Tag: vpn

SonicWall VPN accounts breached using stolen creds in widespread attacks

Oct 13, 2025 6:24 PM

Tags: attack, breach, threat, vpn

Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-vpn-accounts-breached-using-stolen-creds-in-widespread-attacks/
New Stealit Malware Campaign Spreads via VPN and Game Installer Apps

Oct 13, 2025 4:23 PM

Tags: infrastructure, malware, vpn

A new campaign distributing the Stealit infostealer employs previously unknown malware delivery techniques and infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-stealit-malware-campaign-vpn/
New Stealit Malware Campaign Spreads via VPN and Game Installer Apps

Oct 13, 2025 4:23 PM

Tags: infrastructure, malware, vpn

A new campaign distributing the Stealit infostealer employs previously unknown malware delivery techniques and infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-stealit-malware-campaign-vpn/
Security Misconfigurations: The Future Disaster That’s Staring You in the Face

Oct 13, 2025 11:24 AM

Tags: ai, cyber, vpn

Misconfigurations”, not hackers”, cause many cyber breaches. Learn how IP restrictions, VPNs, and new AI protocols like MCP can expose hidden security gaps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/security-misconfigurations-the-future-disaster-thats-staring-you-in-the-face/
Stealit Malware spreads via fake game VPN installers on Mediafire and Discord

Oct 13, 2025 10:23 AM

Tags: fortinet, malware, vpn

Stealit malware abuses Node.js SEA and Electron to spread via fake game and VPN installers shared on Mediafire and Discord. Fortinet FortiGuard Labs researchers spotted Stealit malware campaign abusing Node.js Single Executable Application (SEA) and sometimes Electron to spread via fake game and VPN installers on Mediafire and Discord. Fortinet uncovered the campaign while investigating…
Stealit Malware spreads via fake game VPN installers on Mediafire and Discord

Oct 13, 2025 10:23 AM

Tags: fortinet, malware, vpn

Stealit malware abuses Node.js SEA and Electron to spread via fake game and VPN installers shared on Mediafire and Discord. Fortinet FortiGuard Labs researchers spotted Stealit malware campaign abusing Node.js Single Executable Application (SEA) and sometimes Electron to spread via fake game and VPN installers on Mediafire and Discord. Fortinet uncovered the campaign while investigating…
SonicWall SSLVPN Targeted After Hackers Breach All Customer Firewall Backups

Oct 13, 2025 8:23 AM

Tags: attack, backup, breach, credentials, cyber, cybersecurity, firewall, hacker, threat, vpn

Cybersecurity researchers at Huntress have detected a widespread attack campaign targeting SonicWall SSL VPN devices across multiple customer environments, with over 100 accounts compromised since early October. The attacks appear coordinated and sophisticated, with threat actors rapidly authenticating into multiple accounts using what appears to be valid credentials rather than brute-force techniques. Cyber breach alert…
New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs

Oct 13, 2025 8:23 AM

Tags: backdoor, cisco, control, credentials, cybersecurity, malware, rust, vpn

Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts.”Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileged Active Directory account named, ‘serviceaccount,’” eSentire said in a technical report published First seen on thehackernews.com…
SonicWall SSLVPN Targeted After Hackers Breach All Customer Firewall Backups

Oct 13, 2025 8:23 AM

Tags: attack, backup, breach, credentials, cyber, cybersecurity, firewall, hacker, threat, vpn

Cybersecurity researchers at Huntress have detected a widespread attack campaign targeting SonicWall SSL VPN devices across multiple customer environments, with over 100 accounts compromised since early October. The attacks appear coordinated and sophisticated, with threat actors rapidly authenticating into multiple accounts using what appears to be valid credentials rather than brute-force techniques. Cyber breach alert…
Attackers exploit valid logins in SonicWall SSL VPN compromise

Oct 11, 2025 6:23 PM

Tags: access, breach, credentials, cybersecurity, exploit, login, threat, vpn

Huntress warns of widespread SonicWall SSL VPN breaches, with attackers using valid credentials to access multiple accounts rapidly. Cybersecurity firm Huntress warned of a widespread compromise of SonicWall SSL VPNs, with threat actors using valid credentials to access multiple customer accounts rapidly. >>As of October 10, Huntress has observed widespread compromise of SonicWall SSLVPN devices…
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Oct 11, 2025 5:23 PM

Tags: access, attack, control, credentials, cybersecurity, vpn

Cybersecurity company Huntress on Friday warned of “widespread compromise” of SonicWall SSL VPN devices to access multiple customer environments.”Threat actors are authenticating into multiple accounts rapidly across compromised devices,” it said. “The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing.”A significant chunk of First seen…
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Oct 11, 2025 5:23 PM

