Security Advisories

 Google Chrome’s latest zero-day,CVE-2025-2783, came to light in March 2025 after researchers uncovered a flaw in the Mojo IPC message-passing framework. Carefully crafted messages let attackers vault Chrome’s sandbox and run arbitrary code on the host with virtually no user action. The weakness is being weaponised in Operation ForumTroll, an espionage campaign attributed to the TaxOff threat group—assessed as a subsidiary of APT Team 46—that is zeroing in on government, media, and academic networks.Targets receive spear-phishing emails posing as event invitations; opening the link in a vulnerable browser implants the Trinper backdoor, handing attackers durable command-and-control. Google addressed the issue in Chrome 134.0.6998.177 for Windows on 25 March 2025.Read Full Security Advisory: https://www.cyberstash.com/published-advisories/ 

In May 2025, a stealthy malware campaign was identified delivering a fileless variant of the Remcos Remote Access Trojan (RAT) via malicious Windows Shortcut (LNK) files and PowerShell-based execution chains. The campaign exemplifies how attackers are increasingly bypassing traditional security controls by leveraging native Windows tools like <code>mshta.exe</code> to execute payloads directly in memory — leaving minimal forensic traces. Phishing emails, often themed around taxes, are used to lure victims into triggering the infection chain, ultimately granting attackers full remote access. This operation highlights a broader trend in cybercrime: the weaponisation of legitimate system components and fileless techniques to quietly establish persistent control, exfiltrate data, and evade detection. Remcos, once a commercial RAT, continues to evolve as a favoured tool in espionage, fraud, and credential theft — with this campaign marking a sharp escalation in its stealth and delivery. These developments reinforce the need for a defence-in-depth strategy. Relying solely on a single security vendor — especially Microsoft Defender, which is deeply integrated into Windows and frequently targeted by attackers — leaves organisations exposed to blind spots. Combining complementary detection layers, including network, behavioural, and memory-based analysis, is essential to identify and disrupt modern threats that bypass conventional, signature-based defences.…

StealC v2 marks a significant advancement in the evolution of modern information-stealing mal ,o9ware, now operating as both a stealer and a loader—engineered for stealth, modularity, and operational precision. First observed in early 2023 as a browser-focused credential harvester, StealC has rapidly evolved into a highly adaptable tool leveraged by cybercriminals across diverse campaigns.The latest version introduces notable enhancements, including advanced anti-analysis techniques, dynamic configuration logic, and staged data exfiltration routines. Its streamlined communication with command-and-control (C2) infrastructure enables fine-grained tasking, conditional payload delivery, and phased exfiltration—dramatically increasing its evasiveness and complexity in live environments. Critically, StealC v2 can delay activation of its stealer functionality based on real-time C2 commands, allowing attackers to execute operations only when predefined conditions are met. This on-demand behavior, coupled with its support for post-exfiltration payload deployment, makes StealC v2 exceptionally difficult to detect using conventional signature- or behavior-based security mechanisms.