1010.cx

  • Acreed Infostealer Gaining Popularity Among Cybercriminals for C2 via Steam Platform

    ·

    , ,

    Acreed, a novel infostealer first observed in February 2025, has rapidly gained traction among threat actors seeking discreet credential and cryptocurrency data harvesting. Leveraging a unique command-and-control (C2) mechanism via the Steam platform’s community profiles, Acreed exhibits advanced OPSEC measures and versatility that distinguish it from established stealers such as Lumma. Acreed noted on Russian […]

    The post Acreed Infostealer Gaining Popularity Among Cybercriminals for C2 via Steam Platform appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New ModStealer Evade Antivirus Detection to Attack macOS Users and Steal Sensitive Data

    ·

    , ,

    A sophisticated new cross-platform information stealer known as ModStealer has emerged, targeting macOS users and demonstrating concerning capabilities to evade Apple’s built-in security mechanisms.

    The malware represents the latest evolution in macOS-focused threats, which have seen a dramatic surge throughout 2024 and continue accelerating into the current year.

    ModStealer follows established patterns seen in other macOS stealers but introduces unique persistence mechanisms that set it apart from predecessors like Atomic Stealer.

    The malware primarily targets developers and cryptocurrency holders through social engineering campaigns involving fake job advertisements and recruitment opportunities, taking advantage of these groups’ valuable digital assets and frequent interaction with online development resources.

    Initial reports from cybersecurity firm Mosyle indicate that ModStealer first appeared on VirusTotal approximately one month ago.

    Moonlock analysts identified the malware’s cross-platform nature, enabling it to compromise macOS, Windows, and Linux systems simultaneously.

    This versatility makes ModStealer particularly dangerous, as threat actors can deploy unified campaigns across multiple operating systems rather than maintaining separate malware variants for each platform.

    The malware’s capabilities extend beyond typical data theft operations. ModStealer can infiltrate over 50 browser extensions across Chrome and Safari platforms, with Safari targeting being relatively uncommon among information stealers.

    The malware extracts data from cryptocurrency wallet extensions, captures clipboard contents containing seed phrases and private keys, takes screenshots of visible user data, and harvests saved browser information including local storage databases, cookies, and stored credentials.

    Advanced Persistence Through LaunchAgent Abuse

    ModStealer’s most notable technical innovation lies in its persistence mechanism on macOS systems.

    Rather than employing traditional persistence methods, the malware leverages Apple’s native launchctl utility to embed itself as a LaunchAgent within the system’s startup processes.

    This approach allows ModStealer to maintain long-term, undetectable presence on compromised Mac devices by masquerading as legitimate system processes.

    The malware creates hidden payload files such as “sysupdater.dat” to store its components while establishing persistence through macOS LaunchAgent configurations.

    This technique effectively bypasses many detection systems that focus on monitoring unauthorized modifications to system files or registry entries.

    By utilizing Apple’s own tools and frameworks, ModStealer presents itself as legitimate system activity, making detection significantly more challenging for both automated security solutions and manual analysis.

    A VirusTotal user comment reveals how they were contacted by a fake recruiter impersonating a known LinkedIn account (Source – Moonlock)

    Once established, ModStealer maintains communication with command-and-control servers to receive additional instructions, extract collected data, and potentially facilitate lateral movement within compromised networks.

    This persistent connection enables threat actors to continuously harvest sensitive information and adapt their operations based on the specific environment of each victim system.

    Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

    The post New ModStealer Evade Antivirus Detection to Attack macOS Users and Steal Sensitive Data appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Cybercriminals Target SonicWall Firewalls to Deploy Akira Ransomware via Malicious Login Attempts

    ·

    , , ,

    Security teams face a rapidly evolving campaign that abuses compromised SonicWall SSL VPN credentials to deliver Akira ransomware in under four hours—dwell times among the shortest ever recorded for this type of threat. Within minutes of successful authentication—often originating from hosting-related ASNs—threat actors initiated port scans, leveraged Impacket SMB tools for discovery, and deployed the […]

    The post Cybercriminals Target SonicWall Firewalls to Deploy Akira Ransomware via Malicious Login Attempts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • The State of AI in the SOC 2025 – Insights from Recent Study 

    ·

    Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File

    ·

    , , ,

    WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple’s iOS, macOS, and iPadOS platforms, detailed with a proof of concept demonstration.

