Vulnerability Research team at BI.ZONE has proved the exploitability of CVE-2024-38812 and CVE-2024-38813 which are critical vulnerabilities in VMware vCenter.

Cyber Polygon 2024 highlights We prepared a follow-up to the online training held on September 10–11. This report reveals more insights about the scenario, the training, and its participants, ending with some helpful recommendations. Learn more: bit.ly/3B00Qs8

Raising global cyber awareness In contribution to the #INTERPOL Global Awareness Campaign, we will be posting a series of materials under the hashtag #ThinkTwice. The first post reveals the cyber gangs that we monitor in various countries. See the cards.

#DYK that 1 out of 5 employees repeatedly unknowingly run #malware? Cybercriminals are taking advantage of the decreasing levels of cybersecurity awareness at work, to infect corporate devices with infostealers. #ThinkTwice and implement #cybersecurity culture in your company.

According to our data, email phishing is the primary vector for gaining initial access to an organization. The scam has gained popularity due to its high effectiveness. Use the checklist and download our detailed cyber hygiene rules: bit.ly/3ZocoxD #ThinkTwice

#Phishing attacks are evolving and becoming harder to detect🪝 Remember: a moment of vigilance can protect you from falling victim to sophisticated scams. #ThinkTwice and carefully evaluate any emails from unfamiliar addresses or containing links. The Gov't of Japan Foreign, Commonwealth & Development Office

Not everything is as it seems 🤖   Evolving #GenerativeAI enables scammers to create ultra-realistic human avatars using voice, image, and text manipulation.   #ThinkTwice: Verify identities through multiple channels and be cautious of requests, even from "familiar" faces.

You get an email with a suspicious link. Don't rush to click it. Chances are that it is phishing—one of the most common scams used to steal your sensitive data. What should you do if you click one of these links and only then realize it is phishing? See the cards. #ThinkTwice

We detected a new activity of the Paper Werewolf cluster, which has attacked Russian organizations since 2022. The offenders use their own malware and can disrupt entire IT infrastructures. Learn more: bit.ly/3PdOTCO

Throughout 2024, our Threat Intelligence tracked some phishing emails that spread GuLoader to Russian companies. After a series of anti-VM and anti-sandbox checks on victim devices, the tool loaded malware (commonly Remcos RAT). Learn more: bit.ly/4aleaoi

The BI.ZONE Threat Intelligence team continues to record a large-scale campaign targeting Russian organizations across various industries. Attackers employ NOVA stealer, a fork of SnakeLogger. Lean more: bit.ly/3EzHGKX

BI.ZОNE Threat Intelligence has uncovered new details about the Bloody Wolf campaigns targeting Kazakhstan and Russia. The attackers have switched from STRRAT malware to the legitimate remote administration tool NetSupport. Learn more: bit.ly/3Qqmbze

BI.ZОNE Threat Intelligence uncovered a phishing campaign by Squid Werewolf. The cyber spies distributed emails with a job offer from a legitimate industrial organization. Opening the attachment triggered automatic malware deployment. Learn more: bit.ly/3Dza7st

BI.ZОNE Threat Intelligence is keeping a close eye on Sapphire Werewolf's activity. This time, the cluster targeted energy companies with the updated Amethyst stealer, an open-source malware distributed via phishing emails. Learn more: bit.ly/42oymCa

Introducing Threat Zone 2025, a research of the threat landscape in Russia and CIS. It covers attacker methods, detection tools and techniques, along with case studies from the BI.ZОNE DFIR and BI.ZОNE TDR teams. Learn more: bit.ly/4is2DWH

We have analyzed Vaultwarden and discovered two high-impact vulnerabilities: CVE-2025-24364 and CVE-2025-24365. Learn more: bit.ly/4lUxRc0

BI.ZОNE Threat Intelligence updated with the Underground resources tool Now specialists can monitor underground resources for information related to their organization. This enables companies to predict cyberattacks and mitigate data leaks. Learn more: bit.ly/42U2FAN

This March, BI.ZОNE Threat Intelligence uncovered two new campaigns by Silent Werewolf, targeting Russian and Moldovan organizations. The attackers employed two loader instances to deliver the payload from its server and may have used XDigo. Learn more: bit.ly/4dz45pj

ClickFix employed to attack Russian companies In early June our experts detected a new attack campaign, wherein the adversaries employed the CLickFix technique. This is not a new ploy, but it is the first time it was recorded inside Russia. Learn more: bit.ly/3GdQtUf

In late June, we uncovered a phishing campaign with malicious attachments delivered via compromised email accounts of legitimate organizations. Attackers targeted healthcare and IT companies. Behind it: Rainbow Hyena with a new backdoor. Learn more: bit.ly/3TBYZQ3