Overview
- owasp-modsecurity
- ModSecurity
Description
Statistics
- 1 Post
Fediverse

CVE-2025-52891: New ModSecurity2 Bug Exposes Servers to DoS via Empty XML Tags
A Subtle but Dangerous XML Parsing Flaw A newly discovered vulnerability in ModSecurity2, a widely adopted open-source web application firewall (WAF), has raised concerns among developers and cybersecurity professionals. Tracked as CVE-2025-52891, the flaw affects versions 2.9.8 through 2.9.10 and has been rated as moderate severity. This issue can cause the WAF process to crash whenever…
Overview
- GFI Software
- Kerio Control
Description
Statistics
- 1 Post
Fediverse

⚠️ CRITICAL: CVE-2025-34071 in Kerio Control 9.4.5 lets admins upload unsigned firmware, executing code as root. Restrict admin access, monitor uploads, and await patch. High risk for perimeter devices! https://radar.offseq.com/threat/cve-2025-34071-cwe-306-missing-authentication-for--6351caa6 #OffSeq #Vuln #KerioControl #Infosec
Overview
- Apache Software Foundation
- Apache Seata (incubating)
Description
Statistics
- 1 Post
Fediverse

Critical Apache Seata Vulnerability CVE-2025-32897 Exposes Distributed Systems to RCE Attacks
Rising Threat in Distributed Transaction Systems A serious security flaw, CVE-2025-32897, has been discovered in Apache Seata, a popular open-source framework used for managing distributed transactions across microservices and cloud-native systems. This newly uncovered vulnerability highlights a deserialization weakness that opens the door to remote code execution (RCE) — a…
Overview
Description
Statistics
- 1 Post
- 5 Interactions
Fediverse

Oh, goodie. Another botnet. This one is exploiting CVE-2024-3721 and CVE-2024-12856 in DVRs and routers to launch DDoS attacks.
https://www.fortinet.com/blog/threat-research/rondobox-unveiled-breaking-down-a-botnet-threat
IOCs
Hosts
45[.]135[.]194[.]34
83[.]150[.]218[.]93
14[.]103[.]145[.]202
14[.]103[.]145[.]211
154[.]91[.]254[.]95
78[.]153[.]149[.]90Files
Downloader
c88f60dbae08519f2f81bb8efa7e6016c6770e66e58d77ab6384069a515e451c
eb3e2a6a50f029fc646e2c3483157ab112f4f017406c3aabedaae0c94e0969f6
f4cd7ab04b1744babef19d147124bfc0e9e90d557408cc2d652d7192df61bda9RondoDox
e3c080e322862d065649c468d20f620c3670d841c30c3fe5385e37f4f10172e7
e62df17150fcb7fea32ff459ef47cdd452a21269efe9252bde70377fd2717c10
53e2c2d83813d1284ddb8c68b1572b17cca95cfc36a55a7517bf45ff40828be5
43d4847bf237c445ed2e846a106e1f55abefef5c3a8545bd5e4cad20f5deb9a4
4c2429fc8b8ec61da41cbba1b8184ec45fa93a9841b4ca48094bba7741b826b8
694d729d67f1b0c06702490bfab1df3a96fe040fe5d07efa5c92356c329757be
edae3b75deb8013bd48ac4534cca345b90938a2abb91672467c2bf9ae81ff683
0814a0781ab30fca069a085dba201d6fd0f414498fafa4bb42859786d91d4781
59b4deee977e9e27b60e7e179d54a1ce8e56624e73b799523416eee828bfaf76
9f916a552efc6775367a31357a633dc0be01879830d3fddccdf3c40b26e50afd
0a9ebbecc8ec58c253039520304ca373cfb8d1674d67993e6485e244a77d6ec9
6c81fd73b4bef6fef379cbefdcce7f374ea7e6bf1bf0917cf4ca7b72d4cee788
a55a3859a203ca2bae7399295f92aeae61d845ffa173c1938f938f5c148eef99
57573779f9a62eecb80737d41d42165af8bb9884579c50736766abb63d2835ba
3daa53204978b7797bd53f5c964eed7a73d971517a764785ce3ab65a9423c2e7
8bf8928bc255e73e0b5b0ce13747c64d82d5f2647da129f189138773733ac21f
20a24b179bdbbdcc0053838c0484ea25eff6976f2b8cb5630ab4efb28b0f06b5
42aa715573c7d2fca01914504cb7336db715d73d1e20d23e4bd37f2e4f4fe389
c9278ce988343606350a94156ca28ee28bd605d1d95c810a16866eee1f997598
a197f60d5f5641f2c56576b4c867d141612c6e00db29c512f266835510b8a62d
8250d289c5ec87752cec1af31eed0347cf2dd54dc0fbeea645319c4dae238ee2
d02414a54e97ad26748812002610f1491a2a746e9ba0f9d05de3d47d7bab4f5e
c123a91fdacd9a4c0bcf800d6b7db5162cfd11cb71e260647ef0f2c60978ebfc
ef708fec1afbea4fb32b586e0dacf0d228c375a532008d81453c367256afea5a
305507f34c14c72cab35715b7f7b25b32352a8e19b8a283003aaf539d12ca517
937e6ab0dfcedfa23eced7b52d3899b0847df3fcb7a9c326b71027a7ab5f5b93
cc: @Dio9sys @da_667 since this seems like the kind of thing you might want to sig / tag.
Overview
- Four-Faith
- F3x24
Description
Statistics
- 1 Post
- 5 Interactions
Fediverse

Oh, goodie. Another botnet. This one is exploiting CVE-2024-3721 and CVE-2024-12856 in DVRs and routers to launch DDoS attacks.
https://www.fortinet.com/blog/threat-research/rondobox-unveiled-breaking-down-a-botnet-threat
IOCs
Hosts
45[.]135[.]194[.]34
83[.]150[.]218[.]93
14[.]103[.]145[.]202
14[.]103[.]145[.]211
154[.]91[.]254[.]95
78[.]153[.]149[.]90Files
Downloader
c88f60dbae08519f2f81bb8efa7e6016c6770e66e58d77ab6384069a515e451c
eb3e2a6a50f029fc646e2c3483157ab112f4f017406c3aabedaae0c94e0969f6
f4cd7ab04b1744babef19d147124bfc0e9e90d557408cc2d652d7192df61bda9RondoDox
e3c080e322862d065649c468d20f620c3670d841c30c3fe5385e37f4f10172e7
e62df17150fcb7fea32ff459ef47cdd452a21269efe9252bde70377fd2717c10
53e2c2d83813d1284ddb8c68b1572b17cca95cfc36a55a7517bf45ff40828be5
43d4847bf237c445ed2e846a106e1f55abefef5c3a8545bd5e4cad20f5deb9a4
4c2429fc8b8ec61da41cbba1b8184ec45fa93a9841b4ca48094bba7741b826b8
694d729d67f1b0c06702490bfab1df3a96fe040fe5d07efa5c92356c329757be
edae3b75deb8013bd48ac4534cca345b90938a2abb91672467c2bf9ae81ff683
0814a0781ab30fca069a085dba201d6fd0f414498fafa4bb42859786d91d4781
59b4deee977e9e27b60e7e179d54a1ce8e56624e73b799523416eee828bfaf76
9f916a552efc6775367a31357a633dc0be01879830d3fddccdf3c40b26e50afd
0a9ebbecc8ec58c253039520304ca373cfb8d1674d67993e6485e244a77d6ec9
6c81fd73b4bef6fef379cbefdcce7f374ea7e6bf1bf0917cf4ca7b72d4cee788
a55a3859a203ca2bae7399295f92aeae61d845ffa173c1938f938f5c148eef99
57573779f9a62eecb80737d41d42165af8bb9884579c50736766abb63d2835ba
3daa53204978b7797bd53f5c964eed7a73d971517a764785ce3ab65a9423c2e7
8bf8928bc255e73e0b5b0ce13747c64d82d5f2647da129f189138773733ac21f
20a24b179bdbbdcc0053838c0484ea25eff6976f2b8cb5630ab4efb28b0f06b5
42aa715573c7d2fca01914504cb7336db715d73d1e20d23e4bd37f2e4f4fe389
c9278ce988343606350a94156ca28ee28bd605d1d95c810a16866eee1f997598
a197f60d5f5641f2c56576b4c867d141612c6e00db29c512f266835510b8a62d
8250d289c5ec87752cec1af31eed0347cf2dd54dc0fbeea645319c4dae238ee2
d02414a54e97ad26748812002610f1491a2a746e9ba0f9d05de3d47d7bab4f5e
c123a91fdacd9a4c0bcf800d6b7db5162cfd11cb71e260647ef0f2c60978ebfc
ef708fec1afbea4fb32b586e0dacf0d228c375a532008d81453c367256afea5a
305507f34c14c72cab35715b7f7b25b32352a8e19b8a283003aaf539d12ca517
937e6ab0dfcedfa23eced7b52d3899b0847df3fcb7a9c326b71027a7ab5f5b93
cc: @Dio9sys @da_667 since this seems like the kind of thing you might want to sig / tag.
