsoft.com/en-us/download/dotnet/8.0 and install the latest ASP.NET Core Runtime Hosting Bundle.
Restart the application or system afterward to apply changes. QNAP also recommends monitoring for unusual network activity and enabling multi-factor authentication on NAS devices.
As cybersecurity threats evolve, this incident highlights the interconnected risks in software supply chains. Organizations should prioritize regular patching to safeguard against such bypass vulnerabilities.
The IPFire project has announced the release of version 2.29, Core Update 198, marking a significant milestone in the open-source firewall’s evolution. This update introduces transformative improvements to the Intrusion Prevention System, coupled with comprehensive reporting capabilities that fundamentally change how network administrators monitor and respond to security threats. New Features and Enhancements Real-Time Email […]
A newly advertised information-stealing malware called Anivia Stealer has surfaced on the dark web, with threat actor ZeroTrace aggressively promoting the C++17-based infostealer as a commercial malware-as-a-service offering. The malware implements sophisticated privilege escalation capabilities, including automatic User Account Control (UAC) bypass functionality, making it a significant threat to Windows-based systems across multiple operating system […]
In cybersecurity, speed isn’t just a win — it’s a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more confidently your business keeps scaling. Early threat detection isn’t about preventing a breach someday: it’s about protecting the revenue you’re supposed to earn every day.
Companies that treat cybersecurity as a
The cybersecurity landscape continues to evolve with increasingly sophisticated distribution mechanisms, and one trend gaining alarming momentum is the delivery of infostealer malware through seemingly innocent video game cheats and mod tools.
These applications, marketed as performance enhancers or gameplay assistants, have become a Trojan horse for credential theft campaigns targeting both casual gamers and professional users.
The proliferation of these threats underscores a critical vulnerability in user awareness and software verification practices across the gaming community.
The attack vectors leveraging game cheats have demonstrated remarkable effectiveness, particularly due to the inherent trust users place in gaming resources.
Threat actors exploit this psychological advantage by embedding malicious payloads within cheat engines, mod managers, and game optimization tools distributed through torrenting platforms, forum boards, and unofficial game communities.
These infostealer variants specifically target stored credentials, cryptocurrency wallets, browser cookies, and sensitive authentication tokens, making them exceptionally valuable in the underground market.
Gen Threat Labs analysts identified this emerging malware distribution trend during routine threat monitoring operations in late October 2025, noting an acceleration in infostealer campaigns leveraging gaming platforms as primary delivery channels.
We've identified a new wave of #Gamaredon#phishing activity targeting government entities. Attackers are abusing #CVE-2025-8088 (WinRAR path traversal) to deliver RAR archives that silently drop HTA malware into the Startup folder — no user interaction needed beyond opening…
The research team documented specific variants employing sophisticated evasion techniques to circumvent traditional antivirus detection while maintaining persistent command-and-control communication patterns.
Infection Mechanism and Persistence Tactics
The typical infection chain begins when users download compromised cheat software from seemingly reputable gaming forums or torrent sites.
Upon execution, the infostealer establishes residency through Windows Registry modifications, creating legitimate-appearing startup entries that blend seamlessly with genuine system processes.
The malware implements a multi-staged approach where initial reconnaissance collects system information and existing credentials, followed by exfiltration to attacker-controlled infrastructure.
The persistence layer employs scheduled task creation and process injection techniques to maintain access across system reboots. Security researchers observed samples using legitimate Windows utilities for credential dumping, including LSASS memory scraping and SAM database extraction.
The malware typically communicates with command-and-control servers using encrypted HTTPS channels to report stolen data, receive configuration updates, and download additional payloads.
Users seeking enhanced gaming experiences should strictly obtain cheats and mods exclusively from official game publishers or well-established, verified community repositories with strong security records.
