Access Archives - Ady DeeJay

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

April 26, 2025

by Ady DeeJay

Comments (0)

Apr 26, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning

Cyble Discovers Cyberattack Using VSCode For Remote Access

October 2, 2024

by Ady DeeJay

Comments (0)

Cyble Research and Intelligence Lab (CRIL) researchers have uncovered a sophisticated campaign that starts with a suspicious .LNK file and uses Visual Studio Code (VSCode) to establish persistence and remote access – and installs the VSCode command line interface (CLI) if VSCode isn’t found on the victim machine. The attack

Ransomware Gangs Exploit ESXi Vulnerability for Admin Access

August 1, 2024

by Ady DeeJay

Comments (0)

Security experts are raising alarms about a newly patched VMware ESXi hypervisor vulnerability that is being actively exploited by prominent ransomware groups. CVE-2024-37085, despite its 6.8 CVSS rating, has been leveraged by ransomware gangs such as Black Basta, Akira, Medusa, and Octo Tempest/Scattered Spider as a post-compromise technique. This vulnerability

January 3, 2024

by Ady DeeJay

Comments (0)

Jan 03, 2024NewsroomMalware / Data Theft Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling

Instant Access to Everything You’ll Ever Need to Know About Any Domain – WordPress.com News

November 2, 2023

by Ady DeeJay

Comments (0)

Site Profiler is a new, ad-free way to track down the details of any domain, from WHOIS to hosting provider. vishnugopal Site Profiler is a fast, accurate, and ad-free tool designed to provide WHOIS and hosting information about any domain. Whether you’re a domain owner or just curious about where

August 14, 2023

by Ady DeeJay

Comments (0)

Aug 14, 2023THNCyber Threat / Malware A new remote access trojan (RAT) called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. “Once installed on the victim’s Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker’s Telegram

June 22, 2023

by Ady DeeJay

Comments (0)

Jun 22, 2023Ravie LakshmananCyber Attack / Phishing A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. “The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan)

June 9, 2023

by Ady DeeJay

Comments (0)

The way we work has undergone a dramatic transformation in recent years. We now operate within digital ecosystems, where remote work and the reliance on a multitude of digital tools is the norm rather than the exception. This shift – as you likely know from your own life – has

May 29, 2023

by Ady DeeJay

Comments (0)

May 29, 2023Ravie LakshmananLinux / Network Security Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. “Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT,” the JPCERT

April 18, 2023

by Ady DeeJay

Comments (0)

Apr 18, 2023Ravie LakshmananCyber Threat / Malware The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary’s

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

Cyble Discovers Cyberattack Using VSCode For Remote Access

Ransomware Gangs Exploit ESXi Vulnerability for Admin Access

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Instant Access to Everything You’ll Ever Need to Know About Any Domain – WordPress.com News

New Remote Access Trojan Emerges via Telegram and Discord

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

5 Reasons Why Access Management is the Key to Securing the Modern Workplace

New GobRAT Remote Access Trojan Targeting Linux Routers in Japan

Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access

Recent Posts

Recent Comments

Categories

Archives

Recent Posts

Recent Comments

Categories

Archives

Tags