🟡 CVE-2025-5337: The Slider, Gallery, and Carou... 🟡 CVE-2025-5238: The YITH WooCommerce Wishlist ... 🟡 CVE-2025-4667: The Appointment Booking Calend... 🟡 CVE-2025-6070: The Restrict File Access plugi... 🔥 CVE-2025-6065: The Image Resizer On The Fly p... 🟡 CVE-2025-6064: The WP URL Shortener plugin fo... 🟡 CVE-2025-6063: The XiSearch bar plugin for Wo... 🟡 CVE-2025-6062: The Yougler Blogger Profile Pa... 🟡 CVE-2025-6061: The kk Youtube Video plugin fo... 🟡 CVE-2025-6055: The Zen Sticky Social plugin f... 🟡 CVE-2025-6040: The Easy Flashcards plugin for... 🟡 CVE-2025-5589: The StreamWeasels Kick Integra... 🟡 CVE-2025-5336: The Click to Chat plugin for W... 🟡 CVE-2025-4592: The AI Image Lab – Free AI Ima... 🟡 CVE-2025-4216: The DIOT SCADA with MQTT plugi... ⚠️ CVE-2025-4200: The Zagg - Electronics & Acces... 🟡 CVE-2025-4187: The UserPro - Community and Us... ⚠️ CVE-2025-5487: The AutomatorWP – Automator pl... ⚠️ CVE-2025-3234: The File Manager Pro – Fileste... 🟡 CVE-2025-6059: The Seraphinite Accelerator pl... ⚠️ CVE-2025-33108: IBM Backup, Recovery and Media... ⚠️ CVE-2025-25215: An arbitrary free vulnerabilit... ⚠️ CVE-2025-24919: A deserialization of untrusted... 🟡 CVE-2025-6083: In ExtremeCloud Universal ZTNA... 🟡 CVE-2025-49598: conda-forge-ci-setup is a pack... ⚠️ CVE-2025-25050: An out-of-bounds write vulnera... ⚠️ CVE-2025-24922: A stack-based buffer overflow ... ⚠️ CVE-2025-24311: An out-of-bounds read vulnerab... 🟢 CVE-2025-49597: handcraftedinthealps goodby-cs... 🔥 CVE-2025-49596: The MCP inspector is a develop... 🟡 CVE-2025-49587: XWiki is an open-source wiki s... ⚠️ CVE-2025-49586: XWiki is an open-source wiki s... ⚠️ CVE-2025-49585: XWiki is a generic wiki platfo... ⚠️ CVE-2025-49584: XWiki is a generic wiki platfo... 🟡 CVE-2025-49583: XWiki is a generic wiki platfo... ⚠️ CVE-2025-49582: XWiki is a generic wiki platfo... 🟢 CVE-2025-6052: A flaw was found in how GLib’s... 🟡 CVE-2025-6035: A flaw was found in GIMP. An i... ⚠️ CVE-2025-49581: XWiki is a generic wiki platfo... ⚠️ CVE-2025-49580: XWiki is a generic wiki platfo... ⚠️ CVE-2025-48920: Improper Neutralization of Inp... 🟡 CVE-2025-48919: Improper Neutralization of Inp... ⚠️ CVE-2025-48918: Improper Neutralization of Inp... 🟡 CVE-2025-48917: Improper Neutralization of Inp... 🟡 CVE-2025-48916: Missing Authorization vulnerab... ⚠️ CVE-2025-48915: Improper Neutralization of Inp... ⚠️ CVE-2025-48914: Improper Neutralization of Inp... 🔥 CVE-2025-6030: Use of fixed learning codes, o... 🔥 CVE-2025-6029: Use of fixed learning codes, o... ⚠️ CVE-2025-36633: In Tenable Agent versions prio... ⚠️ CVE-2025-36631: In Tenable Agent versions prio... 🔥 CVE-2025-28389: Weak password requirements in ... 🔥 CVE-2025-28388: OpenC3 COSMOS v6.0.0 was disco... 🔥 CVE-2025-28384: An issue in the /script-api/sc... ⚠️ CVE-2025-28382: An issue in the openc3-api/tab... ⚠️ CVE-2025-28381: A credential leak in OpenC3 CO... 🟡 CVE-2025-46096: Directory Traversal vulnerabil... 🔥 CVE-2025-46060: Buffer Overflow vulnerability ... ⚠️ CVE-2025-49468: A SQL injection vulnerability ... 🔥 CVE-2025-29902: Remote code execution that all... 🟢 CVE-2025-48825: RICOH Streamline NX V3 PC Clie... 🔥 CVE-2025-46783: Path traversal vulnerability e... 🟡 CVE-2025-36506: External control of file name ... 🟡 CVE-2025-6012: The Auto Attachments plugin fo... ⚠️ CVE-2025-39240: Some Hikvision Wireless Access... 🔥 CVE-2024-38824: Directory traversal vulnerabil... 🟡 CVE-2025-5923: The Game Review Block plugin f... 🟡 CVE-2025-22242: Worker process denial of servi... 🟡 CVE-2025-22241: File contents overwrite the Vi... 🟡 CVE-2025-22240: Arbitrary directory creation o... ⚠️ CVE-2025-22239: Arbitrary event injection on S... 🟡 CVE-2025-22238: Directory traversal attack in ... 🟡 CVE-2025-22237: An attacker with access to a m... ⚠️ CVE-2025-22236: Minion event bus authorization... 🟡 CVE-2024-38825: The salt.auth.pki module does ... 🟢 CVE-2024-38823: Salt's request server is vulne... 🟢 CVE-2024-38822: Multiple methods in the salt m... 🟡 CVE-2025-4229: An information disclosure vuln... 🟢 CVE-2025-4227: An improper access control vul... 🟡 CVE-2025-5815: The Traffic Monitor plugin for... ⚠️ CVE-2025-5282: The WP Travel Engine – Tour Bo... 🟡 CVE-2025-5950: The IndieBlocks plugin for Wor... 🟡 CVE-2025-5939: The Telegram for WP plugin for... 🟡 CVE-2025-5938: The Digital Marketing and Agen... 🟡 CVE-2025-5930: The WP2HTML plugin for WordPre... 🟡 CVE-2025-5928: The WP Sliding Login/Dashboard... 🟡 CVE-2025-5926: The Link Shield plugin for Wor... 🟡 CVE-2025-5841: The ACF Onyx Poll plugin for W... ⚠️ CVE-2025-5491: Acer ControlCenter contains Re... 🔥 CVE-2025-5288: The REST API | Custom API Gene... 🟡 CVE-2025-5233: The Color Palette plugin for W... 🟡 CVE-2025-5123: The Contact Us Page – Contact ... 🟡 CVE-2025-4586: The IRM Newsroom plugin for Wo... 🟡 CVE-2025-4585: The IRM Newsroom plugin for Wo... 🟡 CVE-2025-4584: The IRM Newsroom plugin for Wo... ⚠️ CVE-2025-47959: Improper neutralization of spe... ⚠️ CVE-2025-30399: Untrusted search path in .NET ... ⚠️ CVE-2025-4232: An improper neutralization of ... ⚠️ CVE-2025-4231: A command injection vulnerabil... ⚠️ CVE-2025-4230: A command injection vulnerabil...
Tibet and Taiwan Imperiled by Spearphishing Campaigns Leverage Novel Malware

