Tag: vpn
-
Chinese-speaking hackers exploited ESXi zero-days long before disclosure
Chinese-speaking attackers used a hacked SonicWall VPN to deploy ESXi zero-days that were likely exploited over a year before public disclosure. Chinese-speaking attackers were seen abusing a hacked SonicWall VPN to deliver a toolkit targeting VMware ESXi. The exploit chain included a sophisticated VM escape and appears to have been developed more than a year…
-
VMware ESXi zero-days likely exploited a year before disclosure
Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vmware-esxi-zero-days-likely-exploited-a-year-before-disclosure/
-
US Man Jailed After FBI Traced 1,100 IP Addresses in Cyberstalking Case
A 25-year-old Bigfork, Montana man, Jeremiah Daniel Starr, used over 50 phone numbers and a VPN to harass a victim he called his “best friend,” even staging a fake shooting. Learn more about the FBI investigation that traced 1,100 IP addresses to bring him to justice. First seen on hackread.com Jump to article: hackread.com/us-man-jailed-fbi-ip-addresses-cyberstalking-case/
-
BlueDelta Hackers Target Microsoft OWA, Google, and Sophos VPN to Steal Credentials
A sophisticated credential-harvesting operation conducted by BlueDelta, a Russian state-sponsored threat group linked to the GRU’s Main Directorate, targeted critical infrastructure organizations and research institutions throughout 2025, according to a comprehensive investigation by Recorded Future’s Insikt Group. The campaign, spanning February through September 2025, represents a significant evolution in the group’s persistent credential-theft operations, with…
-
Cybercriminals Exploit VMware ESXi Vulnerabilities Using Zero-Day Toolset
Huntress security researchers have uncovered a sophisticated VMware ESXi exploitation campaign using a zero-day toolkit that remained undetected for over a year before VMware’s public disclosure. The December 2025 intrusion, which began through a compromised SonicWall VPN, demonstrates how threat actors are chaining multiple critical vulnerabilities to achieve complete hypervisor compromise. Attack Chain Begins With…
-
Cybercriminals Exploit VMware ESXi Vulnerabilities Using Zero-Day Toolset
Huntress security researchers have uncovered a sophisticated VMware ESXi exploitation campaign using a zero-day toolkit that remained undetected for over a year before VMware’s public disclosure. The December 2025 intrusion, which began through a compromised SonicWall VPN, demonstrates how threat actors are chaining multiple critical vulnerabilities to achieve complete hypervisor compromise. Attack Chain Begins With…
-
Urban VPN Proxy sendet Prompts an Analytics-Server – Browser-Erweiterungen zapfen heimlich KI-Chats ab
First seen on security-insider.de Jump to article: www.security-insider.de/chrome-edge-erweiterung-ki-prompt-leak-a-b0cf000d4c491eb5a5e27c7528c2dcba/
-
5 myths about DDoS attacks and protection
Myth 2: DDoS attacks only involve flooding networks with large amounts of traffic.: In the early days of DDoS, the vast majority of attacks were large traffic floods. However, DDoS attacks have evolved over time, becoming more surgically targeted and complex. The media continues to report on the largest, most shocking attacks that are terabits…
-
The Enduring Attack Surface of VPNs
Paper Traces Pandemic-Era Spike in Attacks. One way to look at the novel coronavirus pandemic: A societal experiment in how an oft-overlooked yet essential element of secure networking would stand up to an exploding user base. Unsurprisingly, the rapid uptake of virtual private networks by companies suddenly managing a remote workforce came with significant security…
-
Daran scheitert Passwordless
Passwortlose Authentifizierung im Unternehmen einzuführen, ist nur auf dem Papier einfach.Etliche Enterprise-CISOs versuchen schon seit mehr als einer Dekade, Passwörter hinter sich zu lassen. Weil aber diverse Legacy-Systeme ausschließlich auf Kennwörter ausgelegt sind, stoßen sie dabei immer wieder auf technische Hürden. Das spiegelt auch der aktuelle “ID IQ Report 2026″ von RSA (Download gegen Daten)…
-
NDSS 2025 PQConnect: Automated Post-Quantum End-To-End Tunnels
Session 7C: Secure Protocols Authors, Creators & Presenters: Daniel J. Bernstein (University of Illinois at Chicago and Academia Sinica), Tanja Lange (Eindhoven University of Technology amd Academia Sinica), Jonathan Levin (Academia Sinica and Eindhoven University of Technology), Bo-Yin Yang (Academia Sinica) PAPER PQConnect: Automated Post-Quantum End-to-End Tunnels This paper introduces PQConnect, a post-quantum end-to-end tunneling…
-
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
Fortinet on Wednesday said it observed “recent abuse” of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations.The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the second…
-
Fake VPN Chrome Extensions Steal Credentials by Intercepting User Traffic
