CyberNetSec.io

Daily Cybersecurity Threat Briefings

Home

Publications

Home Publications

Security Advisories & Threat Intelligence

Real-time cybersecurity alerts, vulnerability advisories, and threat analysis

Filter by Category

Showing 1 - 10 of 398 articles

1 / 40

Per page:

DeadLock Ransomware Uses Vulnerable Baidu Driver to Blind EDRs

HIGH

DeadLock Ransomware Deploys New "Bring Your Own Vulnerable Driver" Tactic to Disable Security Tools

A new DeadLock ransomware campaign is leveraging a novel "Bring Your Own Vulnerable Driver" (BYOVD) loader to exploit a vulnerability (CVE-2024-51324) in a legitimate Baidu Antivirus driver, `BdApiUtil.sys`. This technique allows the threat actors to terminate any process, including endpoint detection and response (EDR) and antivirus solutions, from the kernel level. By blinding security tools, the attackers can deploy the ransomware unimpeded. The attack chain, analyzed by Cisco Talos, also involves PowerShell scripts to disable Windows Defender and delete volume shadow copies, severely hindering detection and recovery efforts.

RansomwareDeadLockBYOVDEDR EvasionKernel +1 more

DeadLock Ransomware Uses Vulnerable Baidu Driver to Blind EDRs

Code-to-Cloud Attacks: Leaked GitHub Tokens Become Keys to the Kingdom

HIGH

New "Code-to-Cloud" Attack Vector Sees Threat Actors Pivot From GitHub to Cloud Environments via Leaked PATs

Security researchers at Wiz have detailed an emerging "code-to-cloud" attack vector where threat actors leverage compromised GitHub Personal Access Tokens (PATs) to pivot from code repositories directly into production cloud environments. By abusing the trust between GitHub and connected Cloud Service Providers (CSPs), attackers with even basic read permissions can discover secret names, then use write permissions to execute malicious GitHub Actions that exfiltrate CSP credentials. The attack is particularly stealthy as API calls to search for secret names are not logged by GitHub Enterprise, creating a major visibility gap for defenders.

DevSecOpsGitHubCloud SecurityCI/CDPersonal Access Token +2 more

Code-to-Cloud Attacks: Leaked GitHub Tokens Become Keys to the Kingdom

New 'Broadside' Botnet Exploits DVRs to Target Maritime Logistics

HIGH

'Broadside' Botnet Exploits DVR Flaw, Posing Significant Threat to Maritime Logistics Sector

A new, sophisticated variant of the Mirai botnet, dubbed "Broadside," is actively exploiting a command injection vulnerability (CVE-2024-3721) in TBK Digital Video Recorder (DVR) devices. According to research from Cydome, the campaign specifically targets the maritime logistics sector, where these DVRs are common. Broadside is more advanced than typical Mirai variants, using stealthier techniques and a custom C2 protocol. Crucially, its goals extend beyond DDoS to include credential harvesting and lateral movement, turning compromised DVRs into strategic footholds on vessel networks.

Dec 9, 2025

6 min read

Malware

Industrial Control Systems

IoT Security

BotnetMiraiBroadsideMaritime SecurityIoT +3 more

New 'Broadside' Botnet Exploits DVRs to Target Maritime Logistics

AI Threat Hunting Exposes 'GhostPenguin,' a Linux Backdoor Undetected for Months

MEDIUM

Undetected for Over Four Months, 'GhostPenguin' Linux Backdoor Exposed by AI-Powered Threat Hunting

Researchers at Trend Micro have discovered "GhostPenguin," a sophisticated, multi-threaded Linux backdoor written in C++. The malware remained completely undetected on VirusTotal for over four months after its initial submission. It was ultimately found using an AI-driven automated threat hunting pipeline designed to analyze zero-detection samples. GhostPenguin provides attackers with full remote shell access and file system control over an RC5-encrypted UDP channel, using port 53 to masquerade as DNS traffic, highlighting the growing need for AI in detecting emerging, stealthy threats.

LinuxBackdoorGhostPenguinThreat HuntingAI +2 more

AI Threat Hunting Exposes 'GhostPenguin,' a Linux Backdoor Undetected for Months

Vishing Attackers Impersonate IT on Teams, Trick Users into Running Fileless Malware

MEDIUM

Vishing Campaign Abuses Microsoft Teams and QuickAssist to Deploy Fileless .NET Malware

A sophisticated vishing (voice phishing) campaign is abusing trusted enterprise tools to deploy stealthy malware. Attackers impersonate IT support staff on Microsoft Teams, convincing users to initiate a Windows Quick Assist session. Once they have remote access, the attackers direct the user to a malicious site to download a loader. This loader then fetches an encrypted payload and executes it directly in memory using .NET reflection, a fileless technique designed to evade traditional antivirus and endpoint detection solutions. The campaign highlights the increasing trend of blending social engineering with the abuse of legitimate software.

