Huntress Archives • Daily CyberSecurity

“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit

Do Son January 8, 2026

In a new report, the Huntress Tactical Response Team details a sophisticated intrusion discovered in December 2025...

Huntress Uncovers Log Poisoning Campaign Linking Nezha and Ghost RAT in Widespread Asian Cyber Intrusions Nezha Web Compromise, Log Poisoning

Huntress Uncovers Log Poisoning Campaign Linking Nezha and Ghost RAT in Widespread Asian Cyber Intrusions

Do Son October 10, 2025

Huntress researchers have unveiled a new and highly creative intrusion technique that combines log poisoning, AntSword web...

From Infostealer to Full RAT: Huntress Uncovers a Multi-Stage Malware Attack Deploying PureRAT AdaptixC2 Abuse, Russian Cybercrime RondoDox Botnet, Exploit Shotgun China Cyber Power, Red Hackers Nvidia cyberattack

AdaptixC2 Abuse, Russian Cybercrime RondoDox Botnet, Exploit Shotgun China Cyber Power, Red Hackers Nvidia cyberattack

From Infostealer to Full RAT: Huntress Uncovers a Multi-Stage Malware Attack Deploying PureRAT

Do Son September 29, 2025

Huntress has published a detailed investigation into a recent intrusion campaign that began as a Python-based infostealer...

Obscura: A Stealthy New Go-Based Ransomware Is Abusing Domain Controllers Obscura ransomware, domain controller

Obscura: A Stealthy New Go-Based Ransomware Is Abusing Domain Controllers

Do Son September 4, 2025

Security analysts at Huntress reported the discovery of a previously unseen ransomware variant, named Obscura. The malware...

Beyond ClickFix: A New Attack Abuses Windows Search to Deliver MetaStealer ChaCha20 Cipher

Beyond ClickFix: A New Attack Abuses Windows Search to Deliver MetaStealer

Do Son September 2, 2025

For over a year, Huntress researchers have been tracking the rise of ClickFix attacks, a form of...

Cephalus: The New Ransomware That Abuses Legitimate Tools to Bypass Security

Do Son August 27, 2025

Recently, threat hunters at Huntress observed two separate incidents involving a new ransomware variant dubbed Cephalus. The...

Urgent Zero-Day Warning: SonicWall VPNs Under Attack, Akira Ransomware Deployed Within Hours hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

Urgent Zero-Day Warning: SonicWall VPNs Under Attack, Akira Ransomware Deployed Within Hours

Do Son August 4, 2025

Huntress has issued a critical alert about what appears to be a zero-day vulnerability in SonicWall Secure...

CISA Warns of Active Exploitation of Wing FTP Server Flaw (CVE-2025-47812), CVSS 10 Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

CISA Warns of Active Exploitation of Wing FTP Server Flaw (CVE-2025-47812), CVSS 10

Do Son July 15, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-47812 to its Known Exploited Vulnerabilities (KEV) Catalog...

Critical Wing FTP Server RCE (CVE-2025-47812) Actively Exploited In The Wild Wing FTP Server, RCE Exploit

Critical Wing FTP Server RCE (CVE-2025-47812) Actively Exploited In The Wild

Do Son July 11, 2025

On July 1, 2025—just a day after its public disclosure—Huntress witnessed the active exploitation of a critical...

North Korean BlueNoroff Uses Deepfakes in Zoom Scams to Install macOS Malware for Crypto Theft Visualization of attack chain

North Korean BlueNoroff Uses Deepfakes in Zoom Scams to Install macOS Malware for Crypto Theft

Do Son June 23, 2025

Huntress exposes a sophisticated intrusion by North Korean threat actor TA444, using a fake Zoom extension, AppleScript...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Huntress

“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit

Huntress Uncovers Log Poisoning Campaign Linking Nezha and Ghost RAT in Widespread Asian Cyber Intrusions

From Infostealer to Full RAT: Huntress Uncovers a Multi-Stage Malware Attack Deploying PureRAT

Obscura: A Stealthy New Go-Based Ransomware Is Abusing Domain Controllers

Beyond ClickFix: A New Attack Abuses Windows Search to Deliver MetaStealer

Cephalus: The New Ransomware That Abuses Legitimate Tools to Bypass Security

Urgent Zero-Day Warning: SonicWall VPNs Under Attack, Akira Ransomware Deployed Within Hours

CISA Warns of Active Exploitation of Wing FTP Server Flaw (CVE-2025-47812), CVSS 10

Critical Wing FTP Server RCE (CVE-2025-47812) Actively Exploited In The Wild