eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

228
active users

#vulnerability

13 posts12 participants3 posts today

The Sharp Taste of Mimo'lette: Analyzing Mimo's Latest Campaign targeting Craft CMS

Between February and May, multiple exploitations of CVE-2025-32432, a Remote Code Execution vulnerability in Craft CMS, were observed. The attack chain involves deploying a webshell, downloading an infection script, and executing malicious payloads including a loader, crypto miner, and residential proxyware. The Mimo intrusion set is believed responsible, using distinctive identifiers like '4l4md4r' and 'n1tr0'. The group deploys XMRig for cryptomining and IPRoyal for bandwidth monetization. Two potential operators, 'EtxArny' and 'N1tr0', were identified through social media analysis. While showing interest in Middle Eastern affairs, the group's primary motivation appears financial. Detection opportunities include monitoring for unusual processes in temporary directories and kernel module alterations.

Pulse ID: 68360c3f4169ef29b7c93f6f
Pulse Link: otx.alienvault.com/pulse/68360
Pulse Author: AlienVault
Created: 2025-05-27 19:02:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Targeted attacks against MSP:s, NATO and Ukraine. Two stories from Sophos and Microsoft published today.

The MSP-attack involved abusing vulnerabilities in SimpleHelp chaining a number of vulnerabilities. A little bit of a more advanced attack IMHO.

Then you have the NATO and Ukraine attacks as detailed by Microsoft, involving password spraying and likely bought credentials from criminal ecosystems.

Funny. Ransomware attackers are more advanced than APTs 🙂

References:
news.sophos.com/en-us/2025/05/

microsoft.com/en-us/security/b

Sophos News · DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customersRansomware actor exploited RMM to access multiple organizations; Sophos EDR blocked encryption on customer’s network

Rogue communication devices found in Chinese solar power inverters

“Rogue communication devices not listed in product documents have been found in some Chinese solar power inverters by US experts who strip down equipment hooked up to grids to check for security issues, the two people said. Over the past nine months ...continues

See gadgeteer.co.za/rogue-communic

Aerial view of a vast solar farm featuring rows of black solar panels under a clear sky, with green fields and trees in the background.
GadgeteerZA · Rogue communication devices found in Chinese solar power inverters“Rogue communication devices not listed in product documents have been found in some Chinese solar power inverters by US experts who strip down equipment

China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability

A critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM) is being actively exploited by a China-nexus threat actor, UNC5221. The exploitation targets internet-facing EPMM deployments across various sectors including healthcare, telecommunications, and government. The attackers utilize unauthenticated remote code execution to gain initial access, followed by the deployment of KrustyLoader malware for persistence. They leverage hardcoded MySQL credentials to exfiltrate sensitive data from the EPMM database. The threat actor also uses the Fast Reverse Proxy (FRP) tool for network reconnaissance and lateral movement. The compromised systems span multiple countries in Europe, North America, and Asia-Pacific, indicating a global espionage campaign likely aligned with Chinese state interests.

Pulse ID: 682e5bbc1075b03f94642762
Pulse Link: otx.alienvault.com/pulse/682e5
Pulse Author: AlienVault
Created: 2025-05-21 23:03:24

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Asia#China#Chinese

Critical security flaws discovered in VMware core products including vCenter Server and ESXi. Vulnerabilities could allow command execution and service disruption. Updates available now to protect your infrastructure.

#SecurityLand #CyberWatch #Broadcom #VMware #Vulnerability #PatchNow #SecurityVulnerability #Technology

Read More: security.land/multiple-securit