Implementing multi-factor authentication, maintaining updated endpoint protection, and deploying behavioral monitoring solutions provide meaningful layers of defense against these evolving threats.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
Active Directory domain join accounts are systematically exposing enterprise environments to compromise, even when administrators follow Microsoft’s official guidance. A comprehensive security analysis reveals that these specialized accounts inherit excessive privileges by default, creating a direct pathway for attackers to escalate access from internal networks to full domain control. During security assessments, domain join accounts […]
Cybersecurity researchers have uncovered a sophisticated evolution in phishing attacks that combines FileFix social engineering with cache smuggling techniques to bypass modern security defenses. This hybrid attack method eliminates the need for malicious code to make web requests, instead extracting payloads directly from the browser’s cache where they were planted through cache smuggling. The technique […]
The competitive nature of gaming drives millions of players to seek advantages against their opponents. With esports tournaments boasting prize pools exceeding $1.25 million, the stakes have never been higher.
However, this competitive spirit has created an opportunity for cybercriminals to exploit unsuspecting players through weaponized game cheats that deliver devastating malware payloads.
The reality of free game cheats presents a significant security risk that extends far beyond simple detection bans.
While premium cheats rely on subscription-based models and sophisticated evasion techniques, free alternatives flooding forums, YouTube channels, and file-sharing platforms contain far more sinister purposes.
Many players searching for free cheats on Fortnite, Apex Legends, Counter-Strike 2, and even casual games like Minecraft and Roblox unknowingly download information stealing malware, Discord token grabbers, or remote access trojans alongside their desired cheating tools.
Product page for a popular Fortnite cheat (Source – (Source – vxdb.sh)
Security analyst and researcher vxdb noted a particularly concerning campaign where criminals disguise infostealer malware as legitimate game cheats.
What makes this threat especially dangerous is that users often receive partially functional cheating tools alongside hidden malware, creating a false sense of legitimacy while data harvesting occurs silently in the background.
The Traffer Teams Distribution Network
The orchestration of these malware campaigns relies on organized criminal groups known as Traffer Teams, which manage entire operations from recruitment through monetization.
These teams operate by recruiting affiliate traffers who distribute malware across popular platforms like YouTube and TikTok.
The distribution chain typically begins with videos uploaded to stolen or fake YouTube accounts, using Linkvertise services to funnel viewers through advertising obstacles before reaching file-sharing platforms like MediaFire or Meganz.
A recent investigation by security researcher Eric Parker uncovered a sophisticated campaign where a Traffer Team called LyTeam operated a Google Sites page distributing so-called Valorant skin changers and Roblox executors.
Upon analysis, the downloaded .dll files were identified as Lumma Stealer malware variants, a notorious information-stealing family designed to harvest browser credentials and cryptocurrency wallets.
The affiliate structure incentivizes distribution through direct payments or percentage cuts of harvested data logs, creating a profitable ecosystem for cybercriminals.
Understanding the infection mechanism reveals how these campaigns succeed despite basic security awareness.
The malware executes with user-level privileges after execution, immediately targeting sensitive data repositories.
Once installed, the stealer establishes persistence mechanisms that survive system reboots, continuously exfiltrating credentials, cookies, authentication tokens, and wallet information to attacker-controlled servers.
The modular nature of these malware families allows attackers to deploy additional payloads or activate dormant features as needed, making them particularly adaptable threats.
Players seeking competitive advantages must recognize that free shortcuts carry substantial risks.
The safest approach involves scanning suspicious files through VirusTotal before execution, using virtual machines or sandboxed environments for untrusted downloads, and maintaining current antivirus protection across gaming systems.
Awareness remains the most effective defense against these increasingly sophisticated threats.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
Operant AI’s security research team has uncovered Shadow Escape, a dangerous zero-click attack that exploits the Model Context Protocol to steal sensitive data through AI assistants. The attack works with widely used platforms, including ChatGPT, Claude, Gemini, and other AI agents that rely on MCP connections to access organisational systems. Unlike traditional security breaches requiring […]
We've identified a new wave of 
government entities..webp)