eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

225
active users

#rce

2 posts2 participants0 posts today

Tiens, ::lolsob:: RCE dans COD

🎮 Attention les joueurs COD : ça tire désormais directement DANS votre PC !

Une vulnérabilité RCE dans Call of Duty: WWII (PC Game Pass) est activement exploitée cette semaine
⬇️
« Call of Duty: WW2 Players Reporting RCE Exploits on PC »
👇
insider-gaming.com/call-of-dut

(via risky.biz/risky-bulletin-hunte)

Graphite Caught: First Forensic Confirmation of Paragon's iOS Mercenary Spyware Finds Journalists Targeted

An investigation reveals that two journalists were targeted with Paragon's Graphite mercenary spyware on iOS devices. Forensic analysis confirmed the use of a zero-click attack exploiting a vulnerability (CVE-2025-43200) in iOS 18.2.1. The same attacker targeted both victims, suggesting a coordinated effort against media professionals. The spyware was linked to a specific server and iMessage account. This discovery is part of a broader pattern of spyware use against European journalists, raising concerns about press freedom and digital security. The Italian government acknowledged using Graphite in some cases but denied involvement in targeting certain journalists. The incident highlights the ongoing threat of mercenary spyware to civil society and the need for greater accountability.

Pulse ID: 684b4dfdc754eff94f8e1f53
Pulse Link: otx.alienvault.com/pulse/684b4
Pulse Author: AlienVault
Created: 2025-06-12 22:00:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Cybercriminals camouflaging threats as AI tool installers

Cybercriminals are exploiting the popularity of AI by distributing malware disguised as AI solution installers. Three threats have been identified: CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly discovered destructive malware called Numero. CyberLock, developed using PowerShell, encrypts specific files and demands a $50,000 ransom in Monero. Lucky_Gh0$t is a variant of Yashma ransomware, masquerading as a ChatGPT installer. Numero, imitating an AI video creation tool, manipulates Windows GUI components, rendering systems unusable. These threats primarily target B2B sales, technology, and marketing sectors. The attackers use SEO manipulation and various distribution channels to deceive victims. Organizations are urged to exercise caution and verify sources when downloading AI tools.

Pulse ID: 6840ecf1d62aaa388847dbd7
Pulse Link: otx.alienvault.com/pulse/6840e
Pulse Author: AlienVault
Created: 2025-06-05 01:03:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Cyber Attacks on Government Agencies: Detect and Investigate

This analysis examines cyber threats targeting government institutions worldwide, focusing on three case studies: a phishing email targeting the South Carolina Department of Employment and Workforce, a fraudulent domain mimicking the U.S. Social Security Administration, and a malicious PDF posing as a South African Judiciary notice. The study demonstrates how ANY.RUN's solutions, including Threat Intelligence Lookup, Interactive Sandbox, and YARA Search, can be utilized to detect, analyze, and mitigate these threats. Key findings include the use of FormBook stealer, remote access tools, and credential harvesting techniques. The analysis provides actionable insights for government cybersecurity teams to enhance their defensive strategies and response capabilities.

Pulse ID: 68409d6271a2178e01aa5e79
Pulse Link: otx.alienvault.com/pulse/68409
Pulse Author: AlienVault
Created: 2025-06-04 19:24:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Operation Endgame 2.0

International law enforcement agencies have taken additional actions in Operation Endgame, targeting cybercriminal organizations, particularly those behind DanaBot. DanaBot is a powerful modular malware family written in Delphi, capable of keylogging, capturing screenshots, recording desktop videos, exfiltrating files, injecting content into web browsers, and deploying second-stage malware. It operates as a Malware-as-a-Service platform, enabling various attacks. DanaBot has been used in targeted attacks against government officials in the Middle East and Eastern Europe, and for DDoS attacks against Ukrainian servers. The malware implements a custom binary protocol encrypted with RSA and AES, and uses hardcoded C2 servers with Tor as a backup communication channel. Over 50 nicknames have been associated with DanaBot affiliates.

Pulse ID: 683046e8073360953a9307d2
Pulse Link: otx.alienvault.com/pulse/68304
Pulse Author: AlienVault
Created: 2025-05-23 09:59:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor

Hazy Hawk, a sophisticated threat actor, exploits abandoned cloud resources of high-profile organizations through DNS hijacking. By identifying and taking over dangling CNAME records pointing to unused cloud services, they create malicious URLs on reputable domains. These URLs lead users to scams and malware via traffic distribution systems. Hazy Hawk employs layered defenses, including domain obfuscation and content theft from legitimate websites, to avoid detection. They also leverage push notifications to maintain persistent access to victims. The attacks have impacted government agencies, universities, and major corporations worldwide since at least December 2023. This campaign highlights the importance of proper DNS management and the growing sophistication of cybercriminals in the affiliate marketing space.

Pulse ID: 682dfaa58970ca31e76fddb5
Pulse Link: otx.alienvault.com/pulse/682df
Pulse Author: AlienVault
Created: 2025-05-21 16:09:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

I always recommend everyone to turn off any kind of motherboard manufacturers' driver auto-installers. They have a history of containing significant vulnerabilities leading to arbitrary code execution.

The vulnerabilities discovered by MrBruh in ASUS Driver Hub again confirm this recommendation. There were several vulnerabilities that, when combined, lead to a devastating end result.

mrbruh.com/asusdriverhub/