Socket’s Threat Research Team has exposed a sophisticated credential-harvesting campaign that has operated through malicious Chrome extensions since 2017. Two variants of an extension named Phantom Shuttle (幻影穿æ¢), published under the threat actor email theknewone.com@gmail.com, have compromised over 2,180 users by masquerading as legitimate network testing tools while executing complete traffic interception and credential theft. The extensions market…
-
Urban VPN Proxy Spies on AI Chatbot Conversations
Browser Tools Capture Chatbot Data, Sell to Data Broker: Koi Security. A browser extension promising a free clientless VPN for Chrome users has been harvesting conversations from artificial intelligence chatbot platforms and selling the data to third-party brokers. The data collection operates independently of the VPN functionality itself. First seen on govinfosecurity.com Jump to article:…
-
Cisco VPNs, Email Services Hit in Separate Threat Campaigns
The company suffered one sophisticated five-alarm campaign and one messy spray-and-pray attack, mere days apart. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/cisco-vpns-email-services-threat-campaigns
-
Über deutsche IP-Adressen: Hacker attackieren massenhaft VPN-Zugänge
VPN-Zugänge von Cisco und Palo Alto Networks werden angegriffen. Die Attacken scheinen primär über einen deutschen Hoster zu laufen. First seen on golem.de Jump to article: www.golem.de/news/ueber-deutsche-ip-adressen-hacker-attackieren-massenhaft-vpn-zugaenge-2512-203459.html
-
Attackers bring their own passwords to Cisco and Palo Alto VPNs
Tags: authentication, cisco, credentials, data-breach, endpoint, infrastructure, login, malicious, mfa, password, threat, vpnBrute-forcing Cisco’s SSL VPN follows: Just a day after the GlobalProtect surge, the same actor infrastructure pivoted to Cisco’s SSL VPN endpoints, with the same TCP fingerprint and hosting provider IP space. GreyNoise saw the number of unique attacking IPs jump from a typical daily baseline of fewer than 200 to over 1200, signalling a…
-
Attackers bring their own passwords to Cisco and Palo Alto VPNs
Tags: authentication, cisco, credentials, data-breach, endpoint, infrastructure, login, malicious, mfa, password, threat, vpnBrute-forcing Cisco’s SSL VPN follows: Just a day after the GlobalProtect surge, the same actor infrastructure pivoted to Cisco’s SSL VPN endpoints, with the same TCP fingerprint and hosting provider IP space. GreyNoise saw the number of unique attacking IPs jump from a typical daily baseline of fewer than 200 to over 1200, signalling a…
-
Attackers bring their own passwords to Cisco and Palo Alto VPNs
Tags: authentication, cisco, credentials, data-breach, endpoint, infrastructure, login, malicious, mfa, password, threat, vpnBrute-forcing Cisco’s SSL VPN follows: Just a day after the GlobalProtect surge, the same actor infrastructure pivoted to Cisco’s SSL VPN endpoints, with the same TCP fingerprint and hosting provider IP space. GreyNoise saw the number of unique attacking IPs jump from a typical daily baseline of fewer than 200 to over 1200, signalling a…
-
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability
WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks.Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code.”This vulnerability affects…
-
New password spraying attacks target Cisco, PAN VPN gateways
An automated campaign is targeting multiple VPN platforms, with credential-based attacks being observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-password-spraying-attacks-target-cisco-pan-vpn-gateways/
-
Der Raspberry-Pi-Weckruf für CISOs
Tags: access, authentication, ceo, ciso, control, cyberattack, dns, firewall, group, hacker, Hardware, infrastructure, linux, monitoring, office, risk, switch, tool, voip, vpnKleines Device, große Wirkung.Mitte Dezember wurde eine Fähre in Besitz der Mediterranean Shipping Company über Stunden in einem französischen Hafen festgesetzt, wie Bloomberg berichtete. Der Grund: Es bestand der Verdacht, dass russische Cyberkriminelle versucht haben, das Netzwerk des Schiffs zu hacken mit einem Raspberry Pi. Dieser war demnach mit einem Mobilfunkmodem gekoppelt, das den Fernzugriff…
-
Hackers Actively Target Cisco and Palo Alto VPN Gateways to Steal Login Credentials
Tags: attack, authentication, breach, cisco, credentials, cyber, cybersecurity, exploit, hacker, login, network, service, vpnCybersecurity researchers at GreyNoise have identified a large-scale, coordinated campaign targeting enterprise VPN authentication systems. The attackers are systematically attempting to breach Cisco SSL VPN and Palo Alto Networks GlobalProtect services through credential-based attacks rather than exploiting specific vulnerabilities. The campaign activity was observed during mid-December across a concentrated two-day period, revealing a sophisticated approach…
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…