    The attack chain exploits two distinct vulnerabilities, identified as CVE-2025-55177 and CVE-2025-43300, to compromise a target device without requiring user interaction.

    The exploit, demonstrated in a proof-of-concept (PoC) shared by the DarkNavyOrg researchers, is initiated by sending a specially crafted malicious (DNG) image file to a victim’s WhatsApp account.

    As a “zero-click” attack, the vulnerability is triggered automatically upon receipt of the malicious message, making it particularly dangerous as victims have no opportunity to prevent the compromise.

    0-click Attack PoC WhatsApp
    0-click Attack PoC WhatsApp

    WhatsApp 0-Click Vulnerability Exploit Chain

    The attack’s entry point is CVE-2025-55177, a critical logic flaw within WhatsApp’s handling of messages.

    According to DarkNavyOrg, the vulnerability stems from a missing validation check to confirm that an incoming message originates from a legitimate linked device.

    This oversight allows an attacker to send a message that appears to be from a trusted source, bypassing initial security checks and delivering the malicious payload.

    Once the message is delivered, the second vulnerability, CVE-2025-43300, is triggered. This flaw resides in the application’s DNG file parsing library.

    The attacker crafts a malformed DNG image that, when processed by WhatsApp, causes a memory corruption error, leading to remote code execution.

    The proof-of-concept shared by the researchers shows a script that automates the process: logging into WhatsApp, generating the malformed DNG, and sending the payload to a target phone number. This combination allows for a seamless and silent compromise of the targeted device.

    This zero-click RCE vulnerability poses a severe threat to users of WhatsApp on multiple Apple devices, including iPhones, Mac computers, and iPads.

    A successful exploit could grant an attacker complete control over a device, enabling them to access sensitive data, monitor communications, and deploy further malware. The stealthy nature of the attack means a device could be compromised without any visible indicators.

    The discovery highlights the ongoing security challenges associated with complex file formats and cross-platform messaging applications. Flaws in file parsers have historically been a common vector for RCE exploits, as they process untrusted external data.

    DarkNavyOrg has indicated that its analysis is ongoing, including a separate investigation into a Samsung-related vulnerability (CVE-2025-21043).

    For now, WhatsApp users are advised to ensure their applications and operating systems are always updated to the latest versions to receive security patches as soon as they become available. Both WhatsApp and Apple are expected to address these critical vulnerabilities in upcoming security updates.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • SUSE Rancher Vulnerabilities Let Attackers Lockout the Administrators Account

    ·

    , , ,

    A critical flaw in SUSE Rancher’s user management module allows privileged users to disrupt administrative access by modifying usernames of other accounts. 

    Tracked as CVE-2024-58260, this vulnerability affects Rancher Manager versions 2.9.0 through 2.12.1, enabling both username takeover and full lockout of the admin account. 

    Organizations running unsupported versions are urged to upgrade immediately or apply mitigations to prevent unauthorized disruption of cluster administration.

    Rancher RBAC Privilege Escalation

    Rancher’s RBAC system relies on unique usernames at login time, but fails to enforce immutability of this field after account creation.

    An attacker with update permissions on any user resource can send a crafted request to change the username field of a target account. 

    When the admin account is targeted, the attacker’s new, unique identifier takes precedence, and the original admin user can no longer authenticate.Example exploit request using Rancher’s API:

    SUSE Rancher Vulnerabilities

    This payload renames the admin account, rendering the genuine administrator unable to log in. The flaw also permits arbitrary renaming of any user, leading to user takeover by assigning a high-privilege username to a malicious account.

    Risk FactorsDetails
    Affected ProductsRancher Manager v2.9.0–v2.9.11 v2.10.0–v2.10.9v2.11.0–v2.11.5v2.12.0–v2.12.1
    Impact– Account lockout: prevents admin/UI login
    Exploit Prerequisites– Valid Rancher account with update permission on User API
    CVSS 3.1 Score7.6 (High)

    Mitigations

    SUSE Rancher has released patched versions that enforce server-side validation on the .username field. 

