Velociraptor incident response tool abused for remote access
This approach represents an evolution from threat actors abusing remote monitoring and management tools
Similar Posts
Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack
Bys sZack Whittaker reports: U.S. insurance giant Allianz Life has confirmed to TechCrunch that hackers stole the personal information of the “majority” of its customers, financial professionals, and employees during a mid-July data breach. The company disclosed the data breach on Saturday in a legally required filing with Maine’s attorney general, but did not immediately provide a number…
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
Bys sIvanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems. “A stack-based buffer overflow in…
Sensitive data was leaked in 2024 Highline Public Schools ransomware attack
Bys sCaitlyn Freeman reports: Personal information including Social Security numbers was compromised during the ransomware attack that hit Highline Public Schools in September, officials announced Wednesday. School officials noticed malicious activity on its servers Sept. 7. The district closed schools for two days after the attack, which was later labeled a ransomware attack. After a nearly five-month investigation, officials…
Co-op hackers boast of ‘stealing 20 million customers’ data’ – as retailer admits impacts of ‘significant’ attack
Bys sJacob Paul reports: The cyber attackers allegedly behind a hack on the Co-op have bragged about vast scale of their attack, forcing the supermarket chain to row back on claims it suffered a “small impact”. DragonForce, the criminal group claiming responsibility, has alleged it managed to infiltrate IT networks and steal 20 million customer’s data….
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection
Bys sThreat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could…
New evidence links long-running hacking group to Indian government
Bys sDaryna Antoniuk reports: Researchers say they have uncovered new evidence linking a long-running threat actor known as Bitter to the Indian government…. In a two-part report released this week, researchers from U.S.-based Proofpoint and Switzerland-based Threatray said their new findings are based on a series of campaigns conducted between October 2024 and April 2025. During this period, Bitter —…