GOLD SALEM tradecraft for deploying Warlock ransomware
Analysis of the tradecraft evolution across 6 months and 11 incidents
Similar Posts
Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
Bys sApple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question are listed below – CVE-2025-24085 (CVSS score: 7.3) – A use-after-free bug in the Core Media component that could permit a malicious application already…
Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers
Bys sPalo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. “Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as…
SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats
Bys sA European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025. The activity “reveals a notable evolution in SideWinder’s TTPs, particularly the adoption of…
UK data centres, hospitals, and energy companies targeted by new cybersecurity laws
Bys sGeorgia Sweeting reports: The UK government has announced the full scope of its upcoming Cyber Security and Resilience Bill, which aims to strengthen the country’s digital defences and reduce the growing risks posed by cyber threats. Set to be introduced later this year, the bill will place tougher cybersecurity requirements on organisations that provide essential services,…
Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands
Bys sThe threat actor known as Bitter has been assessed to be a state-backed hacking group that’s tasked with gathering intelligence that aligns with the interests of the Indian government. That’s according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis. “Their diverse toolset shows consistent coding patterns across malware families,…
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation
Bys sCybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. “Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps,” Imperva researcher Daniel Johnston said in an analysis. “These…