Storm-2603 Using Custom Malware That Leverages BYOVD to Tamper with Endpoint Protections

Threat Score:
70
Cybersecurity News
10 hours ago

Overview

A newly identified threat actor designated Storm-2603 has emerged as a sophisticated adversary in the ransomware landscape, leveraging advanced custom malware to circumvent endpoint security protections through innovative techniques. The group first gained attention during Microsoft’s investigation into the “ToolShell” campaign, which exploited multiple SharePoint Server vulnerabilities including CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771. Unlike established […]...

Related Articles

5 articles
1

Julio de 2025: los ataques cibernéticos más grandes, ataques de ransomware e violaciones de datos

Ciberseguridadpyme 3 hours ago

La ⁣ciberseguridad se ha convertido en una preocupación seria ya que nuestras ⁢vidas⁣ están significativamente entrelazadas con las tecnologías digitales. Julio de 2025 ha ‍demostrado ser un punto de inflexión debido a algunos de⁣ los mayores ataques⁤ cibernéticos, ataques de ransomware y violaciones de datos presenciadas en⁢ múltiples sectores ⁤y regiones⁣ a nivel mundial. los […] La entrada Julio de 2025: los ataques cibernéticos más grandes, ataques de ransomware e violaciones de datos se pub

Score
91
Read more
2

🚨 Active exploitation alert: Critical SharePoint RCE (CVE-2025-53770) Attackers are actively exploiting a dangerous, unauthenticated remote code execution vulnerability—dubbed "ToolShell"—in Microsoft SharePoint. This flaw allows attackers to bypass auth - LinkedIn

News 5 hours ago

EnglishUnited States Deutsch English Español Français Italiano العربية All languages Afrikaans azərbaycan bosanski català Čeština Cymraeg Dansk Deutsch eesti EnglishUnited Kingdom EspañolEspaña EspañolLatinoamérica euskara Filipino FrançaisCanada FrançaisFrance Gaeilge galego Hrvatski Indonesia isiZulu íslenska Italiano Kiswahili latviešu lietuvių magyar Melayu Nederlands norsk o‘zbek polski PortuguêsBrasil PortuguêsPortugal română shqip Slovenčina slovenščina srpski (latinica) Suomi Svenska Tiế

Score
87
Read more
3

Akira Ransomware Exploits 0-Day Vulnerability in SonicWall Firewall Devices

GB Hackers 3 hours ago

Akira Ransomware Exploits 0-Day Vulnerability in SonicWall Firewall Devices Cybersecurity firm Arctic Wolf has identified a significant increase in ransomware attacks targeting SonicWall firewall devices in late July 2025, with evidence pointing to the exploitation of a previously unknownzero-day vulnerability. The company’s investigation revealed multiple coordinated attacks using SonicWall SSL VPNs as the initial access point, raising serious concerns the security of these widely deployed netw

Score
85
Read more
4

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

The Hacker News 5 hours ago

SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs," Arctic Wolf Labs researcher Julian Tuinsaidin a report. The cybersecurity company suggested that the attacks could be exploiting an as-yet-undetermined security flaw in the appliances, meanin

Score
83
Read more
5

New Undetectable Plague Malware Targeting Linux Servers for Persistent SSH Access

GB Hackers 3 hours ago

New Undetectable Plague Malware Targeting Linux Servers for Persistent SSH Access Security researchers have discovered a sophisticated Linux backdoor dubbed “Plague” that has remained undetected by all major antivirus engines despite multiple samples being uploaded to VirusTotal over the past year. The malicious software operates as a Pluggable Authentication Module (PAM), allowing attackers to silently bypass system authentication and maintain persistent SSH access to compromisedLinux systems.

Score
81
Read more