By Cybersecurity Team on

Tibet and Taiwan Imperiled by Spearphishing Campaigns Leverage Novel Malware

Date: December 4, 2020

In a revealing discovery, entities within Tibet and Taiwan have become the prime targets of coordinated spearphishing campaigns, as highlighted by a detailed report covered here. These cyberattacks employ the previously unreported MESSAGEMANIFOLD malware, as named by the Insikt Group.

Understanding the Attack

The spearphishing campaign manifests through meticulously crafted emails, designed to exploit the trust and habits of the recipients. MESSAGEMANIFOLD, an advanced malware variant, is embedded within these communications. Once executed, it likely allows attackers to extract sensitive information, monitor communications, and potentially gain long-term access to victim's networks.

Technical Assessment

The technical nature of MESSAGEMANIFOLD is not fully disclosed, but based on patterns observed in similar malware, it could involve techniques like keylogging, data harvesting, and remote system control. Successful deployment within a target's digital infrastructure underscores significant vulnerabilities, primarily around email security and user awareness.

Cybersecurity Analysis and Insights

These incidents illustrate a strategic pattern targeting political and geographical tensions in the regions of Tibet and Taiwan. The choice of spearphishing as an attack vector suggests a preference for methods that capitalize on human factors, which often remain the weakest link in cybersecurity defenses.

Protective Measures

To mitigate such threats, organizations and individuals in sensitive geopolitical areas should adopt robust anti-phishing measures. These include training users to recognize and reported suspicious communication, implementing advanced email filtering technologies, and regularly updating security protocols in response to emerging threats.

Conclusion

The emergence of MESSAGEMANIFOLD as a tool in geopolitical cyber conflicts serves as a stark reminder of the continuous evolution of cyber threats. The entities targeted in Tibet and Taiwan signify not just a regional, but a global imperative for vigilance, prepared cyberness, and collaborative defense strategies against sophisticated spearphishing attacks.

For more detailed insights, refer to the original article here.

Back to Posts
// This is the updated banner script block with corrected ID selectors