Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

Google’s Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet’s Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads. The tech giant said it observed

Tagged under: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations

Threat hunters have shed light on a “sophisticated and evolving malware toolkit” called Ragnar Loader that’s used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). “Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations,” Swiss cybersecurity company PRODAFT

Tagged under: , , , , , , , , , , , ,

Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.

In a recent analysis, Palo Alto Networks Unit 42 researcher Chema Garcia revealed a targeted cyber threat affecting organizations in the Middle East, Africa, and the United States. The unknown threat actor is distributing a sophisticated backdoor named Agent Racoon, developed using the .NET framework. The malware exploits the domain name service (DNS) protocol to

Tagged under: , , , , , , , , , , , , , , , , , , , , , ,