FILTERING BY: CLEAR FILTER

UNC3753: Hybrid Vishing and Physical Infiltration via RMM Tools

UNC3753, also identified as the Silent Ransom Group, is conducting a sophisticated hybrid extortion campaign targeting United States law firms. The threat actor bypasses traditional digital perimeters by combining voice phishing (vishing) with physical social engineering to gain onsite access to office premises. Once physical access is achieved, the actors deploy Remote Monitoring and Management (RMM) tools to establish persistent command-and-control (C2) capabilities. This facilitates the targeted exfiltration of sensitive legal documentation and attorney-client privileged data, which is subsequently leveraged for financial extortion. This campaign represents a critical risk to data confidentiality, physical security protocols, and professional privilege.

CVE-2026-12850: Critical Command Injection in GeoVision GV-I/O Box

CVE-2026-12850 is a critical OS command injection vulnerability (CWE-78) affecting the GeoVision GV-I/O Box, specifically version 4E 2.09. The flaw resides within the libNetSetObj.so shared object library, which manages network objects. Unauthenticated attackers can execute arbitrary system commands by injecting shell metacharacters into crafted inputs passed to the affected library. Successful exploitation grants full administrative access, enabling unauthorized control over connected physical security hardware, such as electronic locks and alarms, while providing a pivot point for lateral movement into sensitive security VLANs. Immediate firmware updates are required to neutralize this risk.

UNC2891 'Pi Heist': Raspberry Pi-Driven ATM Network Intrusion

Threat actor UNC2891 executed "Pi Heist" attacks by gaining physical access to bank ATM internals to deploy Raspberry Pi devices equipped with 4G LTE modems. By establishing a Layer 2 bridge between the internal ATM VLAN and an external Command-and-Control (C2) server, the attackers bypassed perimeter firewalls and Network Access Control (NAC). This persistent hardware backdoor allowed the adversary to pivot through the trusted network segment and issue unauthorized "dispense" commands directly to ATM cash dispensers, resulting in direct financial theft via jackpotting.


LINK COPIED TO CLIPBOARD