lateral movement Archives • Daily CyberSecurity

Critical Wazuh Vulnerability Enables Lateral Movement and Root Access Wazuh Cluster RCE CVE-2026-30893

Critical Wazuh Vulnerability Enables Lateral Movement and Root Access

Do Son April 30, 2026

Wazuh, the widely deployed open-source platform for threat detection and response, has addressed a critical path traversal...

Splunk Unmasks New Malware Campaign Pairing Ghost RAT with CloverPlus Adware Ghost RAT RDP Credential Theft

Splunk Unmasks New Malware Campaign Pairing Ghost RAT with CloverPlus Adware

Do Son April 22, 2026

The Splunk Threat Research Team (STRT) has identified a sophisticated new malware campaign that defies traditional deployment...

Microsoft Teams Exploited for Silent Enterprise Takeovers Teams Impersonation Administrative Abuse

Microsoft Teams Exploited for Silent Enterprise Takeovers

Do Son April 22, 2026

A new investigative report from the Microsoft Defender Security Research Team has unmasked a sophisticated intrusion chain...

Wormable Bugs: Microsoft April 2026 Patch Tuesday Fixes Two “Zero-Interaction” RCE Flaws Microsoft Patch Tuesday fixes disclosed zero day vulnerabilities Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Microsoft Patch Tuesday fixes disclosed zero day vulnerabilities Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Wormable Bugs: Microsoft April 2026 Patch Tuesday Fixes Two “Zero-Interaction” RCE Flaws

Do Son April 17, 2026

The security landscape for Windows administrators just got significantly more urgent. As part of the April 2026...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

SentinelOne Unmasks Exploitation of FortiGate Appliances as Gateways to Network Takeover

Do Son March 15, 2026

The SentinelOne Digital Forensics & Incident Response (DFIR) team issued a warning: the very appliances designed to...

Exploited in the Wild: Critical BeyondTrust Flaw (CVSS 9.9) Opens Door to Network Takeover BeyondTrust Vulnerability CVE-2026-1731

Exploited in the Wild: Critical BeyondTrust Flaw (CVSS 9.9) Opens Door to Network Takeover

Do Son February 15, 2026

A critical vulnerability in widely used remote access software is currently under active attack, with threat actors...

One Click, 42 Days: Akira Ransomware Used CAPTCHA Decoy to Destroy Cloud Backups and Cripple Storage Firm Akira ClickFix, Cloud Backup Destruction

Akira ClickFix, Cloud Backup Destruction

One Click, 42 Days: Akira Ransomware Used CAPTCHA Decoy to Destroy Cloud Backups and Cripple Storage Firm

Do Son November 20, 2025

A newly released analysis from Unit 42 details how a global data storage and infrastructure company was...

Sophisticated “The Gentlemen” Ransomware RaaS Emerges with XChaCha20 Encryption and 48 Victims in 3 Months The Gentlemen RaaS, XChaCha20 Encryption

The Gentlemen RaaS, XChaCha20 Encryption

Sophisticated “The Gentlemen” Ransomware RaaS Emerges with XChaCha20 Encryption and 48 Victims in 3 Months

Do Son November 20, 2025

The Cybereason Threat Intelligence Team has published an in-depth analysis of a rapidly evolving ransomware group known...

Delphi PatoRAT Backdoor Hijacks LogMeIn Resolve and PDQ Connect RMM Tools for Full System Takeover PatoRAT RMM Abuse, LogMeIn Hijacking

Delphi PatoRAT Backdoor Hijacks LogMeIn Resolve and PDQ Connect RMM Tools for Full System Takeover

Do Son November 13, 2025

Researchers from the AhnLab Security Intelligence Center (ASEC) have uncovered a new malware campaign exploiting Remote Monitoring...

New Yurei Ransomware Emerges: Go-Based Variant Uses Advanced Anti-Forensics for Irreversible Double Extortion Yurei Ransomware, Double Extortion

New Yurei Ransomware Emerges: Go-Based Variant Uses Advanced Anti-Forensics for Irreversible Double Extortion

Do Son October 7, 2025

A new ransomware variant known as Yurei Ransomware has emerged, and according to researchers from CYFIRMA, it...

APT41 Unleashes Full Arsenal in Rare African Cyberespionage Campaign Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

APT41 Unleashes Full Arsenal in Rare African Cyberespionage Campaign

Do Son July 22, 2025

In a newly published report, Kaspersky’s Managed Detection and Response (MDR) team has unveiled a high-level cyberespionage...

RansomHub Breach: Six-Day Attack Leveraged RDP, RMM Tools & Mimikatz for Data Exfiltration & Ransomware INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

RansomHub Breach: Six-Day Attack Leveraged RDP, RMM Tools & Mimikatz for Data Exfiltration & Ransomware

Do Son June 30, 2025

The DFIR Report’s latest case study exposes the meticulous six-day operation of a threat actor who leveraged...

IIS & Linux Servers Hit by WogRAT, MeshAgent, & SuperShell Malware South Korea Cyberattacks, Multi-platform Malware

IIS & Linux Servers Hit by WogRAT, MeshAgent, & SuperShell Malware

Do Son June 30, 2025

AhnLab Security Intelligence Center (ASEC) has uncovered a sophisticated series of attacks aimed at both Windows IIS...

DOGE Big Balls Ransomware: New Tools and Tactics Uncovered DOGE Big Balls Ransomware Ransomware infection chain

DOGE Big Balls Ransomware: New Tools and Tactics Uncovered

Do Son May 9, 2025

Netskope Threat Labs has recently uncovered a multi-stage infection chain involving custom PowerShell scripts, open-source tools, exploitation...

GOFFEE APT: New PowerModul Implant and Tactics Target Russian Organizations GOFFEE APT Russian cyberattacks

GOFFEE APT: New PowerModul Implant and Tactics Target Russian Organizations

Do Son April 14, 2025

The APT group GOFFEE has resurfaced with a revamped arsenal, launching targeted cyberattacks across Russia’s strategic sectors....

RemoteMonologue: New DCOM Attack Bypasses LSASS Protection RemoteMonologue DCOM attack

RemoteMonologue: New DCOM Attack Bypasses LSASS Protection

Do Son April 11, 2025

In a technical deep-dive, IBM’s X-Force Red has revealed a stealthy new lateral movement and credential access...

Detecting Lateral Movement Risks in Microsoft Entra ID’s Cross-Tenant Synchronization Feature Detect Lateral Movement

Detecting Lateral Movement Risks in Microsoft Entra ID’s Cross-Tenant Synchronization Feature

Do Son October 30, 2024

In a recent blog post, Lina Lau, founder and hacker at @xintraorg, shed light on the potential...

Critical Alert 1 Active Exploit Detected Today