CyberEye, also known as TelegramRAT, is a modular .NET-based Remote Access Trojan that uses Telegram Bot API for command and control, enabling stealthy surveillance and data theft without requiring attacker infrastructure. Its capabilities include credential harvesting, defense evasion by disabling Windows Defender, clipboard hijacking, and persistence via scheduled tasks, making it a significant threat for users and organizations. #CyberEye #TelegramRAT #TelegramBotAPI
Tag: WINDOWS

Between May 28 and June 3, 2025, multiple high-severity vulnerabilities were actively exploited by various threat actors, including a China-linked APT group targeting diverse industries. Cyble Research & Intelligence Labs observed increased exploit attempts, malware campaigns, and critical infrastructure risks, emphasizing the urgency of patching and enhanced cybersecurity measures. #CVE-2024-56145 #CVE-2025-5419 #ChinaAPT #MiraiBotnet

Check Point Research revealed a sophisticated campaign by the APT group Stealth Falcon exploiting a zero-day vulnerability (CVE-2025-33053) through malicious .url files to deliver custom malware implants such as the Horus Agent. The group targets government and defense sectors in the Middle East and Africa using spear-phishing, WebDAV exploitation, and customized post-exploitation tools including keyloggers and credential dumpers. #StealthFalcon #CVE2025-33053 #HorusAgent

Microsoft has addressed a critical Windows vulnerability, CVE-2025-33053, exploited by a sophisticated hacking group targeting Middle Eastern and African governments. The attack involved phishing and remote code execution via WebDAV, highlighting advanced espionage tactics. #CVE2025-33053 #StealthFalcon…

A sophisticated cyberespionage campaign attributed to Stealth Falcon involves a zero-day vulnerability (CVE-2025-33053) in Microsoft Windows WebDAV to infiltrate defense organizations in the Middle East and Africa. The attackers utilized malicious .url files, custom malware loaders, and a C++ implant called Horus, demonstrating advanced obfuscation and stealth techniques. #StealthFalcon #CVE-2025-33053…

A vulnerability in Insyde H2O UEFI firmware allows attackers to inject digital certificates via unprotected NVRAM variables, bypassing Secure Boot protections. This flaw can enable malicious code execution during early boot, posing significant security risks to affected systems. #InsydeH2O #UEFIvulnerability…

This article provides a comprehensive overview of Certipy, a toolkit used to exploit and defend Active Directory Certificate Services (AD CS). It details various attack techniques, including template misconfigurations, privilege escalation, certificate forging, and relay attacks, emphasizing the importance of proper security controls. #ActiveDirectoryCertificateServices #Certipy #ESC1 #ShadowCredentials #PKINIT

Microsoft released patches for 66 security flaws across Windows, including a highly exploitable WebDAV remote code execution bug. The vulnerability, linked to the APT group Stealth Falcon, affects all supported Windows versions and allows attackers to execute arbitrary code through browser-based attacks. #WebDAV #StealthFalcon…

Adobe has issued critical security updates for several products, including Acrobat Reader, Commerce, InCopy, and Experience Manager, addressing multiple vulnerabilities. While no active exploits are known, these flaws pose significant risks like remote code execution and privilege escalation. #AdobeAcrobatReader #AdobeCommerce #InCopy #ExperienceManager…

Microsoft is expanding its list of blocked attachments in Outlook Web and Outlook for Windows to include .library-ms and .search-ms files starting in July 2025. This measure aims to prevent phishing and malware attacks exploiting these rarely used file types and enhance overall security against Windows vulnerabilities. #CVE-2025-24054 #CVE-2022-30190

Microsoft released the June 2025 Patch Tuesday updates for Windows 11, addressing 66 vulnerabilities and adding new features like a 60-day System Restore point. These updates enhance system security, introduce new functionalities, and fix various bugs affecting performance and user experience. #Windows11 #PatchTuesday

This article discusses Microsoft’s June 2025 Patch Tuesday, which resolves 66 vulnerabilities including one actively exploited zero-day and one publicly disclosed zero-day. Key fixes target critical remote code execution and privilege escalation flaws, with additional updates from various vendors addressing vulnerabilities across multiple products. #WEBDAV #SMBClient #StealthFalcon

Microsoft’s KB5060533 update for Windows 10 22H2 and 21H2 introduces security fixes and new features, including seconds in the Calendar flyout. It addresses multiple vulnerabilities and improves calendar and UI functionalities, emphasizing security and usability enhancements. #Windows10 #KB5060533
The Black Basta ransomware group’s social engineering attacks sharply declined after December 2024, with evidence indicating that BlackSuit affiliates have adopted or absorbed their tactics. Rapid7’s analysis reveals sophisticated Java RAT and QEMU-based malware deployments, leveraging cloud services for command and control, and highlights ongoing evolution in attacker methods. #BlackBasta #BlackSuit #JavaRAT

Cybersecurity researchers have uncovered Myth Stealer, a Rust-based info stealer distributed via fake gaming websites and a MaaS platform, capable of stealing browser data and evading detection. This malware highlights the ongoing use of game cheat lures to spread malicious tools and exploit user trust. #MythStealer #RustMalware…