MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

May 2, 2025

The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver.
“MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts,” Recorded Future’s Insikt Group said in a report shared with The Hacker News.
“The malware employs sandbox and virtual machine evasion techniques, a domain

Source: Read More

Previous ArticleHow to Automate CVE and Vulnerability Advisory Response with Tines

Next Article Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support

Highlights

CVE-2025-7060 – Monitorr Remote File Inclusion Vulnerability

July 4, 2025

CVE ID : CVE-2025-7060

Published : July 4, 2025, 11:15 a.m. | 37 minutes ago

Description : A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/_installation/mkdbajax.php of the component Installer. The manipulation of the argument datadir leads to improper input validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Identify a Nap

Ambient Animations In Web Design: Principles And Implementation (Part 1)

Benchmarking AI-assisted developers (and their tools) for superior AI governance

Digital.ai launches White-box Cryptography Agent to enable stronger application security

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Stop using .reverse().find(): meet findLast()

Stop using .reverse().find(): meet findLast()

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

How I Configure Polybar to Customize My Linux Desktop

How I Configure Polybar to Customize My Linux Desktop

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

Stop using .reverse().find(): meet findLast()

@ts-ignore is almost always the worst option

Empowering the next generation for an AI-enabled world

Node.js vs Java: 8 Commercial Benefits for Enterprise-Scale Hiring (2025)

I Found a New Open Source Grammar Checker Tool And I Like it… Well… Kind of

CVE-2025-5433 – Fengoffice SQL Injection Vulnerability

CVE-2025-7060 – Monitorr Remote File Inclusion Vulnerability

The Man Who Sees a Million Universes: The Parallel Dimension Power of India’s Human AI “Srinidhi Ranganathan”

Distribution Release: Fedora 42

CVE-2025-40663 – i2A Cronos Stored XSS

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

Related Posts