Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

April 28, 2025

Government and telecommunications sectors in Southeast Asia have become the target of a “sophisticated” campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024.
The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the

Source: Read More

Previous ArticlePushing the Boundaries of Logo Design Through Storytelling and Expression

Next Article WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors

Highlights

CVE-2025-5409 – Mist Community Edition API Token Handler Remote Improper Access Control Vulnerability

June 1, 2025

CVE ID : CVE-2025-5409

Published : June 1, 2025, 10:15 p.m. | 5 hours, 5 minutes ago

Description : A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The identifier of the patch is db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

6 registry tweaks every tech-savvy user must apply on Windows 11

Here’s why network infrastructure is vital to maximizing your company’s AI adoption

The AI video tool behind the most viral social trends right now

Got a new password manager? How to clean up the password mess you left in the cloud

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

User calls Windows 11 “pure horror,” Microsoft says it’s listening to feedback

John the Ripper is an advanced offline password cracker

Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

Learn MLOps by Creating a YouTube Sentiment Analyzer

Last Week in AI #302 – QwQ 32B, OpenAI injunction refused, Alexa Plus

CVE-2024-7562 – InstallShield Elevated Privilege Vulnerability

CVE-2025-48489 – FreeScout Cross-Site Scripting (XSS) Vulnerability

CVE-2025-24223 – Apple Safari Web Content Memory Corruption Vulnerability

Gpredict is a real-time satellite tracking and orbit prediction application

CVE-2025-5409 – Mist Community Edition API Token Handler Remote Improper Access Control Vulnerability

How to Create Models in Your Django Project

Celluloid 0.28 Adds Lua Module Support, Refreshes UI

“Yes caviar is great, here’s a ham sandwich”

Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

Related Posts