Overview
- Apache Software Foundation
- Apache Camel
- org.apache.camel:camel
Description
Statistics
- 2 Posts
- 4 Interactions
Fediverse

Unit42 has a good write-up on some ITW Tomcat and Camel shenanigans exploiting CVE-2025-24813, CVE-2025-27636, and CVE-2025-29891. IOCs in the post.
But does anyone know if this is a typo by the article or if there are actual files with the .sesson
extension? Seems like a good indicator to search on if it's not a typo.
As noted in our earlier analysis, exploits for CVE-2025-24813 use a name appended by
.sesson
in the initial HTTP request. This.session
file contains the code the vulnerable host will run if an exploit is successful.
Edit: Confirmed typo per this response: https://infosec.exchange/@0xThiebaut/114789994690646411
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟑 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥
𝐍𝐞𝐰𝐬:
1. Microsoft to Lay Off 9,000 Employees, Affecting 4% of Workforce
2. Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims
3. UK charity bank branded a 'disaster' after platform migration goes wrong
https://www.theregister.com/2025/07/03/uk_charity_bank_migration_disaster/
4. Police warn of SMS scams following prison sentence for criminal who conducted smishing campaign
5. Large Language Models (LLMs) Are Falling for Phishing Scams: What Happens When AI Gives You the Wrong URL?
https://www.netcraft.com/blog/large-language-models-are-falling-for-phishing-scams
6. Russia’s Cyber Warriors Assail NATO-Linked Private Companies
https://cepa.org/article/russias-cyber-warriors-assail-nato-linked-private-companies/
7. US probes negotiator suspected of taking crypto ransomware money
https://cointelegraph.com/news/digitalmint-employee-under-investigation-by-us-justice-department
8. Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
9. Spain arrests hackers who targeted politicians and journalists
https://policia.es/_es/comunicacion_prensa_detalle.php?ID=16602
10. A third of organisations take more than 90 days to remediate threats
---
𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:
1. Irish Eyecare software firm Ocuco investigating cyber-attack
https://thecurrency.news/articles/194653/eyecare-software-firm-ocuco-investigating-cyber-attack/
---
𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:
1. Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
2. Snake Keyloggers Exploit Java Tools to Bypass Security – Active IOCs
3. Who are DragonForce Ransomware Group?
https://www.bridewell.com/insights/blogs/detail/who-are-dragonforce-ransomware-group
4. Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign Using Thousands of Websites to Spoof Popular Retail Brands
5. Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
https://www.wiz.io/blog/exposed-jdwp-exploited-in-the-wild
6. Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools
7. North Korean APT Kimsuky aka Black Banshee – Active IOCs
https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-52
8. DarkTortilla Malware – Active IOCs
https://rewterz.com/threat-advisory/darktortilla-malware-active-iocs-2
---
𝐀𝐏𝐓 𝐈𝐎𝐂𝐬:
1. Lazarus: Source VT
yourdomainhost[.]store
api[.]yourdomainhost[.]store
2. Kimsuky: Source Validin
Accounts-mysticete[.]servepics[.]com
freedrive[.]servehttp[.]com
login-accounts[.]servehttp[.]com
myaccounts-profile[.]servehttp[.]com
mydocs[.]onthewifi[.]com
securedrive-mofa[.]servehttp[.]com
translate[.]onthewifi[.]com
undocs[.]ddns[.]net
undocs[.]myvnc[.]com
undocs[.]servehttp[.]com
---
𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐅𝐈𝐑 / 𝐌𝐚𝐥𝐰𝐚𝐫𝐞:
1. Automating macOS Incident Response: DFIR-as-Code in Action Against AppleProcessHub
2. Using Staging Folders For Threat Hunting
https://www.knowyouradversary.ru/2025/07/183-using-staging-folders-for-threat.html