Tags: access, attack, control, credentials, cybersecurity, vpn

Cybersecurity company Huntress on Friday warned of “widespread compromise” of SonicWall SSL VPN devices to access multiple customer environments.”Threat actors are authenticating into multiple accounts rapidly across compromised devices,” it said. “The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing.”A significant chunk of First seen…
Stealit Malware Using Node.js to Hide in Fake Game and VPN Installers

Oct 10, 2025 5:23 PM

Tags: detection, fortinet, malware, vpn, windows

Fortinet warns of Stealit, a MaaS infostealer, now targeting Windows systems and evading detection by using Node.js’s SEA feature while hiding in fake game and VPN installers. First seen on hackread.com Jump to article: hackread.com/stealit-malware-node-js-fake-game-vpn-installers/
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Oct 10, 2025 5:23 PM

Tags: cybersecurity, fortinet, framework, malware, open-source, vpn

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads.According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It’s assessed that the malware is being propagated through First…
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Oct 10, 2025 5:23 PM

Tags: cybersecurity, fortinet, framework, malware, open-source, vpn

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads.According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It’s assessed that the malware is being propagated through First…
Chaosbot Using CiscoVPN and Active Directory Passwords for Network Commands

Oct 10, 2025 3:23 PM

Tags: access, cyber, finance, login, network, password, service, vpn

Adversaries have once again demonstrated that operational hours are irrelevant when mounting sophisticated cyberattacks. eSentire’s TRU team first observed suspicious activity within a financial services customer’s environment when legitimate CiscoVPN logins coincided with anomalous WMI calls to multiple endpoints. Investigation revealed that an Active Directory account named “serviceaccount” had been abused alongside the VPN access,…
Chaosbot Using CiscoVPN and Active Directory Passwords for Network Commands

Oct 10, 2025 3:23 PM

Tags: access, cyber, finance, login, network, password, service, vpn

Adversaries have once again demonstrated that operational hours are irrelevant when mounting sophisticated cyberattacks. eSentire’s TRU team first observed suspicious activity within a financial services customer’s environment when legitimate CiscoVPN logins coincided with anomalous WMI calls to multiple endpoints. Investigation revealed that an Active Directory account named “serviceaccount” had been abused alongside the VPN access,…
itSpecial

Oct 10, 2025 2:23 PM

Tags: access, authentication, cloud, conference, cyber, detection, dora, DSGVO, firewall, insurance, ivanti, linux, mobile, oracle, privacy, risk-analysis, software, vpn, waf

Agentforce im Privacy Center Salesforce Ivanti hat Connect Secure generalüberholt: Ivanti hat auf der it-sa die Version 25.X von Ivanti Connect Secure (ICS) vorgestellt. Nach den Sicherheitsvorfällen zu Beginn des Jahres wurde die VPN-Software nun laut Hersteller nach dem Prinzip ‘Security by Design” neu entwickelt. Dazu gehören ein moderner Webserver und eine Web Application Firewall…
itSpecial

Oct 10, 2025 2:23 PM

Tags: access, authentication, cloud, conference, cyber, detection, dora, DSGVO, firewall, insurance, ivanti, linux, mobile, oracle, privacy, risk-analysis, software, vpn, waf

Agentforce im Privacy Center Salesforce Ivanti hat Connect Secure generalüberholt: Ivanti hat auf der it-sa die Version 25.X von Ivanti Connect Secure (ICS) vorgestellt. Nach den Sicherheitsvorfällen zu Beginn des Jahres wurde die VPN-Software nun laut Hersteller nach dem Prinzip ‘Security by Design” neu entwickelt. Dazu gehören ein moderner Webserver und eine Web Application Firewall…
itSpecial

Oct 10, 2025 2:23 PM

Tags: access, authentication, cloud, conference, cyber, detection, dora, DSGVO, firewall, insurance, ivanti, linux, mobile, oracle, privacy, risk-analysis, software, vpn, waf

Agentforce im Privacy Center Salesforce Ivanti hat Connect Secure generalüberholt: Ivanti hat auf der it-sa die Version 25.X von Ivanti Connect Secure (ICS) vorgestellt. Nach den Sicherheitsvorfällen zu Beginn des Jahres wurde die VPN-Software nun laut Hersteller nach dem Prinzip ‘Security by Design” neu entwickelt. Dazu gehören ein moderner Webserver und eine Web Application Firewall…
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware

Oct 10, 2025 2:23 PM

Tags: access, attack, cyber, exploit, extortion, network, ransomware, threat, update, vpn, vulnerability

A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware

Oct 10, 2025 2:23 PM

Tags: access, attack, cyber, exploit, extortion, network, ransomware, threat, update, vpn, vulnerability

