All posts in Uncategorized

■■□□□ Kimsuky #APT exploited #BlueKeep #RDP flaw in attacks against South Korea and Japan. Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

■■■□□ Cookie-Bite Attack Lets Hacker Bypass MFA & Maintain Access to Cloud Servers. New Cookie-Bite Attack Let Hackers Bypass MFA & Maintain Access to Cloud Servers

■■■■□ SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks. SuperCard X Android Malware A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraud cashouts. https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html

■■□□□ LDAP Injection 💉 Dependency Injector. Covers why it’s crucial for clean code, with Python examples before Go. 🎞 https://youtu.be/BhLpqRev80s

■■■■□  Active! Mail RCE flaw exploited in attacks on Japanese orgs. An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. https://www.bleepingcomputer.com/news/security/active-mail-rce-flaw-exploited-in-attacks-on-japanese-orgs/

■■□□□ New Malware Targets Docker — but it’s not about crypto mining anymore. Hackers are hijacking Docker to run fake nodes on a Web3 network called Teneo. Instead of mining, they farm TENEO tokens by sending fake heartbeat signals. 🔹 325+ downloads from Docker Hub https://thehackernews.com/2025/04/docker-malware-exploits-teneo-web3-node.html

■■□□□ Privilege Escalation in Google Cloud! A serious bug in Cloud Composer (GCP) let attackers with edit access take control of key services like Cloud Storage and Artifact Registry by uploading malicious code. https://thehackernews.com/2025/04/gcp-cloud-composer-bug-let-attackers.html

■■■■□ Russian state-sponsored hackers have attempted to sabotage Dutch critical infrastructure in attacks this year and last, according to the Dutch Military Intelligence and Security Service’s annual public report, published Tuesday. https://www.defensie.nl/actueel/nieuws/2025/04/22/russische-brutaliteit-om-samenleving-te-ontwr https://therecord.media/dutch-mivd-report-russian-cyber-sabotage

■■□□□ United Kingdom 🇬🇧 high street mainstay Marks & Spencer told the London Stock Exchange this afternoon it has been managing a “cyber incident” for “the past few days.” https://www.londonstockexchange.com/news-article/MKS/cyber-incident-update/16999905 https://www.theregister.com/2025/04/22/marks_spencer_cyber_incident/

■■□□□ State-Sponsored Actors Try ClickFix. https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix https://www.forbes.com/sites/zakdoffman/2025/04/21/do-not-click-if-you-see-this-on-your-pc-its-an-attack/