Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

Hosting Provider CloudNordic Loses All Customer Data in Ransomware Attack


According to CloudNordic, the attackers took advantage of an ongoing transition to a new data center and likely leveraged an existing, dormant infection to encrypt all systems. Read more.

6 Ransomware Trends & Evolutions to Watch For


In the era of digital transformation, ransomware groups are adapting to changing technology. The next evolution of ransomware could begin with these trends. Read more.

Adobe ColdFusion vulnerability exploited in the wild

Source: Malwarebytes LABS

According to Adobe, Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Read more.

Profile Stealers Spread via LLM-themed Facebook Ads


In this blog entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials. Read more.

The Stealthy Threat: Unveiling the Dangers of Cookie Capture

Source: Constella INTELLIGENCE

Cookie capture occurs most commonly after a botnet Infostealer malware infection, where the malicious software can capture an extraordinary amount of information from your computer, including your browser cookies. Infostealer malware infections are the most rapidly growing attack vector today. Read more.

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

Source: Talos

In this campaign, the attackers began exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) five days after PoCs for the exploit were publicly disclosed to deliver and deploy a newer malware threat we track as “QuiteRAT.” Read more.

API Abuse – Lessons from the Duolingo Data Scraping Attack

Source: wallarm

It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. Read more.

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Source: Microsoft

Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along with some normally benign software to quietly remain in these networks. Read more.

Fake Roblox packages target npm with Luna Grabber information-stealing malware


ReversingLabs researchers have identified more than a dozen malicious packages on the npm public repository since the beginning of August, including multistage, malicious packages that placed Luna Grabber, an open-source information-stealing malware, on infected systems. Read more.

Kroll Employee SIM-Swapped for Crypto Investor Data

Source: Krebs on Security

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. Read more.

XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Source: SentinelOne

Now, however, XLoader has returned in a new form and without the dependencies. Written natively in the C and Objective C programming languages and signed with an Apple developer signature, XLoader is now masquerading as an office productivity app called ‘OfficeNote’. Read more.

Data breach at French govt agency exposes info of 10 million people


Pôle emploi, France’s governmental unemployment registration and financial aid agency, is informing of a data breach that exposed data belonging to 10 million individuals. Read more.


Source: Secureworks

On August 8, 2023, Secureworks® Counter Threat Unit™ (CTU) researchers observed the Smoke Loader botnet dropping a custom Wi-Fi scanning executable to infected systems. CTU™ researchers named this malware Whiffy Recon. It triangulates the infected systems’ positions using nearby Wi-Fi access points as a data point for Google’s geolocation API. Read more.


Source: Security Affairs

Cisco this week addressed multiple flaws in its products, including three high-severity flaws in NX-OS and FXOS software. An attacker can exploit these three issues to cause a denial-of-service (DoS) condition. Read more.