Aggregator

SentinelLABS has exposed a sophisticated series of cryptocurrency scams where threat actors distribute malicious smart contracts masquerading as automated trading bots, resulting in the drainage of user wallets exceeding $900,000 USD. These scams leverage obfuscated Solidity code deployed on platforms like the Remix Solidity Compiler, targeting Ethereum-based ecosystems. The campaigns, active since early 2024, employ […]

The post Threat Actors Exploit Smart Contracts to Drain Over $900K from Crypto Wallets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

You must login to view this content

The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least 2012, the group leverages spear-phishing emails with military-themed lures to deliver malicious archives, such as […]

The post Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Two sophisticated ransomware operations have emerged as significant threats to managed service providers (MSPs) and small businesses, with the Akira and Lynx groups deploying advanced attack techniques that combine stolen credentials with vulnerability exploitation. These ransomware-as-a-service (RaaS) operations have collectively compromised over 365 organizations, demonstrating their effectiveness in targeting high-value infrastructure providers that serve multiple […]

The post Akira and Lynx Ransomware Attacking Managed Service Providers With Stolen Login Credential and Vulnerabilities appeared first on Cyber Security News.

It’s a “pivotal” moment for Sean Cairncross, fresh off his Senate confirmation in a changing federal cyber landscape.

The post New National Cyber Director Cairncross faces challenges on policy, bureaucracy, threats appeared first on CyberScoop.

Creator/Author/Presenter: Eleanor Mount

Our deep appreciation to Security BSides - San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Third-Party Risk Management: SOC 2s, Security Questionnaires, And Psychosis appeared first on Security Boulevard.

Trend Micro releases a temporary mitigation tool to reduce exposure to two unpatched zero-day command injection vulnerabilities which have been exploited.

On August 5, Trend Micro released a security advisory for two critical flaws affecting on-prem versions of Apex One Management Console. According to the advisory, Trend Micro has observed active exploitation of the vulnerabilities.

According to Trend Micro, these two CVEs are the same, however CVE-2025-54987 was issued for a different CPU architecture.

CVE-2025-54987 and CVE-2025-54948 are both command injection vulnerabilities affecting the management console of on-prem installations of Trend Micro Apex One. An unauthenticated attacker with network or physical access to a vulnerable machine can upload arbitrary files, allowing the attacker to execute commands and achieve code execution. While two CVEs were issued, the advisory notes that CVE-2025-54987 was issued for a different CPU architecture than CVE-2025-54948.

Trend Micro Apex One™ as a Service and Trend Vision One Endpoint Security - Standard Endpoint Protection have been mitigated to these vulnerabilities as of July 31 and are not impacted by them. At this time, only on-prem installations of Apex One are affected.

Historical exploitation of Apex One

Apex One has been targeted by threat actors in the past, including zero-day exploitation of flaws affecting on-prem installations. CVE-2020-8467 and CVE-2020-8468 were addressed in March 2020 after in the wild exploitation was discovered, followed by CVE-2022-40139 in September 2022. As of the time this blog was published on August 6, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) lists nine vulnerabilities in Apex One in its Catalog of Known Exploited Vulnerabilities (KEV).

As of the time this blog was published on August 6, Trend Micro’s security advisory for these vulnerabilities notes that a patch has not yet been released and is to be expected “around the middle of August 2025.” We will update the blog with further updates and solution steps once patches are released.

In the meantime, a short-term mitigation tool has been released. This tool can be used to protect against known exploits and disables “the ability for administrators to utilize the Remote Install Agent function to deploy agents.”

While successful exploitation requires an attacker to either have physical access or network access to the management interface, Trend Micro suggests that customers who have publicly exposed the management console's IP address also consider additional mitigation factors to restrict access to the management console.

A list of Tenable plugins for this vulnerability can be found on the individual CVE pages for CVE-2025-54987 and CVE-2025-54948 as they’re released. This link will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.

• Trend Micro Security Advisory: ITW CRITICAL SECURITY BULLETIN: Trend Micro Apex One™ (On-Premise) Management Console Command Injection RCE Vulnerabilities

Join Tenable's Research Special Operations (RSO) Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild appeared first on Security Boulevard.