VishingSocial EngineeringMicrosoft TeamsQuickAssistFileless Malware +1 more

Vishing Attackers Impersonate IT on Teams, Trick Users into Running Fileless Malware

IBM Rolls Out Critical Patches for AIX, Cloud Pak, and Other Enterprise Software

MEDIUM

IBM Issues Critical Security Updates for AIX, Aspera Shares, Cloud Pak, and More

IBM has released a wave of security updates addressing vulnerabilities in numerous enterprise products, prompting an advisory from the Canadian Centre for Cyber Security. The bulletins, published between December 1 and December 7, 2025, include critical patches for IBM AIX, VIOS, Aspera Shares, Business Automation Workflow, and Cloud Pak System, among others. Administrators are strongly urged to review the advisories and apply the necessary updates promptly to protect their infrastructure from potential exploitation.

IBMPatch ManagementVulnerabilityAIXCloud Pak +2 more

IBM Rolls Out Critical Patches for AIX, Cloud Pak, and Other Enterprise Software

Race for Secure Digital Identity Heats Up with New Platforms from IBM and Turing Space

INFORMATIONAL

IBM and Turing Space Launch New Digital Credential and Identity Platforms to Counter AI Threats

The digital identity space is seeing rapid innovation as IBM launches "Verify Digital Credentials," a new platform for issuing and authenticating secure digital documents like licenses and academic records. Built on open standards, it aims to reduce breach risk by decentralizing data storage. Concurrently, decentralized identity provider Turing Space is partnering with the IOTA blockchain to enhance its own verification offering, aiming to lower costs for enterprise-scale deployment. These moves highlight an industry-wide push towards verifiable credentials as a foundational defense against the growing threat of AI-powered deepfakes and identity fraud.

Dec 9, 2025

4 min read

Policy and Compliance

Regulatory

Cloud Security

Digital IdentityVerifiable CredentialsSelf-Sovereign IdentitySSIBlockchain +1 more

Race for Secure Digital Identity Heats Up with New Platforms from IBM and Turing Space

Supply Chain Attack: Marquis Software Breach Hits 74 Banks, Akira Ransomware Suspected

HIGH

Marquis Software Solutions Breach Exposes Data of Over 400,000 Customers from 74 U.S. Financial Institutions

Marquis Software Solutions, a U.S.-based financial software provider, has suffered a major data breach, compromising the sensitive information of over 400,000 customers across 74 client banks and credit unions. This significant supply chain attack is suspected to be the work of the Akira ransomware gang. According to investigators, the threat actors likely gained initial access by exploiting vulnerabilities in SonicWall firewall devices on Marquis's network. This incident highlights the cascading risk in the financial sector, where a compromise at a single software vendor can have widespread consequences for numerous downstream institutions and their customers.

Supply Chain AttackData BreachRansomwareAkiraSonicWall +2 more

Cl0p Implicated in Oracle Zero-Day Attacks, Breaching UPenn and University of Phoenix

HIGH

Universities of Pennsylvania and Phoenix Disclose Data Breaches After Oracle E-Business Suite Zero-Day Exploitation, Cl0p Ransomware Gang Suspected

The University of Pennsylvania and the University of Phoenix have both reported data breaches resulting from the exploitation of zero-day vulnerabilities in their Oracle E-Business Suite servers. The attacks have compromised the personal information of at least 1,488 individuals at UPenn and a much larger, unspecified number of students, alumni, and staff at the University of Phoenix. Security researchers suspect the notorious Cl0p ransomware gang is behind the campaign, continuing their pattern of exploiting vulnerabilities in widely used enterprise software for large-scale data theft and extortion. Both institutions are currently notifying affected individuals.

Cl0pData BreachZero-DayOracleOracle E-Business Suite +3 more

Cl0p Implicated in Oracle Zero-Day Attacks, Breaching UPenn and University of Phoenix

White House Sets 2025 Deadline for Post-Quantum Crypto Readiness

INFORMATIONAL

New White House Executive Order Mandates Key Post-Quantum Cryptography (PQC) Actions by December 2025

The White House has issued a new Executive Order to accelerate the U.S. federal government's transition to post-quantum cryptography (PQC). The order sets a critical deadline of December 1, 2025, for several key initiatives. It directs CISA and the NSA to create and maintain a list of commercially available products that support PQC standards, guiding federal procurement. It also mandates the development of new requirements for federal agencies to support TLS 1.3, a necessary precursor for PQC integration. Additionally, NIST is tasked with updating its Secure Software Development Framework (SSDF) to include practices for developing quantum-resistant software.

Dec 8, 2025

5 min read

Policy and Compliance

Regulatory

Threat Intelligence

PQCPost-Quantum CryptographyWhite HouseExecutive OrderNIST +4 more

White House Sets 2025 Deadline for Post-Quantum Crypto Readiness

Showing 1 - 10 of 398 articles

1 / 40