Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

Microsoft Alerts More Users in Update to Midnight Blizzard Hack

Source: GBHackers

Microsoft has issued a new alert to its users, updating them on the continued threat posed by Midnight Blizzard, a Russian state-sponsored hacking group also known as NOBELIUM. Read more.

Remote access giant TeamViewer says Russian spies hacked its corporate network

Source: TechCrunch

In a statement Friday, the company attributed the compromise to government-backed hackers working for Russian intelligence, known as APT29 (and Midnight Blizzard). Read more.

New InnoSetup Malware Created Upon Each Download Attempt

Source: ASEC

Unlike past malware which performed malicious behaviors immediately upon being executed, this malware displays an installer UI and malicious behaviors are executed upon clicking buttons during the installation process. Read more.

Polyfill Supply Chain Attack Hits Over 100k Websites


On Tuesday, security researchers at Sansec and C/side confirmed that the cdn.polyfill.io domain is injecting malicious code into more than 100,000 websites that are using it. Read more.

Medusa Reborn: A New Compact Variant Discovered

Source: Cleafy

Analysing the evolution of Medusa samples over the past few months, it is clear that TAs aim to enhance the efficiency of the available features while simultaneously strengthening the botnet by refactoring the permissions required during the installation phase. Read more.

UAC-0184 Abuses Python in DLL Sideloading for XWORM Distribution

Source: CYBLE

CRIL recently observed a malware campaign targeting Ukraine using the Remote Access Trojan (RAT) known as XWorm. Upon investigation, it was found that this campaign is associated with the Threat Actor (TA) group UAC-0184. Read more.

New security loophole allows spying on internet users visiting websites and watching videos

Source: Tech Xplore

No malicious code is required to exploit this vulnerability, known as “SnailLoad,” and the data traffic does not need to be intercepted. All types of end devices and internet connections are affected. Read more.

Cyber attack compromised Indonesia data centre, ransom sought

Source: Reuters

A cyber attacker compromised Indonesia’s national data centre, disrupting immigration checks at airports, and asked for an $8 million ransom, the country’s communications minister told Reuters on Monday. Read more.

CDK Global outage caused by BlackSuit ransomware attack


The negotiations come after the BlackSuit ransomware attack forced CDK to shut down its IT systems and data centers to prevent the attack’s spread, including its car dealership platform. The company tried restoring services on Wednesday but suffered a second cybersecurity incident, causing it to shut down all IT systems again. Read more.

Fickle Stealer Distributed via Multiple Attack Chain


In May 2024, FortiGuard Labs observed a Rust-based stealer. In addition to its intricate code, the stealer is distributed using a variety of strategies and has a flexible way of choosing its target. Because of this ambiguity, we decided to call it Fickle Stealer. Read more.