🟡 CVE-2025-43903: NSSCryptoSignBackend.cc in Pop... 🟡 CVE-2025-3796: A vulnerability classified as ... ⚠️ CVE-2025-32953: z80pack is a mature emulator o... 🟡 CVE-2025-3795: A vulnerability was found in D... 🟡 CVE-2025-36625: In Nessus versions prior to 10... 🟡 CVE-2025-32377: Rasa Pro is a framework for bu... 🟢 CVE-2025-25985: An issue in Macro-video Techno... 🟡 CVE-2025-25984: An issue in Macro-video Techno... 🟢 CVE-2025-25983: An issue in Macro-video Techno... 🟡 CVE-2025-28355: Volmarg Personal Management Sy... ⚠️ CVE-2025-24914: When installing Nessus to a no... 🟡 CVE-2025-29513: Cross-Site Scripting (XSS) vul... 🟡 CVE-2025-29512: Cross-Site Scripting (XSS) vul... 🟡 CVE-2025-1697: A potential security vulnerabi... 🟡 CVE-2024-41447: A stored cross-site scripting ... 🟡 CVE-2025-32796: Dify is an open-source LLM app... 🟡 CVE-2025-32795: Dify is an open-source LLM app... ⚠️ CVE-2025-32792: SES safely executes third-part... ⚠️ CVE-2025-32442: Fastify is a fast and low over... 🔥 CVE-2025-32434: PyTorch is a Python package th... ⚠️ CVE-2025-32389: NamelessMC is a free, easy to ... 🟡 CVE-2025-31120: NamelessMC is a free, easy to ... ⚠️ CVE-2025-31118: NamelessMC is a free, easy to ... ⚠️ CVE-2025-30357: NamelessMC is a free, easy to ... ⚠️ CVE-2025-30158: NamelessMC is a free, easy to ... ⚠️ CVE-2025-29784: NamelessMC is a free, easy to ... 🟡 CVE-2025-27599: Element X Android is a Matrix ... 🟡 CVE-2025-3792: A vulnerability, which was cla... 🟡 CVE-2025-3791: A vulnerability classified as ... 🟡 CVE-2025-2950: IBM i 7.3, 7.4, 7.5, and 7.5 i... ⚠️ CVE-2025-29625: A buffer overflow vulnerabilit... 🟡 CVE-2025-3790: A vulnerability classified as ... 🟡 CVE-2025-3789: A vulnerability was found in b... 🟡 CVE-2025-32790: Dify is an open-source LLM app... 🟡 CVE-2024-46089: 74cms <=3.33 is vulnerable to ... 🟡 CVE-2024-49808: IBM Sterling Connect:Direct We... 🟡 CVE-2024-45651: IBM Sterling Connect:Direct We... 🟡 CVE-2025-3788: A vulnerability was found in b... 🟡 CVE-2025-3787: A vulnerability was found in P... 🟡 CVE-2025-3106: The LA-Studio Element Kit for ... ⚠️ CVE-2025-3786: A vulnerability was found in T... ⚠️ CVE-2025-3785: A vulnerability has been found... 🟡 CVE-2025-3056: The Download Manager plugin fo... 🔥 CVE-2025-2492: An improper authentication con... 🟡 CVE-2025-3783: A vulnerability classified as ... 🟡 CVE-2025-3598: The Coupon Affiliates – Affili... 🟡 CVE-2025-2162: The MapPress Maps for WordPres... 🔥 CVE-2025-1863: Insecure default settings have... 🔥 CVE-2025-39471: Improper Neutralization of Spe... ⚠️ CVE-2025-39470: Path Traversal: '.../...//' vu... ⚠️ CVE-2025-39469: Improper Neutralization of Inp... 🔥 CVE-2025-42599: Active! mail 6 BuildInfo: 6.60... ⚠️ CVE-2025-3520: The Avatar plugin for WordPres... 🟡 CVE-2025-2613: The Login Manager – Design Log... 🟡 CVE-2024-13650: The Piotnet Addons For Element... ⚠️ CVE-2025-25427: A Stored cross-site scripting ... ⚠️ CVE-2025-3509: A Remote Code Execution (RCE) ... ⚠️ CVE-2025-3246: An improper neutralization of ... 🟡 CVE-2025-3124: A missing authorization vulner... 🟢 CVE-2024-42178: HCL MyXalytics is affected by ... 🟡 CVE-2025-3765: A vulnerability, which was cla... 🟡 CVE-2025-3764: A vulnerability classified as ... 🟢 CVE-2024-42177: HCL MyXalytics is affected by ... 🟡 CVE-2025-3763: A vulnerability classified as ... 🟡 CVE-2025-3762: A vulnerability was found in P... 🟡 CVE-2025-29722: A CSRF vulnerability in Commer... 🟡 CVE-2025-28101: An arbitrary file deletion vul... 🔥 CVE-2025-28009: A SQL Injection vulnerability ... 🟢 CVE-2025-26269: DragonflyDB Dragonfly through ... 🟢 CVE-2025-26268: DragonflyDB Dragonfly before 1... ⚠️ CVE-2024-55211: An issue in Think Router Tk-Rt... 🟢 CVE-2021-47671: In the Linux kernel, the follo... ⚠️ CVE-2021-47670: In the Linux kernel, the follo... ⚠️ CVE-2021-47669: In the Linux kernel, the follo... ⚠️ CVE-2021-47668: In the Linux kernel, the follo... 🟢 CVE-2025-32415: In libxml2 before 2.13.8 and 2... ⚠️ CVE-2025-2947: IBM i 7.6  contains a privile... ⚠️ CVE-2025-29661: Litepubl CMS <= 7.0.9 is vulne... ⚠️ CVE-2025-29181: FOXCMS <= V1.25 is vulnerable ... ⚠️ CVE-2025-29180: In FOXCMS <=1.25, the installd... ⚠️ CVE-2025-29039: An issue in dlink DIR 832x 240... ⚠️ CVE-2025-43015: In JetBrains RubyMine before 2... 🟡 CVE-2025-43014: In JetBrains Toolbox App befor... 🟡 CVE-2025-43013: In JetBrains Toolbox App befor... ⚠️ CVE-2025-43012: In JetBrains Toolbox App befor... 🟡 CVE-2025-42921: In JetBrains Toolbox App befor... 🔥 CVE-2025-39596: Weak Authentication vulnerabil... 🔥 CVE-2025-39595: Improper Neutralization of Spe... ⚠️ CVE-2025-39594: Improper Neutralization of Inp... 🔥 CVE-2025-39588: Deserialization of Untrusted D... 🔥 CVE-2025-39587: Improper Neutralization of Spe... ⚠️ CVE-2025-39586: Improper Neutralization of Spe... ⚠️ CVE-2025-39583: Missing Authorization vulnerab... 🟡 CVE-2025-39580: Missing Authorization vulnerab... ⚠️ CVE-2025-39569: Improper Neutralization of Spe... ⚠️ CVE-2025-39568: Improper Limitation of a Pathn... ⚠️ CVE-2025-39567: Improper Neutralization of Inp... 🟡 CVE-2025-39562: Improper Neutralization of Inp... 🟡 CVE-2025-39559: Missing Authorization vulnerab... ⚠️ CVE-2025-39558: Improper Neutralization of Inp...
Tibet and Taiwan Imperiled by Spearphishing Campaigns Leverage Novel Malware

