Understanding CYBEREYE RAT Builder: Capabilities and Implications

CyberEye, also known as TelegramRAT, is a modular .NET-based Remote Access Trojan that uses Telegram Bot API for command and control, enabling stealthy surveillance and data theft without requiring attacker infrastructure. Its capabilities include credential harvesting, defense evasion by disabling Windows Defender, clipboard hijacking, and persistence via scheduled tasks, making it a significant threat for users and organizations. #CyberEye #TelegramRAT #TelegramBotAPI

Read More
The Week in Vulnerabilities: Cyble Warns of Rising Exploits Targeting ICS, Enterprise, and Web Systems

Between May 28 and June 3, 2025, multiple high-severity vulnerabilities were actively exploited by various threat actors, including a China-linked APT group targeting diverse industries. Cyble Research & Intelligence Labs observed increased exploit attempts, malware campaigns, and critical infrastructure risks, emphasizing the urgency of patching and enhanced cybersecurity measures. #CVE-2024-56145 #CVE-2025-5419 #ChinaAPT #MiraiBotnet

Read More
CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage

Check Point Research revealed a sophisticated campaign by the APT group Stealth Falcon exploiting a zero-day vulnerability (CVE-2025-33053) through malicious .url files to deliver custom malware implants such as the Horus Agent. The group targets government and defense sectors in the Middle East and Africa using spear-phishing, WebDAV exploitation, and customized post-exploitation tools including keyloggers and credential dumpers. #StealthFalcon #CVE2025-33053 #HorusAgent

Read More
Stealth Falcon Exploits New Zero-Day (CVE-2025-33053) in Sophisticated Cyberespionage Campaign

A sophisticated cyberespionage campaign attributed to Stealth Falcon involves a zero-day vulnerability (CVE-2025-33053) in Microsoft Windows WebDAV to infiltrate defense organizations in the Middle East and Africa. The attackers utilized malicious .url files, custom malware loaders, and a C++ implant called Horus, demonstrating advanced obfuscation and stealth techniques. #StealthFalcon #CVE-2025-33053…

Read More
A Detailed Guide on Certipy

This article provides a comprehensive overview of Certipy, a toolkit used to exploit and defend Active Directory Certificate Services (AD CS). It details various attack techniques, including template misconfigurations, privilege escalation, certificate forging, and relay attacks, emphasizing the importance of proper security controls. #ActiveDirectoryCertificateServices #Certipy #ESC1 #ShadowCredentials #PKINIT

Read More
Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

This article discusses Microsoft’s June 2025 Patch Tuesday, which resolves 66 vulnerabilities including one actively exploited zero-day and one publicly disclosed zero-day. Key fixes target critical remote code execution and privilege escalation flaws, with additional updates from various vendors addressing vulnerabilities across multiple products. #WEBDAV #SMBClient #StealthFalcon

Read More
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict

The Black Basta ransomware group’s social engineering attacks sharply declined after December 2024, with evidence indicating that BlackSuit affiliates have adopted or absorbed their tactics. Rapid7’s analysis reveals sophisticated Java RAT and QEMU-based malware deployments, leveraging cloud services for command and control, and highlights ongoing evolution in attacker methods. #BlackBasta #BlackSuit #JavaRAT

Read More