NPAV Logo

Shopping Cart My Cart 0
₹0.00
Currency
INR
Currency
INR

fp-5c

  1. China-Aligned TA415 Exploits Google Sheets & Calendar for Covert C2 in U.S.-China Espionage Campaign

    China-Aligned TA415 Exploits Google Sheets & Calendar for Covert C2 in U.S.-China Espionage Campaign

    Posted: September 24, 2025
    Categories: Google
    Tags: fp-5c, fp-1b
    Author: Npav Lab
    Views: 7
    TA415 (APT41) uses Google Sheets, Calendar, and VS Code Remote Tunnels for stealthy C2 in spearphishing attacks targeting U.S. policy entities on trade/sanctions. From July-August 2025, WhirlCoil loader evades detection; evolve defenses with cloud anomaly monitoring.
    Read more
  2. N-able N-Central Insecure Deserialization Vulnerability: Risks and Mitigation

    N-able N-Central Insecure Deserialization Vulnerability: Risks and Mitigation

    Posted: August 14, 2025
    Categories: vulnerability
    Tags: fp-5c, fp-4b, fp-1b
    Author: Npav Lab
    Views: 21
    A critical insecure deserialization vulnerability in N-able N-Central could allow attackers to execute arbitrary commands. Learn about the risks and recommended actions for organizations.
    Read more
  3. GitHub Copilot RCE Vulnerability (CVE-2025-53773) Allows Remote Code Execution via Prompt Injection

    GitHub Copilot RCE Vulnerability (CVE-2025-53773) Allows Remote Code Execution via Prompt Injection

    Posted: August 14, 2025
    Categories: vulnerability
    Tags: fp-5c, fp-5b, fp-5a, fp-1b
    Author: Npav Lab
    Views: 110
    A critical vulnerability in GitHub Copilot (CVE-2025-53773) enables remote code execution through prompt injection attacks, compromising developers' machines. Learn how this flaw works and its implications.
    Read more
  4. D-Link DNR-322L Vulnerability: Download of Code Without Integrity Check

    D-Link DNR-322L Vulnerability: Download of Code Without Integrity Check

    Posted: August 07, 2025
    Categories: vulnerability
    Tags: fp-6e, fp-6d, fp-6c, fp-6b, fp-6a, fp-5c, fp-5b, fp-5a
    Author: Npav Lab
    Views: 14
    Learn about the critical vulnerability in D-Link DNR-322L that allows code downloads without integrity checks. Discover recommended actions to secure your device.
    Read more
Categories
Recent Posts
Infographic showing SMBv1 breakage from September 2025 Windows updates: affected systems (Windows 11/10, Servers), security risks (EternalBlue/WannaCry icons), workarounds (PowerShell code snippet), and migration path to SMBv2/3 with network icons.
Windows September 2025 Updates Break SMBv1 Shares: Impacts, Risks, and Workarounds
September 24, 2025
Infographic of Android banking trojan campaign: spoofed Play Store with WebSocket APK streaming, BankBot variants as fake apps (M-Pajak, BCA), domain clusters in Asia; icons for evasion, C2, and recommendations like blocking domains and verifying sources.
Banking Trojans Disguise as Government Apps to Target Android Users in Indonesia and Vietnam
September 24, 2025
Infographic of TA415's espionage: spearphishing to LNK/WhirlCoil, C2 via Google Sheets/Calendar and VS Code tunnel; icons for evasion tactics, exfil, and cloud security recommendations like anomaly detection.
China-Aligned TA415 Exploits Google Sheets & Calendar for Covert C2 in U.S.-China Espionage Campaign
September 24, 2025
Infographic illustrating CISA-reported breach timeline: July 11 GeoServer exploit (CVE-2024-36401), persistence via webshells and cron jobs, lateral movement to SQL server, July 31 EDR detection, with icons for tools like dirtycow, Stowaway, and security
CISA Advisory: Hackers Breach U.S. Federal Agency Network via GeoServer RCE (CVE-2024-36401) in 3-Week Undetected Attack
September 24, 2025
Infographic showing 18-minute enterprise breach timeline with icons for Oyster malware exploiting rundll32.exe and scheduled tasks, Gamarue USB attacks, drive-by compromises, and security shields for behavioral monitoring and anomaly detection.
Threat Actors Breach Enterprises in 18 Minutes: ReliaQuest Reveals Oyster Malware's Rapid Evasion Tactics
September 24, 2025
Back to Top