For over a decade, russia-backed Sandworm APT group (also tracked as UAC-0145, APT44) has consistently targeted Ukrainian organizations, with a primary focus on state bodies and critical infrastructure. Since the full-scale invasion, this GRU-affiliated military cyber-espionage group has intensified its attacks against Ukrainian targets. The latest malicious campaign, analyzed in February 2025, appears to have […]

The post Sandworm APT Attacks Detection: russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine appeared first on SOC Prime.

XE Group, likely a Vietnam-linked hacking collective that has been active in the cyber threat arena for over a decade is believed to be behind the exploitation of a couple of VeraCore zero-day vulnerabilities. During the latest campaign, adversaries weaponized VeraCore flaws tracked as CVE-2024-57968 and CVE-2025-25181 to deploy reverse shells and web shells, ensuring […]

The post XE Group Activity Detection: From Credit Card Skimming to Exploiting CVE-2024-57968 and CVE-2025-25181 VeraCore Zero-Day Vulnerabilities appeared first on SOC Prime.

Since a full-scale invasion of Ukraine, cybercriminal groups of russian origin have relentlessly targeted the Ukrainian state bodies and business sectors for espionage and destruction. Recently, cybersecurity researchers uncovered a massive cyber-espionage campaign exploiting a 7-Zip zero-day vulnerability to deliver SmokeLoader malware. The campaign’s ultimate objective was cyber espionage, intensifying the digital frontlines of the […]

The post CVE-2025-0411 Detection: russian Cybercrime Groups Rely on Zero-Day Vulnerability in 7-Zip to Target Ukrainian Organizations appeared first on SOC Prime.

Shortly after the critical zero-click OLE vulnerability in Microsoft Outlook (CVE-2025-21298), yet another dangerous security threat has come to light. A recently patched privilege escalation vulnerability affecting Active Directory Domain Services (CVE-2025-21293) has taken a dangerous turn. With a proof-of-concept (PoC) exploit now circulating publicly online, the risk of exploitation has significantly increased. This vulnerability opens […]

The post CVE-2025-21293 Detection: PoC Exploit Released for a Privilege Escalation Vulnerability in Active Directory Domain Services appeared first on SOC Prime.

Lumma Stealer, nefarious info-stealing malware, resurfaces in the cyber threat arena. Defenders recently uncovered an advanced adversary campaign distributing Lumma Stealer through GitHub infrastructure along with other malware variants, including SectopRAT, Vidar, and Cobeacon. Detect Lumma Stealer, SectopRAT, Vidar, Cobeacon Deployed via GitHub Lumma Stealer is a notorious data-stealing malware that extracts credentials, cryptocurrency wallets, […]

The post Lumma Stealer Detection: Sophisticated Campaign Using GitHub Infrastructure to Spread SectopRAT, Vidar, Cobeacon, and Other Types of Malware appeared first on SOC Prime.

Financially motivated hackers are behind an ongoing malicious campaign targeting Poland and Germany. These phishing attacks aim to deploy multiple payloads, including Agent Tesla, Snake Keylogger, and a novel backdoor dubbed TorNet, which is delivered via PureCrypter malware.  Detect TorNet Backdoor A significant rise in phishing campaigns, with a 202% increase in phishing messages over […]

The post TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads appeared first on SOC Prime.

Defenders shed light on a set of vulnerabilities in Ivanti Cloud Service Appliances (CSA) that can be chained for further exploitation. The latest joint alert by CISA and FBI notifies the global defender community of at least two exploit chains using Invanti vulnerabilities tracked as CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380. Adversaries can take advantage of exploit […]

The post CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities  appeared first on SOC Prime.

Hard on the heels of the disclosure of a denial-of-service (DoS) vulnerability in Windows LDAP, known as CVE-2024-49113 aka LDAPNightmare, another highly critical vulnerability affecting Microsoft products comes to the scene. The recently patched Microsoft Outlook vulnerability tracked as CVE-2025-21298 poses significant email security risks by allowing attackers to perform RCE on Windows devices through […]

The post CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution  appeared first on SOC Prime.

Adversaries frequently leverage legitimate tools in their malicious campaigns. The popular AnyDesk remote utility has also been largely exploited by hackers for offensive purposes. Cyber defenders have unveiled the recent misuse of AnyDesk software to connect to targeted computers, masquerading the malicious efforts as CERT-UA activity. Detect Cyber-Attacks Exploiting AnyDesk Based on CERT-UA Research Adversaries […]

The post Hackers Exploit AnyDesk Impersonating CERT-UA to Launch Cyber-Attacks  appeared first on SOC Prime.

Hot on the heels of the release of the first PoC exploit for a critical RCE vulnerability in the Windows LDAP, known as CVE-2024-49112, another vulnerability in the same software protocol in Windows environments is causing a stir. A discovery of CVE-2024-49113, a new denial-of-service (DoS) vulnerability, also known as LDAPNightmare, is hitting the headlines […]

The post CVE-2024-49113 Detection: Windows LDAP Denial-of-Service Vulnerability aka LDAPNightmare Exploited via a Publicly Available PoC appeared first on SOC Prime.