C2 server – Experimental News Clipping Site

Microsoft Security Blog: Dissecting PipeMagic: Inside the architecture of a modular backdoor framework

Aug 21, 2025

—

by

Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/18/dissecting-pipemagic-inside-the-architecture-of-a-modular-backdoor-framework/ Source: Microsoft Security Blog Title: Dissecting PipeMagic: Inside the architecture of a modular backdoor framework Feedly Summary: A comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application. Beneath its disguise, PipeMagic is a sophisticated malware framework designed for flexibility and…

Cloud Blog: A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor/ Source: Cloud Blog Title: A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor Feedly Summary: Written by: Marco Galli Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the “Frontline Bulletin" series brings you the latest on the most intriguing compromises we are seeing in the wild right now, equipping our community…

Embrace The Red: Jules Zombie Agent: From Prompt Injection to Remote Control

Aug 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/google-jules-remote-code-execution-zombai/ Source: Embrace The Red Title: Jules Zombie Agent: From Prompt Injection to Remote Control Feedly Summary: In the previous post, we explored two data exfiltration vectors that Jules is vulnerable to and that can be exploited via prompt injection. This post takes it further by demonstrating how Jules can be convinced to…

Cloud Blog: From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944

Jul 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-from-unc3944/ Source: Cloud Blog Title: From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944 Feedly Summary: Introduction In mid 2025, Google Threat Intelligence Group (GITG) identified a sophisticated and aggressive cyber campaign targeting multiple industries, including retail, airline, and insurance. This was the work of UNC3944, a financially motivated threat…

Cisco Talos Blog: Famous Chollima deploying Python version of GolangGhost RAT

Jun 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/python-version-of-golangghost-rat/ Source: Cisco Talos Blog Title: Famous Chollima deploying Python version of GolangGhost RAT Feedly Summary: Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, “PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India. AI Summary and Description: Yes **Summary:** The analysis…

Slashdot: FBI: BadBox 2.0 Android Malware Infects Millions of Consumer Devices

Jun 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/06/06/2033225/fbi-badbox-20-android-malware-infects-millions-of-consumer-devices?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: FBI: BadBox 2.0 Android Malware Infects Millions of Consumer Devices Feedly Summary: AI Summary and Description: Yes Summary: The text details a significant malware campaign known as BADBOX 2.0, which has reportedly infected over 1 million IoT devices, turning them into residential proxies for malicious activities. The FBI warns…

Cloud Blog: Windows Remote Desktop Protocol: Remote to Rogue

Apr 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol/ Source: Cloud Blog Title: Windows Remote Desktop Protocol: Remote to Rogue Feedly Summary: Written by: Rohit Nambiar Executive Summary In October 2024, Google Threat Intelligence Group (GTIG) observed a novel phishing campaign targeting European government and military organizations that was attributed to a suspected Russia-nexus espionage actor we track as UNC5837. The…

Cloud Blog: Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers

Mar 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers/ Source: Cloud Blog Title: Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers Feedly Summary: Written by: Lukasz Lamparski, Punsaen Boonyakarn, Shawn Chew, Frank Tse, Jakub Jozwiak, Mathew Potaczek, Logeswaran Nadarajan, Nick Harbour, Mustafa Nasser Introduction In mid 2024, Mandiant discovered threat actors deployed custom backdoors on Juniper Networks’ Junos…

Unit 42: Stately Taurus Activity in Southeast Asia Links to Bookworm Malware

Feb 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/?p=138311 Source: Unit 42 Title: Stately Taurus Activity in Southeast Asia Links to Bookworm Malware Feedly Summary: Unit 42 details the just-discovered connection between threat group Stately Taurus (aka Mustang Panda) and the malware Bookworm, found during analysis of the group’s infrastructure. The post Stately Taurus Activity in Southeast Asia Links to Bookworm…

Unit 42: CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia

Jan 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/?p=138128 Source: Unit 42 Title: CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia Feedly Summary: A Chinese-linked espionage campaign targeted entities in South Asia using rare techniques like DNS exfiltration, with the aim to steal sensitive data. The post CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia appeared first…

Tag: C2 server