Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream
Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365.
Similar Posts
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Bys sThreat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql….
Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs
Bys sThe China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. “The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor,” IBM X-Force researchers Golo Mühr and Joshua Chung said in an analysis…
North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets
Bys sThreat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. “Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be…
Japan Airlines Was Hit by a Cyberattack, Delaying Flights During the Year-End Holiday Season
Japan Airlines was hit by a cyberattack, causing delays to more than 20 domestic flights, but there was no threat to flight safety. The post Japan Airlines Was Hit by a Cyberattack, Delaying Flights During the Year-End Holiday Season appeared first on SecurityWeek.
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
Bys sIntentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they…
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Bys sRedis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. “An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger…