Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending July 2025
Subscribers favorite #1
NightEagle APT – Targeted Zero-Day Exploitation Campaign
NightEagle (APT-Q-95) is a newly identified advanced persistent threat (APT) actor observed actively exploiting a zero-day vulnerability in Microsoft Exchange Server during 2023–2024. The group is notable for its stealthy, well-coordinated, and high-value targeting campaigns, particularly focusing on sensitive Chinese sectors such as defense, government, and emerging technologies……
Subscribers favorite #2
CVE-2025-21293 PoC Exploit Code Released
CVE-2025-21293 is an elevation of privilege vulnerability in Active Directory Domain Services. The vulnerability arises from excessive permissions granted to the Network Configuration Operators group, which can be exploited to achieve system-level privileges. This issue was initially discovered in September 2024 and was subsequently patched in January 2025…..
Subscribers favorite #3
ZeroFox Partners Mandiant
Cybersecurity firm ZeroFox Inc. announced a global strategic partnership with Mandiant, a part of FireEye Inc. The deal will see ZeroFox’s capabilities for disrupting malicious activity on social media and digital channels available within the Mandiant platform, including the ability to disable malicious or offensive content and fake accounts and sites.
Subscribers to Mandiant Advantage Digital Threat Monitoring will be able to review security incidents on the Mandiant Advantage dashboard and immediately initiate action by the ZeroFox global disruption team to tackle domain and social media-based attacks…..
Subscribers favorite #4
Google Chrome was affected by CVE-2025-2783
CVE-2025-2783 is a zero-day vulnerability affecting Google Chrome, uncovered in a targeted cyber-espionage campaign known as Operation ForumTroll. This critical flaw has allowed attackers to bypass Chrome’s robust sandbox protections and execute malicious code on victims’ systems….
Subscribers favorite #5
LameHug Malware Dissection
LameHug is a new, AI-powered malware family attributed to the Russian threat actor APT28. It marks a significant evolution in cyber tradecraft by incorporating LLMs (Large Language Models) during execution to generate system-specific Windows commands on-the-fly.
- Delivered via phishing campaigns aimed at Ukrainian government and defense entities.
- Uses disguised executables (e.g.,
.pif,.exe,.py) bundled in ZIP attachments. - Employs Qwen 2.5-Coder-32B-Instruct, an AI model developed by Alibaba Cloud, accessed via the Hugging Face API.
- The malware sends text prompts to the AI model, which returns executable Windows commands used for reconnaissance or exploitation.
- Exfiltrates data over SFTP or HTTP POST to attacker-controlled infrastructure.
This brings the end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us, please follow us on Facebook, Twitter, Instagram
