AnyDesk Archives • Daily CyberSecurity

Tactical Evolution: Trigona Ransomware Debuts Custom Exfiltration Armory Trigona Ransomware Custom Exfiltration Tool

Tactical Evolution: Trigona Ransomware Debuts Custom Exfiltration Armory

Do Son April 25, 2026

The ransomware landscape is witnessing a sophisticated shift in how data is stolen. While most cybercriminal groups...

DeadLock Ransomware Deploys BYOVD EDR Killer by Exploiting Baidu Driver for Kernel-Level Defense Bypass DeadLock Ransomware, BYOVD EDR Killer

DeadLock Ransomware Deploys BYOVD EDR Killer by Exploiting Baidu Driver for Kernel-Level Defense Bypass

Do Son December 11, 2025

A financially motivated threat group is deploying a new ransomware strain known as “DeadLock,” utilizing advanced “Bring...

Trigona Ransomware Attacks MS-SQL Servers Using Rust Scanner and BCP Utility to Deploy Payloads Trigona MS-SQL RaaS, Rust Scanner

Trigona Ransomware Attacks MS-SQL Servers Using Rust Scanner and BCP Utility to Deploy Payloads

Do Son October 30, 2025

The AhnLab Security Intelligence Center (ASEC) has published a new report revealing that the Trigona ransomware threat...

Ransomware Gangs Weaponize AnyDesk, Splashtop, and Other Legitimate RATs to Bypass Security Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

Ransomware Gangs Weaponize AnyDesk, Splashtop, and Other Legitimate RATs to Bypass Security

Do Son October 4, 2025

Ransomware groups are increasingly turning to legitimate Remote Access Tools (RATs) such as AnyDesk, UltraViewer, RustDesk, Splashtop,...

The Gentlemen: A New Ransomware Group Using Legitimate Tools to Bypass Security Chinese espionage groups APT35 Phishing, Stormshield CTI

The Gentlemen: A New Ransomware Group Using Legitimate Tools to Bypass Security

Do Son September 11, 2025

Trend Micro researchers have revealed a new ransomware campaign orchestrated by The Gentlemen, an emerging threat group...

Kimsuky APT Group Abuses HWP and AnyDesk for Covert Remote Surveillance

Do Son June 18, 2025

The North Korean threat actor Kimsuky has been spotted deploying yet another advanced phishing campaign—this time leveraging...

Medusa Ransomware Surges: Attacks Jump 42% as Cybercriminals Expand Operations Medusa ransomware attacks

Medusa Ransomware Surges: Attacks Jump 42% as Cybercriminals Expand Operations

Do Son March 9, 2025

The Medusa ransomware threat continues to escalate, with attacks increasing by 42% between 2023 and 2024, according...

From Confluence Vulnerability (CVE-2023-22527) to LockBit Encryption: A Rapid Attack Chain

Do Son February 24, 2025

Security researchers at The DFIR Report have uncovered a highly coordinated attack that leveraged a critical remote...

AnyDesk Exploit Alert: CVE-2024-12754 Enables Privilege Escalation—PoC Available CVE-2024-12754 PoC

AnyDesk Exploit Alert: CVE-2024-12754 Enables Privilege Escalation—PoC Available

Do Son February 9, 2025

Security researcher Naor Hodorov has recently published an analysis of a vulnerability discovered in AnyDesk, a popular...

Threat Actors Exploit SimpleHelp Vulnerabilities to Deploy Sliver Backdoor Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Threat Actors Exploit SimpleHelp Vulnerabilities to Deploy Sliver Backdoor

Do Son February 9, 2025

Cybersecurity firm Field Effect has identified and thwarted a sophisticated cyberattack that leveraged newly discovered vulnerabilities in...

Cybercriminals Exploit AnyDesk to Impersonate CERT-UA in Sophisticated Phishing Campaign BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

Cybercriminals Exploit AnyDesk to Impersonate CERT-UA in Sophisticated Phishing Campaign

Do Son January 22, 2025

In a recent alert, CERT-UA researchers have unveiled a series of cyber-attacks leveraging the legitimate remote access...

Unmasking Play Ransomware: Tactics, Techniques, and Mitigation Strategies Play Ransomware Tactics

Unmasking Play Ransomware: Tactics, Techniques, and Mitigation Strategies

Do Son January 9, 2025

Play ransomware, also known as Balloonfly or PlayCrypt, has emerged as a significant cyber threat since its...

Fraudsters Exploit Trust with Fake Refund Schemes in the Middle East EU Education Scams, .edu.eu Domain App Store security Refund Schemes - Texas Pharmacist's Fraudulent

EU Education Scams, .edu.eu Domain App Store security Refund Schemes - Texas Pharmacist's Fraudulent

Fraudsters Exploit Trust with Fake Refund Schemes in the Middle East

Do Son January 8, 2025

A report from Group-IB reveals a sophisticated social engineering scam targeting consumers in the Middle East, leveraging...

Voice Phishing on Microsoft Teams Facilitates DarkGate Malware Attack

Do Son December 16, 2024

Trend Micro has revealed a new vector for cyberattacks: voice phishing (vishing) conducted via Microsoft Teams. This...

Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604)

Do Son December 8, 2024

The AhnLab Security Intelligence Response Center (ASEC) has revealed that threat actors exploiting a critical vulnerability in...

Black Basta Resurgence: Social Engineering Campaign Delivers Zbot, DarkGate, and Custom Malware Screenshot 2024-12-05 145929

Black Basta Resurgence: Social Engineering Campaign Delivers Zbot, DarkGate, and Custom Malware

Do Son December 5, 2024

The notorious Black Basta ransomware group is back, employing sophisticated social engineering tactics and deploying advanced malware...

CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published

Do Son November 21, 2024

A newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP...

Supply Chain Weakness: Crypt Ghouls Exploit Contractors to Deploy Ransomware

Do Son October 20, 2024

Kaspersky Labs has identified a new cybercriminal group dubbed Crypt Ghouls, responsible for a series of ransomware...

Beware of Fake Downloads: AsyncRAT Spreads via Popular Software Cracks AsyncRAT tactics

Beware of Fake Downloads: AsyncRAT Spreads via Popular Software Cracks

Do Son September 21, 2024

In an alarming trend observed by McAfee Labs, cybercriminals have refined their tactics, luring unsuspecting users into...

Medusa Exploits Fortinet Flaw (CVE-2023-48788) for Stealthy Ransomware Attacks Medusa Ransomware group

Medusa Exploits Fortinet Flaw (CVE-2023-48788) for Stealthy Ransomware Attacks

Do Son September 14, 2024

A recent report from Bitdefender highlights how Medusa has not only continued its relentless attacks but has...

Critical Alert 1 Active Exploit Detected Today