#velociraptor

[ follow ]
#ransomware #storm-2603 #cve-2025-40551 #solarwinds-web-help-desk #zoho-manageengine #smartermail #smartertrack
Information security
fromComputerWeekly.com
2 weeks ago

Researchers delve inside new SolarWinds RCE attack chain | Computer Weekly

Attackers exploited SolarWinds Web Help Desk deserialization vulnerability (CVE-2025-40551) to gain RCE, deploy Zoho ManageEngine RMM, and use Velociraptor for C2.
#ransomware
more#ransomware
fromThe Hacker News
4 months ago

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

The threat actor's use of the security utility was documented by Sophos last month. It's assessed that the attackers weaponized the on-premises SharePoint vulnerabilities known as ToolShell to obtain initial access and deliver an outdated version of Velociraptor (version 0.73.4.0) that's susceptible to a privilege escalation vulnerability ( CVE-2025-6264) to enable arbitrary command execution and endpoint takeover, per Cisco Talos.
Information security
Information security
fromThe Hacker News
5 months ago

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Threat actors abused Velociraptor and msiexec to deploy Visual Studio Code as a tunneling tool, enabling remote access and staging additional payloads via Cloudflare Workers.
[ Load more ]