3. PDFs: Portable documents, or perfect deliveries for phish?
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/
4. EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
5. Yet another ZIP trick
https://hackarcana.com/article/yet-another-zip-trick
6. Malware development trick 48: leveraging Office macros for malware. Simple VBA example.
https://cocomelonc.github.io/malware/2025/07/01/malware-tricks-48.html
7. Hijacked by a Text: Understanding and Preventing SIM Swapping Attack
https://www.bitsight.com/blog/what-is-sim-swapping
8. CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries
9. DanaBot Lab Analysis
https://omer-secure.medium.com/danabot-lab-analysis-7dbaa179f3e4
10. ClickFix Campaign: How Clipboard Injection Leads to RAT Infection (Part 1)
11. Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules
https://any.run/cybersecurity-blog/release-notes-june-2025/
12. Inside Android Malware Development: Building a C2 Exfiltrator from the UI to the Network
---
𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:
1. Pro-Russian hacktivism: Shifting alliances, new groups and risks
https://intel471.com/blog/pro-russian-hacktivism-shifting-alliances-new-groups-and-risks
2. Insider Risk Lessons from the DPRK IT Worker Crackdown
https://www.dtexsystems.com/blog/insider-risk-lessons-from-dprk-crackdown/
3. Calling Out Russia: France’s Shift on Public Attribution
https://warontherocks.com/2025/07/calling-out-russia-frances-shift-on-public-attribution/
4. Outsourced Trust: How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reco.ai/blog/coinbase-breach
---
Overview
- Apache Software Foundation
- Apache Camel
- org.apache.camel:camel
Description
Statistics
- 2 Posts
- 4 Interactions
Fediverse

Unit42 has a good write-up on some ITW Tomcat and Camel shenanigans exploiting CVE-2025-24813, CVE-2025-27636, and CVE-2025-29891. IOCs in the post.
But does anyone know if this is a typo by the article or if there are actual files with the .sesson
extension? Seems like a good indicator to search on if it's not a typo.
As noted in our earlier analysis, exploits for CVE-2025-24813 use a name appended by
.sesson
in the initial HTTP request. This.session
file contains the code the vulnerable host will run if an exploit is successful.
Edit: Confirmed typo per this response: https://infosec.exchange/@0xThiebaut/114789994690646411
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟑 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥
𝐍𝐞𝐰𝐬:
1. Microsoft to Lay Off 9,000 Employees, Affecting 4% of Workforce
2. Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims
3. UK charity bank branded a 'disaster' after platform migration goes wrong
https://www.theregister.com/2025/07/03/uk_charity_bank_migration_disaster/
4. Police warn of SMS scams following prison sentence for criminal who conducted smishing campaign
5. Large Language Models (LLMs) Are Falling for Phishing Scams: What Happens When AI Gives You the Wrong URL?
https://www.netcraft.com/blog/large-language-models-are-falling-for-phishing-scams
6. Russia’s Cyber Warriors Assail NATO-Linked Private Companies
https://cepa.org/article/russias-cyber-warriors-assail-nato-linked-private-companies/
7. US probes negotiator suspected of taking crypto ransomware money
https://cointelegraph.com/news/digitalmint-employee-under-investigation-by-us-justice-department
8. Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
9. Spain arrests hackers who targeted politicians and journalists
https://policia.es/_es/comunicacion_prensa_detalle.php?ID=16602
10. A third of organisations take more than 90 days to remediate threats
---
𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:
1. Irish Eyecare software firm Ocuco investigating cyber-attack
https://thecurrency.news/articles/194653/eyecare-software-firm-ocuco-investigating-cyber-attack/
---
𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:
1. Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
2. Snake Keyloggers Exploit Java Tools to Bypass Security – Active IOCs
3. Who are DragonForce Ransomware Group?
https://www.bridewell.com/insights/blogs/detail/who-are-dragonforce-ransomware-group
4. Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign Using Thousands of Websites to Spoof Popular Retail Brands
5. Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
https://www.wiz.io/blog/exposed-jdwp-exploited-in-the-wild
6. Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools
7. North Korean APT Kimsuky aka Black Banshee – Active IOCs
https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-52
8. DarkTortilla Malware – Active IOCs
https://rewterz.com/threat-advisory/darktortilla-malware-active-iocs-2
---
𝐀𝐏𝐓 𝐈𝐎𝐂𝐬:
1. Lazarus: Source VT
yourdomainhost[.]store
api[.]yourdomainhost[.]store
2. Kimsuky: Source Validin
Accounts-mysticete[.]servepics[.]com
freedrive[.]servehttp[.]com
login-accounts[.]servehttp[.]com
myaccounts-profile[.]servehttp[.]com
mydocs[.]onthewifi[.]com
securedrive-mofa[.]servehttp[.]com
translate[.]onthewifi[.]com
undocs[.]ddns[.]net
undocs[.]myvnc[.]com
undocs[.]servehttp[.]com
---
𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐅𝐈𝐑 / 𝐌𝐚𝐥𝐰𝐚𝐫𝐞:
1. Automating macOS Incident Response: DFIR-as-Code in Action Against AppleProcessHub
2. Using Staging Folders For Threat Hunting
https://www.knowyouradversary.ru/2025/07/183-using-staging-folders-for-threat.html
3. PDFs: Portable documents, or perfect deliveries for phish?
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/
4. EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
5. Yet another ZIP trick
https://hackarcana.com/article/yet-another-zip-trick
6. Malware development trick 48: leveraging Office macros for malware. Simple VBA example.
https://cocomelonc.github.io/malware/2025/07/01/malware-tricks-48.html
7. Hijacked by a Text: Understanding and Preventing SIM Swapping Attack
https://www.bitsight.com/blog/what-is-sim-swapping
8. CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries
9. DanaBot Lab Analysis
https://omer-secure.medium.com/danabot-lab-analysis-7dbaa179f3e4
10. ClickFix Campaign: How Clipboard Injection Leads to RAT Infection (Part 1)
11. Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules
https://any.run/cybersecurity-blog/release-notes-june-2025/
12. Inside Android Malware Development: Building a C2 Exfiltrator from the UI to the Network
---
𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:
1. Pro-Russian hacktivism: Shifting alliances, new groups and risks
https://intel471.com/blog/pro-russian-hacktivism-shifting-alliances-new-groups-and-risks
2. Insider Risk Lessons from the DPRK IT Worker Crackdown
https://www.dtexsystems.com/blog/insider-risk-lessons-from-dprk-crackdown/
3. Calling Out Russia: France’s Shift on Public Attribution
https://warontherocks.com/2025/07/calling-out-russia-frances-shift-on-public-attribution/
4. Outsourced Trust: How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reco.ai/blog/coinbase-breach
---
Overview
Description
Statistics
- 2 Posts
- 4 Interactions
Fediverse

Unit42 has a good write-up on some ITW Tomcat and Camel shenanigans exploiting CVE-2025-24813, CVE-2025-27636, and CVE-2025-29891. IOCs in the post.
But does anyone know if this is a typo by the article or if there are actual files with the .sesson
extension? Seems like a good indicator to search on if it's not a typo.
As noted in our earlier analysis, exploits for CVE-2025-24813 use a name appended by
.sesson
in the initial HTTP request. This.session
file contains the code the vulnerable host will run if an exploit is successful.
