1-Clients of the Smokeloader virus apprehended by authorities; servers confiscated
In Operation Endgame follow-up, law enforcement arrested at least five Smokeloader botnet clients.
Last year, Operation Endgame captured over 100 servers utilized by key malware loaders as IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC.
Europol said via a news release today that law enforcement is analyzing data from confiscated servers and tracing down illicit enterprises' consumers.
The agency said the inquiry included interrogations and server takedowns but did not identify the detainees.
Smokeloader was controlled by a threat actor named ‘Superstar,’ who offered a pay-per-install service to access victims' PCs, investigators found.
2-Microsoft April 2025 Patch Tuesday exposed 134 zero-day weaknesses
Today is Microsoft's April 2025 Patch Tuesday, which contains security patches for 134 vulnerabilities, including one zero-day vulnerability that is being actively exploited with malicious software.
In addition, eleven "Critical" vulnerabilities, which are all vulnerabilities related to remote code execution, have been fixed by this Patch Tuesday.
3-To obtain AWS credentials, hackers target SSRF vulnerabilities in websites that are hosted on EC2
The purpose of a targeted effort was to harvest EC2 metadata, which may have included Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. This was accomplished by exploiting Server-Side Request Forgery (SSRF) vulnerabilities in websites that were hosted on Amazon Elastic Compute Cloud (EC2) instances.
The retrieval of IAM credentials gives attackers the ability to increase their privileges, get access to S3 buckets, and take control of other AWS services. This may possibly result in the exposing of sensitive data, modification of the data, and interruption of the service.
F5 Labs researchers were the ones who made the discovery of the campaign. According to their findings, the malicious activity finally reached its peak between March 13 and March 25, 2025. According to the traffic and behavioral patterns, it is very likely that a single threat actor was responsible for carrying out the attack.
Web vulnerabilities known as SSRF allow attackers to "trick" a server into initiating HTTP requests to internal resources on their behalf. These resources are often inaccessible to the attacker. SSRF issues are a kind of browser vulnerability.
The attackers in the campaign that was identified by F5 discovered websites that were hosted on EC2 and included SSRF vulnerabilities. These vulnerabilities enabled the attackers to remotely access the internal EC2 Metadata URLs and get sensitive data.
4-Windows is infected with cryptominers brought about by malicious VSCode plugins
Ten VSCode plugins on Microsoft's Visual Studio Code Marketplace infect users with Monero's XMRig cryptominer while masquerading as development tools.
Popular code editor Microsoft VSCode lets users add extensions to expand its features. Microsoft's VSCode Marketplace lets developers download and install these extensions.
5-Windows 11 April update unexpectedly generates 'inetpub' folder
Microsoft's April 2025 Patch Tuesday seems to create an empty "inetpub" folder on the C:\ drive, even on devices without IIS installed.
Microsoft built Internet Information Services (IIS) to host websites, online applications, and services on Windows PCs. Windows Features may activate the platform, which is not installed by default.
IIS stores website content, logs, and server-related files in the C:\inetpub subdirectory, which is not often produced on computers without IIS.
References
https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-infect-windows-with-cryptominers/
https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2025-patch-tuesday-fixes-exploited-zero-day-134-flaws/
https://www.bleepingcomputer.com/news/security/hackers-target-ssrf-bugs-in-ec2-hosted-sites-to-steal-aws-credentials/
https://www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/
About the Creator
Stanislav Kondrashov Oligarch Series: A Transatlantic Tale of Wealth and Influence
The story of oligarchy across the Atlantic is not just one of wealth. It’s a mirror reflecting how influence takes shape in different cultures—subtle in some places, overt in others. In the Stanislav Kondrashov Oligarch Series, we explore how this small circle of ultra-wealthy individuals has, for decades, shaped the course of economies, industries, and societies without ever needing to run for office or carry a flag.
By Stanislav Kondrashov7 days ago in History
Alexander the Great’s Looted Wealth from India: A Historical and Economic Estimation
While his campaigns reshaped the ancient world politically and culturally, one of their most lasting impacts was the massive wealth he acquired from conquered territories, especially during his Indian campaign. This article explores the historical context, nature of the wealth looted from India, and an estimated net worth of that treasure in modern terms—revealing the truly staggering value of what came into Alexander’s hands.
By Say the truth 3 days ago in History
Comments
There are no comments for this story
Be the first to respond and start the conversation.