    Once set, usernames are immutable, preventing subsequent modification attempts. Affected versions and their patched counterparts include:

    • 2.12.0–2.12.1 → 2.12.2
    • 2.11.0–2.11.5 → 2.11.6
    • 2.10.0–2.10.9 → 2.10.10
    • 2.9.0–2.9.11 → 2.9.12

    To upgrade, run:

    SUSE Rancher Vulnerabilities

    For environments where immediate upgrading is not possible, administrators should audit RBAC policies to limit update permissions on user resources to only fully trusted operators. 

    Additionally, enable detailed audit logging to detect and respond to suspicious PUT /v3/users API calls.

    By addressing this high-severity issue, organizations protect the integrity of their Rancher UI and prevent potential denial-of-service against critical administrative accounts. 

    Continuous monitoring of global RBAC settings and prompt adoption of security patches remain essential best practices for securing container management platforms.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post SUSE Rancher Vulnerabilities Let Attackers Lockout the Administrators Account appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • ThreatBook Launches Best-of-Breed Advanced Threat Intelligence Solution

    ·

    Singapore, Singapore, September 29th, 2025, CyberNewsWire

    • Analyzing over 14 billion cyber-attack records daily, ThreatBook ATI is a global solution enriched with granular, local insights; and can offer organizations a truly APAC perspective.
    • Boasting low false positive rates, the solution is highly compatible with existing security stacks.
    • ThreatBook ATI provides actionable insights for threat detection and response, enabling organizations to accelerate their intelligence analysis, and make more informed decisions. 

    ThreatBook, a global leader in cyber threat intelligence, detection and response, today announced the worldwide launch[1] of ThreatBook Advanced Threat Intelligence (“ThreatBook ATI”).

    Spearheaded from its offices in Singapore and Hong Kong, the new service offers unique industry insights for threat intelligence platforms (TIPs), security operation centers (SOCs) and cybersecurity analysts globally.

    Of note, ThreatBook ATI is able to capture new, difficult-to-detect threats emanating from within Asia, where coverage from many global vendors remains limited. It is also able to better identify Western attackers targeting Asian organizations as well.

    ThreatBook ATI’s capabilities are particularly timely, with 34% of cyber-attacks worldwide taking place within the Asia Pacific[2] (APAC).

    A further noteworthy feature of ThreatBook ATI are its low false positive rates. ThreatBook’s proprietary intelligence collection systems, which operate globally and in real time, employs dozens of analysis engines to deeply mine enormous raw datasets.

    False positives are filtered through AI-based models, followed by cross-verification by professional security analysts. ATI also applies AI to classify and label threat reports, transforming unstructured intelligence into structured insights, and features a built-in assistant that can rapidly correlate data to answer analysts’ questions.

    This layered process ensures the intelligence remains highly accurate and reliable. Over 14 billion attack records are identified daily, including over 80 million malicious inbound internet protocols (IPs), more than six billion malware files, over 7,000 high risk vulnerabilities, and more than 600 zero-day vulnerabilities. 

    “With several billion attack records from all corners of the world analyzed daily, ThreatBook ATI is a truly global solution enriched with granular, local insights,” said Mr. Feng XUE, Chief Executive Officer of ThreatBook.“

    We are of the opinion that Asia Pacific-centric threat intelligence matters, as tactics, techniques, and procedures (TTPs), tooling, language, command and control (C&C) infrastructure, and targeting patterns differ by region – and ATI can offer organizations a truly APAC perspective.

    We have a track record of exclusive discovery when it comes to cybercriminals, including advanced persistent threat (APT) groups; and at the end of the day, local context quickens threat detection and reduces dwell time.”

    Integration with existing security stacks is key. Studies repeatedly find that a single unified platform, which provides a centralized view of cyber risks across the entire organization, is a priority for cybersecurity teams around the world[3].

    ThreatBook ATI is highly compatible with existing security stacks. Its output is available in both machine-readable and human-readable formats, making integration straight-forward.

    Customer access is hassle-free. For TIPs, ThreatBook ATI can be purchased through platform marketplaces, or can be integrated through feeds or application programming interfaces (APIs).