Edit: Confirmed typo per this response: https://infosec.exchange/@0xThiebaut/114789994690646411
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟑 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥
𝐍𝐞𝐰𝐬:
1. Microsoft to Lay Off 9,000 Employees, Affecting 4% of Workforce
2. Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims
3. UK charity bank branded a 'disaster' after platform migration goes wrong
https://www.theregister.com/2025/07/03/uk_charity_bank_migration_disaster/
4. Police warn of SMS scams following prison sentence for criminal who conducted smishing campaign
5. Large Language Models (LLMs) Are Falling for Phishing Scams: What Happens When AI Gives You the Wrong URL?
https://www.netcraft.com/blog/large-language-models-are-falling-for-phishing-scams
6. Russia’s Cyber Warriors Assail NATO-Linked Private Companies
https://cepa.org/article/russias-cyber-warriors-assail-nato-linked-private-companies/
7. US probes negotiator suspected of taking crypto ransomware money
https://cointelegraph.com/news/digitalmint-employee-under-investigation-by-us-justice-department
8. Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
9. Spain arrests hackers who targeted politicians and journalists
https://policia.es/_es/comunicacion_prensa_detalle.php?ID=16602
10. A third of organisations take more than 90 days to remediate threats
---
𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:
1. Irish Eyecare software firm Ocuco investigating cyber-attack
https://thecurrency.news/articles/194653/eyecare-software-firm-ocuco-investigating-cyber-attack/
---
𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:
1. Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
2. Snake Keyloggers Exploit Java Tools to Bypass Security – Active IOCs
3. Who are DragonForce Ransomware Group?
https://www.bridewell.com/insights/blogs/detail/who-are-dragonforce-ransomware-group
4. Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign Using Thousands of Websites to Spoof Popular Retail Brands
5. Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
https://www.wiz.io/blog/exposed-jdwp-exploited-in-the-wild
6. Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools
7. North Korean APT Kimsuky aka Black Banshee – Active IOCs
https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-52
8. DarkTortilla Malware – Active IOCs
https://rewterz.com/threat-advisory/darktortilla-malware-active-iocs-2
---
𝐀𝐏𝐓 𝐈𝐎𝐂𝐬:
1. Lazarus: Source VT
yourdomainhost[.]store
api[.]yourdomainhost[.]store
2. Kimsuky: Source Validin
Accounts-mysticete[.]servepics[.]com
freedrive[.]servehttp[.]com
login-accounts[.]servehttp[.]com
myaccounts-profile[.]servehttp[.]com
mydocs[.]onthewifi[.]com
securedrive-mofa[.]servehttp[.]com
translate[.]onthewifi[.]com
undocs[.]ddns[.]net
undocs[.]myvnc[.]com
undocs[.]servehttp[.]com
---
𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐅𝐈𝐑 / 𝐌𝐚𝐥𝐰𝐚𝐫𝐞:
1. Automating macOS Incident Response: DFIR-as-Code in Action Against AppleProcessHub
2. Using Staging Folders For Threat Hunting
https://www.knowyouradversary.ru/2025/07/183-using-staging-folders-for-threat.html