By Cybersecurity Team on

Tibet and Taiwan Imperiled by Spearphishing Campaigns Leverage Novel Malware

Date: December 4, 2020

In a revealing discovery, entities within Tibet and Taiwan have become the prime targets of coordinated spearphishing campaigns, as highlighted by a detailed report covered here. These cyberattacks employ the previously unreported MESSAGEMANIFOLD malware, as named by the Insikt Group.

Understanding the Attack

The spearphishing campaign manifests through meticulously crafted emails, designed to exploit the trust and habits of the recipients. MESSAGEMANIFOLD, an advanced malware variant, is embedded within these communications. Once executed, it likely allows attackers to extract sensitive information, monitor communications, and potentially gain long-term access to victim's networks.

Technical Assessment

The technical nature of MESSAGEMANIFOLD is not fully disclosed, but based on patterns observed in similar malware, it could involve techniques like keylogging, data harvesting, and remote system control. Successful deployment within a target's digital infrastructure underscores significant vulnerabilities, primarily around email security and user awareness.

Cybersecurity Analysis and Insights

These incidents illustrate a strategic pattern targeting political and geographical tensions in the regions of Tibet and Taiwan. The choice of spearphishing as an attack vector suggests a preference for methods that capitalize on human factors, which often remain the weakest link in cybersecurity defenses.

Protective Measures

To mitigate such threats, organizations and individuals in sensitive geopolitical areas should adopt robust anti-phishing measures. These include training users to recognize and reported suspicious communication, implementing advanced email filtering technologies, and regularly updating security protocols in response to emerging threats.

Conclusion

The emergence of MESSAGEMANIFOLD as a tool in geopolitical cyber conflicts serves as a stark reminder of the continuous evolution of cyber threats. The entities targeted in Tibet and Taiwan signify not just a regional, but a global imperative for vigilance, prepared cyberness, and collaborative defense strategies against sophisticated spearphishing attacks.

For more detailed insights, refer to the original article here.

Back to Posts