    For SOCs, ThreatBook ATI feeds integrate easily with security information and event management (SIEM) solutions, firewalls and other security tools. While for cybersecurity analysts, ThreatBook ATI is accessible globally via a web portal.

    “High quality threat intelligence enhances existing security tools, which often rely on vulnerable rule-based signals, making them more reliable and accurate, and leading to less false positives across the stack,” added Mr. Xue.

    “By providing actionable insights for threat detection and response, organizations are able to accelerate their intelligence analysis, and make more informed decisions to better manage today’s myriad of cyber risks.”

    ThreatBook ATI is a timely addition to the company’s acclaimed suite of cybersecurity solutions.

    Since 2015, thousands of enterprise organizations globally have placed their trust in Threatbook across the entire threat lifecycle — from detection to analysis, response and protection; all powered by the company’s proprietary intelligence core.

    In 2025 alone, leading analyst firms have recognized ThreatBook, featuring the company in Forrester’s Network Analysis And Visibility Solutions Landscape, Q2 2025 report, and the inaugural Gartner Magic Quadrant for Network Detection and Response (NDR).

    In both instances, ThreatBook was one of a limited number of vendors recognized.

    About ThreatBook

    ThreatBook is a global cybersecurity company specializing in advanced threat intelligence, detection, and response. Founded in 2015, ThreatBook equips enterprises, governments, and service providers with the clarity and context needed to defend against evolving digital risks.

    By combining artificial intelligence with deep threat intelligence, ThreatBook delivers real-time visibility, hyper-accurate detections, and early-warning insights against nation-state actors, cybercriminal groups, and emerging attack campaigns.

    With unique vantage points from across the Asia Pacific region and beyond, ThreatBook provides intelligence coverage that bridges Eastern and Western threat landscapes, offering an unmatched perspective for global defenders.

    ThreatBook: Act with Intelligence that Matters. To learn more, users can visit www.threatbook.io or follow them on LinkedIn.

    [1] ThreatBook ATI is not available in mainland China.

    [2] https://www.ibm.com/thought-leadership/institute-business-value/report/2025-threat-intelligence-index

    [3] https://www.msspalert.com/native/the-strategic-shift-toward-unified-cybersecurity-platforms

    Contact

    Belmont Communications on behalf of ThreatBook

    threatbook@belmontcomms.co

    The post ThreatBook Launches Best-of-Breed Advanced Threat Intelligence Solution appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • ThreatBook Launches Best-of-Breed Advanced Threat Intelligence Solution

    ·

    Singapore, Singapore, September 29th, 2025, CyberNewsWire ThreatBook, a global leader in cyber threat intelligence, detection and response, today announced the worldwide launch[1] of ThreatBook Advanced Threat Intelligence (“ThreatBook ATI”). Spearheaded from its offices in Singapore and Hong Kong, the new service offers unique industry insights for threat intelligence platforms (TIPs), security operation centers (SOCs) and […]

    The post ThreatBook Launches Best-of-Breed Advanced Threat Intelligence Solution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Exploit Weaponized Microsoft Teams Installer to Deploy Oyster Malware

    ·

    , , ,

    A sophisticated malvertising campaign has been targeting organizations through a weaponized Microsoft Teams installer that delivers the dangerous Oyster malware, according to a recent investigation by cybersecurity experts. The attack demonstrates an alarming evolution in threat actor tactics, combining SEO poisoning, certificate abuse, and living-off-the-land techniques to evade traditional security measures. The attack was first […]

    The post Hackers Exploit Weaponized Microsoft Teams Installer to Deploy Oyster Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Forensic-timeliner: A Windows Forensics Tool for DFIR Investigators

    ·

    , , , ,

    Forensic-Timeliner is a fast, open-source command-line tool designed to help digital forensics and incident response (DFIR) teams quickly build a unified timeline of Windows artifacts. By automatically collecting, filtering, and merging CSV output from popular triage tools, it creates a mini timeline that is ready for analysis in tools like Timeline Explorer or Excel, as […]

    The post Forensic-timeliner: A Windows Forensics Tool for DFIR Investigators appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