3. PDFs: Portable documents, or perfect deliveries for phish?
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/
4. EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
5. Yet another ZIP trick
https://hackarcana.com/article/yet-another-zip-trick
6. Malware development trick 48: leveraging Office macros for malware. Simple VBA example.
https://cocomelonc.github.io/malware/2025/07/01/malware-tricks-48.html
7. Hijacked by a Text: Understanding and Preventing SIM Swapping Attack
https://www.bitsight.com/blog/what-is-sim-swapping
8. CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries
9. DanaBot Lab Analysis
https://omer-secure.medium.com/danabot-lab-analysis-7dbaa179f3e4
10. ClickFix Campaign: How Clipboard Injection Leads to RAT Infection (Part 1)
11. Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules
https://any.run/cybersecurity-blog/release-notes-june-2025/
12. Inside Android Malware Development: Building a C2 Exfiltrator from the UI to the Network
---
𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:
1. Pro-Russian hacktivism: Shifting alliances, new groups and risks
https://intel471.com/blog/pro-russian-hacktivism-shifting-alliances-new-groups-and-risks
2. Insider Risk Lessons from the DPRK IT Worker Crackdown
https://www.dtexsystems.com/blog/insider-risk-lessons-from-dprk-crackdown/
3. Calling Out Russia: France’s Shift on Public Attribution
https://warontherocks.com/2025/07/calling-out-russia-frances-shift-on-public-attribution/
4. Outsourced Trust: How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reco.ai/blog/coinbase-breach
---
Overview
- Akamai
- CloudTest
Description
Statistics
- 1 Post
Fediverse

Cisco alerta sobre credenciales SSH inseguras y una vulnerabilidad crítica en Unified CM que permite acceso root. Además, un incremento preocupante del malware LNK en Windows, problemas de inicio de sesión en Citrix tras parches, y un criminal condenado por smishing resaltan la necesidad de mantener la seguridad actualizada. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:
🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 03/07/25 📆 |====
🔒 CISCO ADVIERTE SOBRE CREDENCIALES SSH INSEGURAS
Cisco ha identificado y eliminado una cuenta de puerta trasera en su Administrador de Comunicaciones Unificadas (Unified CM). Esta vulnerabilidad podría haber permitido a atacantes remotos acceder a dispositivos no actualizados con privilegios de root, lo que representa un grave riesgo de seguridad. No te arriesgues, infórmate sobre cómo proteger tu sistema. 👉 https://djar.co/56baTT
📷 ANALIZANDO VULNERABILIDAD EN WHATSAPP
Investigadores de IBM han profundizado en la vulnerabilidad CVE-2019-11932 relacionada con WhatsApp, afectando a una biblioteca de procesamiento de imágenes utilizada por la aplicación. Esta vulnerabilidad podría permitir ataques en dispositivos Android a través de archivos GIF manipulados. Descubre los detalles para mantener tus aplicaciones seguras. 👉 https://djar.co/mnNT
🦠 AUMENTO EN EL USO DE MALWARE LNK EN WINDOWS
Un nuevo informe revela un crecimiento alarmante en el uso del malware de acceso directo (LNK) en sistemas Windows. Este tipo de ataque aprovecha archivos LNK para introducir malware en las máquinas. Aprende a reconocer y prevenir estas amenazas emergentes para proteger mejor tu entorno digital. 👉 https://djar.co/0QjsAe
⚠️ VULNERABILIDAD CRÍTICA EN CISCO UNIFIED CM
La vulnerabilidad CVE-2025-20309 en Cisco Unified CM puede otorgar acceso root a atacantes, permitiendo la ejecución arbitraria de comandos en el sistema. Es crucial que los administradores de red tomen acciones inmediatas para mitigar este riesgo. Obtén más información sobre cómo defenderte de esta amenaza. 👉 https://djar.co/0NDwaw
🌐 EXPLOTACIÓN DE VULNERABILIDAD XXE EN AKAMAI
Explora cómo se descubrió y explotó una vulnerabilidad de Inyección de Entidad Externa XML (CVE-2025-49493) en Akamai CloudTest, una aplicación utilizada ampliamente. Conoce los métodos de ataque y refuerza tus estrategias de seguridad para prevenir incidentes similares. 👉 https://djar.co/t5Ovo
🔑 CITRIX Y PROBLEMAS DE INICIO DE SESIÓN TRAS PARCHES
Citrix alerta sobre problemas de inicio de sesión en dispositivos NetScaler ADC y Gateway tras aplicar parches a vulnerabilidades que podrían ser explotadas para eludir la autenticación. Es vital que las organizaciones estén atentas a estos cambios para garantizar el acceso seguro a sus sistemas. Más detalles sobre la situación actual: 👉 https://djar.co/zw9E
👮 CONDENADO POR CAMPAÑA MASIVA DE SMISHING
Un criminal ha sido sentenciado a más de un año de prisión por operar un Blaster SMS, llevando a cabo una campaña masiva de smishing. Este caso es un recordatorio sobre la importancia de educar a los usuarios para evitar caer en fraudes que buscan robar información personal. Aprende cómo protegerte de estas estafas. 👉 https://djar.co/7yX8Oo
Overview
- modelcontextprotocol
- servers
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟑 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥
𝐍𝐞𝐰𝐬:
