Npav Lab

XLab exposes the AISURU botnet, a 300,000-node powerhouse driving 11.5 Tbps DDoS peaks since 2025 via Totolink firmware hacks. Led by Snow, Tom, and Forky, it features ideological Easter eggs; rivals leak evidence amid calls for takedown amid escalating threats.

Threat actors use vulnerable Windows 8.1 WerFaultSecure.exe on patched Windows 11 24H2 to dump unencrypted LSASS memory via PPL bypass, extracting NTLM hashes and passwords for escalation. Zero Salarium details evasion tactics; defenders urged to monitor WER tools and anomalous PPL activity.

Major cyberattack on Jaguar Land Rover (JLR) causes Tata Motors shares to drop 4% to ₹655.30; production paused until Oct 1 with ₹560 crore weekly losses, potential ₹21,000 crore damage—exceeding annual profit. Experts urge cyber insurance and resilient IT amid auto sector digital risks.

Cisco's CVE-2025-20352 stack overflow in IOS/IOS XE SNMP allows remote RCE or DoS via crafted packets; actively exploited in wild after credential compromise. Affects Meraki MS390, Catalyst 9300; patch now, mitigate with SNMP views—restrict access to trusted sources.

India's universities endure 7,095 weekly cyberattacks—higher than global averages—due to hybrid models, limited resources, and connected campuses. Check Point report highlights RATs, malware risks; experts urge prevention-first security, AI monitoring, and investment to protect data and research.

Security scan reveals 150+ popular apps (millions of downloads) with Firebase test mode flaws allowing unauthenticated access to payments, PII, chats, passwords, and GitHub/AWS tokens in Realtime DB, Storage, Firestore, and Remote Config. Learn impacts, OpenFirebase tool, and fixes for ~80% of mobile apps.

Threat actors use in-memory PE loaders to download and run malicious executables (e.g., RATs) via Windows APIs like VirtualAlloc and LoadLibraryA, evading file-based EDR like Microsoft Defender/Sophos. Learn the technique's steps, red team success, and need for memory/behavioral defenses.

Microsoft's September 2025 Patch Tuesday updates disrupt SMBv1 connectivity over NetBT in Windows 11/10 and Servers (2022/2025), exposing legacy risks like EternalBlue/WannaCry. Learn affected systems, security dangers, PowerShell fixes, and migration tips to SMBv2/3.

Since August 2024, BankBot.Remo variants use WebSocket chunked downloads on spoofed Google Play pages to deliver malware as fake payment/identity apps like IdentitasKependudukanDigital.apk; over 100 Alibaba/Gname domains evade filters—monitor WebSockets and block C2 for defense.

TA415 (APT41) uses Google Sheets, Calendar, and VS Code Remote Tunnels for stealthy C2 in spearphishing attacks targeting U.S. policy entities on trade/sanctions. From July-August 2025, WhirlCoil loader evades detection; evolve defenses with cloud anomaly monitoring.