A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware

Oct 10, 2025 2:23 PM

Tags: access, attack, cyber, exploit, extortion, network, ransomware, threat, update, vpn, vulnerability

A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware

Oct 10, 2025 2:23 PM

Tags: access, attack, cyber, exploit, extortion, network, ransomware, threat, update, vpn, vulnerability

A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
LockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditions

Oct 9, 2025 4:23 PM

Tags: access, attack, breach, control, credentials, cybercrime, data, firewall, group, infrastructure, law, leak, lockbit, network, ransomware, service, technology, vpn

Critical infrastructure declared fair game: As part of LockBit’s return announcement, the group revealed that critical infrastructure sectors previously considered off-limits would now be permissible targets for its affiliates. “It is permissible to attack critical infrastructure such as nuclear power plants, thermal power plants, hydroelectric power plants, and other similar organizations,” the group stated, according…
LockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditions

Oct 9, 2025 4:23 PM

Tags: access, attack, breach, control, credentials, cybercrime, data, firewall, group, infrastructure, law, leak, lockbit, network, ransomware, service, technology, vpn

Critical infrastructure declared fair game: As part of LockBit’s return announcement, the group revealed that critical infrastructure sectors previously considered off-limits would now be permissible targets for its affiliates. “It is permissible to attack critical infrastructure such as nuclear power plants, thermal power plants, hydroelectric power plants, and other similar organizations,” the group stated, according…
Hackers Enhance ClickFix Attack Using Cache Smuggling to Stealthily Download Malicious Files

Oct 9, 2025 11:23 AM

Tags: attack, compliance, cyber, cybersecurity, fortinet, hacker, malicious, social-engineering, threat, vpn

Cybersecurity researchers have discovered a sophisticated evolution of the ClickFix attack technique that leverages browser cache smuggling to covertly place malicious files on target systems without traditional file downloads. This advanced social engineering campaign specifically targets enterprise users through fake Fortinet VPN compliance pages, demonstrating how threat actors continuously adapt their methods to evade detection.…
Purdue 2.0? : Rising to the Challenge to secure OT with Zero Trust Connectivity

Oct 8, 2025 3:58 PM

Tags: access, ai, attack, automation, breach, cloud, compliance, control, corporate, csf, cyber, cybercrime, cybersecurity, data, defense, detection, dns, email, endpoint, espionage, exploit, extortion, firewall, firmware, framework, incident response, infrastructure, intelligence, Internet, iot, malicious, malware, mitre, monitoring, network, nist, organized, phishing, ransomware, resilience, risk, service, siem, soc, software, spear-phishing, supply-chain, tactics, technology, theft, threat, tool, unauthorized, update, vpn, vulnerability, zero-trust

Our connected world is getting dangerously messy. Demands on the effective protection of OT environments has never been greater than it is today. This is only growing. Cybercrime is becoming more organized with RaaS and the internal threat is enhanced by huge payouts of initial access brokers. Additionally, Nation States are posturing for cyber war…
Purdue 2.0? : Rising to the Challenge to secure OT with Zero Trust Connectivity

Oct 8, 2025 3:58 PM

Tags: access, ai, attack, automation, breach, cloud, compliance, control, corporate, csf, cyber, cybercrime, cybersecurity, data, defense, detection, dns, email, endpoint, espionage, exploit, extortion, firewall, firmware, framework, incident response, infrastructure, intelligence, Internet, iot, malicious, malware, mitre, monitoring, network, nist, organized, phishing, ransomware, resilience, risk, service, siem, soc, software, spear-phishing, supply-chain, tactics, technology, theft, threat, tool, unauthorized, update, vpn, vulnerability, zero-trust

Our connected world is getting dangerously messy. Demands on the effective protection of OT environments has never been greater than it is today. This is only growing. Cybercrime is becoming more organized with RaaS and the internal threat is enhanced by huge payouts of initial access brokers. Additionally, Nation States are posturing for cyber war…
So verändert SASE die Cybersicherheit

Oct 8, 2025 1:58 PM

Tags: access, cyberattack, cyersecurity, defense, firewall, service, strategy, tool, vpn

Angesichts rasant steigender Cyberangriffe und wachsender Vernetzung scheint die klassische Defense-in-Depth-Strategie an ihre Grenzen zu stoßen. Unternehmen setzen heute auf zahlreiche Einzellösungen Firewalls, VPNs, SWG, CASB etc. doch die Koordination untereinander funktioniert selten reibungslos. Das Ergebnis: Transparenzlücken, unübersichtliche Tools, widersprüchliche Richtlinien, langsame Reaktion und hohe Kosten. Secure-Access-Service-Edge (SASE) wird in diesem Kontext als […] First…