Adversary Intelligence

Hit Wicket: Inside The Expansive Web of Scams Targeting Millions of IPL Fans This Season

CloudSEK’s report exposes a highly sophisticated, seasonal IPL online betting scam ecosystem. Fraudsters deploy clone platforms, celebrity AI deepfakes, and blackhat SEO tactics to exploit government domains and trap unsuspecting fans. Sustained by money mule networks, bulk advertisements, and predatory fake loan apps, this industry intentionally blocks user withdrawals, causing severe financial losses and blackmail.

Inside a Tor Backed Supply Chain Worm

CloudSEK TRIAD uncovered a sophisticated npm supply chain attack using a typosquatted package, crypto-javascri, to mimic crypto-js. The malware steals npm and GitHub credentials, hijacks maintainer accounts, republishes trojanized packages, and uses Tor-based command-and-control. The campaign targets Linux developer systems and CI/CD environments, creating serious downstream supply chain risk.

Hit Wicket: Inside The Expansive Web of Scams Targeting Millions of IPL Fans This Season

RedSun: Windows 0day when Defender becomes the attacker

RedSun exposes a critical logic flaw in Windows Defender that allows a standard user to escalate privileges to SYSTEM without admin rights or kernel exploits. By exploiting a missing reparse point validation during file restoration, attackers can redirect Defender’s write operation into System32 and execute arbitrary code. The attack is reliable, unpatched, and affects modern Windows systems with Defender enabled, making it a serious security concern.

Kitten Had the Map all Along : RAISING GCC TENSIONS & THE PRE-POSITIONING MAP

A new CloudSEK report reveals that Iran-linked APT35 (Charming Kitten) conducted years of cyber reconnaissance across GCC nations before coordinated missile strikes, suggesting cyber operations directly enabled kinetic targeting. Critical infrastructure across UAE, Saudi Arabia, Qatar, and others was pre-profiled and in some cases breached. The report highlights a dangerous shift—cyber warfare is no longer support, but a frontline weapon in modern conflict.

Hardcoded Google API Keys in Top Android Apps Now Expose Gemini AI

CloudSEK's BeVigil has identified 32 hardcoded Google API keys across 22 popular Android applications that inadvertently grant unauthorized access to Google's Gemini AI (Generative Language API) including uploaded datasets and cached contents.

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

CVE-2023-42027 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi platforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

CVE-2023-4197 Vulnerability in Dolibarr ERP CRM 18.0.1 Allows PHP Code Injection

CVE-2023-4197 Improper input validation in Dolibarr ERP CRM v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code

Hoze shell script dropped along with XMRig miners on misconfigured SSH Servers by Brute Forcing

CloudSEK’s Threat Intelligence Team uncovered a campaign, actively running from the past 1.8 years, that attacks and brute forces the SSH. 

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site

Rogue Scripts Are Exploiting OTP Verification APIs To Send Heaps of OTP SMSes, Hold The Potential Of Triggering Service Disruptions.

Discover how CloudSEK's AI-powered XVigil platform identified concerning GitHub repositories mentioning Indian companies and their APIs.