Author: Staff Writer

Summary Points OneClik Campaign: Cybersecurity researchers have identified a new targeted campaign called OneClik, utilizing Microsoft’s ClickOnce technology and sophisticated Golang backdoors to infiltrate energy, oil, and gas sectors, suggesting ties to Chinese-affiliated threat actors. Exploitation of ClickOnce: The attack leverages ClickOnce’s ability to execute malicious payloads without elevation rights, obfuscating operations via the trusted binary "dfsvc.exe" to deliver malware through phishing emails linked to fake hardware analysis websites. RunnerBeacon Features: The Golang-based backdoor, RunnerBeacon, exhibits advanced capabilities like process enumeration, file operations, and network manipulation, featuring anti-analysis methods to evade detection, and bears structural resemblances to known Go-based malware…

Fast Facts Target Expansion: Hackers known as "Scattered Spider" have broadened their focus to include the aviation and transportation industries, following previous attacks on retail and insurance sectors, impacting companies like WestJet and Hawaiian Airlines. Method of Attack: The group is recognized for using social engineering tactics, such as self-service password resets and MFA bombing, to gain network access, exemplified by the recent breach of WestJet’s data centers. Threat Intelligence Insights: Cybersecurity experts, including from Palo Alto Networks and Mandiant, have confirmed the group’s targeting of aviation and transportation organizations, emphasizing the need for enhanced identity verification processes. Cohesion and…

DCS Corporation has announced it has successfully completed the Cybersecurity Maturity Model Certification (CMMC) Level 2 assessment process, earning certification at the DCS enterprise-level. DCS recorded a perfect score of 110 with no corrective actions required and now joins a short list of early adopting companies. Industry experts estimate that close to 80,000 companies will require CMMC Level 2 certification to conduct business with Department of Defense. Cyber Technology Insights : European Cybersecurity Leader Heimdal Partners with Montreal’s Fusion Cyber Group  This certification affirms that the entire DCS enterprise, including all locations and business units, are fully certified, not just a limited…

Fast Facts A critical vulnerability in Citrix NetScaler (CVE-2025-5777) is seeing early active exploitation, enabling attackers to gain initial access to systems. The flaw allows attackers to extract session tokens, bypass multifactor authentication, and potentially engage in session hijacking. There are concerns about this vulnerability due to similarities with the previously exploited CitrixBleed bug, which significantly impacted organizations like Boeing and Comcast. Citrix has faced criticism for its past handling of vulnerabilities and is now urging customers to report any possible compromises while offering guidance on this new threat. Understanding the Vulnerability A critical flaw in Citrix NetScaler has emerged,…

Fast Facts Surge in Scanning Activity: GreyNoise reports a significant increase in scanning for Progress MOVEit Transfer systems, with daily unique IPs spiking from fewer than 10 to over 319, indicating possible preparations for widespread exploitation. Threat Landscape: A total of 682 unique IPs were flagged over 90 days, with 449 observed in the last 24 hours; 344 are deemed suspicious and 77 malicious, predominantly from the U.S. and other countries including Germany and Japan. Exploitation Attempts Detected: On June 12, 2025, GreyNoise identified attempts to exploit two vulnerabilities (CVE-2023-34362 and CVE-2023-36934), the former previously abused in a large-scale ransomware…

A deceptive fake error attack vector, ClickFix, surged by over 500%, becoming the second most common attack method after phishing, and responsible for nearly 8% of all blocked attacks. ESET has released its latest Threat Report, which summarizes threat landscape trends seen in ESET telemetry and from the perspective of both ESET threat detection and research experts, from December 2024 through May 2025. One of the most striking developments this period was the emergence of ClickFix, a new, deceptive attack vector that skyrocketed by over 500% compared to H2 2024 in ESET telemetry. This makes it one of the most…

Quick Takeaways Discovery of Compromised Devices: Over 1,000 SOHO devices have been compromised by a cyber espionage campaign, codenamed LapDogs, linked to China-nexus hacking groups, with a significant presence in the U.S. and Southeast Asia. Custom Backdoor Utilization: The campaign employs a backdoor named ShortLeash, which installs a fake web server and generates a self-signed TLS certificate to impersonate the L.A. Police Department, allowing for extensive control over the infected devices. Deployment and Infections: Initial attacks began in September 2023, utilizing N-day vulnerabilities to infiltrate various devices, with evidence of distinct campaigns infecting up to 60 devices each, totaling 162…

CISO Global, a leader in AI-powered cybersecurity software and compliance services, announced an alliance with Financial Independence Group (FIG) through the company’s strategic partnership with Cyber Assurance Group Incorporated (CAGI) and its CyberSimple solution, a groundbreaking advancement in the distribution of CISO Global’s flagship cybersecurity product, CHECKLIGHT. The alliance opens an estimated $2 billion market opportunity in the PEO and Financial Management sector. Cyber Technology Insights : European Cybersecurity Leader Heimdal Partners with Montreal’s Fusion Cyber Group  This initiative will integrate the offering of CyberSimpleTM powered by CHECKLIGHT®, with its expanded $1.5M warranty, directly into FIG’s proprietary advisor portal, which currently supports services such as stock…

Top Highlights Active Monitoring: Federal officials are closely observing potential cyberattacks linked to the Iran conflict but have not detected significant activity thus far. DHS Warning: The Department of Homeland Security cautioned that Iran-affiliated groups may target U.S. critical infrastructure, drawing from previous attacks on vulnerable systems. Heightened Awareness: Officials, including DHS Secretary Kristi Noem, are coordinating with local leaders to monitor potential threats, despite no known credible threats currently impacting New Yorkers. Internet Constraints: Iran’s nearly total internet blackout since mid-June may be limiting hackers’ capabilities, while some observed DDoS attacks against U.S. infrastructure have been attributed to pro-Iran…

Fast Facts New Malware Campaign: A Chinese hacking group, Silver Fox, is deploying a campaign using fake software sites to deliver the Sainbox RAT and Hidden rootkit, targeting Chinese speakers. Phishing Tactics: The attack employs phishing websites (e.g., "wpsice[.]com") that distribute malicious MSI installers, highlighting a continued trend of exploiting fake web services. Malware Mechanics: The malicious payloads utilize DLL side-loading techniques to run the Sainbox RAT and a rootkit driver, enabling stealthy remote access and data theft. Established Patterns: This method mirrors prior campaigns linked to Silver Fox, emphasizing their reliance on variants of Gh0st RAT and open-source tools…