1. Microsoft to Lay Off 9,000 Employees, Affecting 4% of Workforce
2. Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims
3. UK charity bank branded a 'disaster' after platform migration goes wrong
https://www.theregister.com/2025/07/03/uk_charity_bank_migration_disaster/
4. Police warn of SMS scams following prison sentence for criminal who conducted smishing campaign
5. Large Language Models (LLMs) Are Falling for Phishing Scams: What Happens When AI Gives You the Wrong URL?
https://www.netcraft.com/blog/large-language-models-are-falling-for-phishing-scams
6. Russia’s Cyber Warriors Assail NATO-Linked Private Companies
https://cepa.org/article/russias-cyber-warriors-assail-nato-linked-private-companies/
7. US probes negotiator suspected of taking crypto ransomware money
https://cointelegraph.com/news/digitalmint-employee-under-investigation-by-us-justice-department
8. Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
9. Spain arrests hackers who targeted politicians and journalists
https://policia.es/_es/comunicacion_prensa_detalle.php?ID=16602
10. A third of organisations take more than 90 days to remediate threats
---
𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:
1. Irish Eyecare software firm Ocuco investigating cyber-attack
https://thecurrency.news/articles/194653/eyecare-software-firm-ocuco-investigating-cyber-attack/
---
𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:
1. Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
2. Snake Keyloggers Exploit Java Tools to Bypass Security – Active IOCs
3. Who are DragonForce Ransomware Group?
https://www.bridewell.com/insights/blogs/detail/who-are-dragonforce-ransomware-group
4. Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign Using Thousands of Websites to Spoof Popular Retail Brands
5. Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
https://www.wiz.io/blog/exposed-jdwp-exploited-in-the-wild
6. Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools
7. North Korean APT Kimsuky aka Black Banshee – Active IOCs
https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-52
8. DarkTortilla Malware – Active IOCs
https://rewterz.com/threat-advisory/darktortilla-malware-active-iocs-2
---
𝐀𝐏𝐓 𝐈𝐎𝐂𝐬:
1. Lazarus: Source VT
yourdomainhost[.]store
api[.]yourdomainhost[.]store
2. Kimsuky: Source Validin
Accounts-mysticete[.]servepics[.]com
freedrive[.]servehttp[.]com
login-accounts[.]servehttp[.]com
myaccounts-profile[.]servehttp[.]com
mydocs[.]onthewifi[.]com
securedrive-mofa[.]servehttp[.]com
translate[.]onthewifi[.]com
undocs[.]ddns[.]net
undocs[.]myvnc[.]com
undocs[.]servehttp[.]com
---
𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐅𝐈𝐑 / 𝐌𝐚𝐥𝐰𝐚𝐫𝐞:
1. Automating macOS Incident Response: DFIR-as-Code in Action Against AppleProcessHub
2. Using Staging Folders For Threat Hunting
https://www.knowyouradversary.ru/2025/07/183-using-staging-folders-for-threat.html
3. PDFs: Portable documents, or perfect deliveries for phish?
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/
4. EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
5. Yet another ZIP trick
https://hackarcana.com/article/yet-another-zip-trick
6. Malware development trick 48: leveraging Office macros for malware. Simple VBA example.
https://cocomelonc.github.io/malware/2025/07/01/malware-tricks-48.html
7. Hijacked by a Text: Understanding and Preventing SIM Swapping Attack
https://www.bitsight.com/blog/what-is-sim-swapping
8. CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries
9. DanaBot Lab Analysis
https://omer-secure.medium.com/danabot-lab-analysis-7dbaa179f3e4
10. ClickFix Campaign: How Clipboard Injection Leads to RAT Infection (Part 1)
11. Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules
https://any.run/cybersecurity-blog/release-notes-june-2025/
12. Inside Android Malware Development: Building a C2 Exfiltrator from the UI to the Network
---
𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:
1. Pro-Russian hacktivism: Shifting alliances, new groups and risks
https://intel471.com/blog/pro-russian-hacktivism-shifting-alliances-new-groups-and-risks
2. Insider Risk Lessons from the DPRK IT Worker Crackdown
https://www.dtexsystems.com/blog/insider-risk-lessons-from-dprk-crackdown/
3. Calling Out Russia: France’s Shift on Public Attribution
https://warontherocks.com/2025/07/calling-out-russia-frances-shift-on-public-attribution/
4. Outsourced Trust: How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reco.ai/blog/coinbase-breach
---