The Cyber Scroll

The Cyber Scroll

Share

🔐 Welcome to TheCyberScroll!

Hey there, I’m Jithendran Subburaj 👋 With 10+ years of hands-on experience in managing & supporting top-tier security products🛡️

🎯 My mission: Make complex cybersecurity news 🔍 easy to understand for everyone.

26/11/2025

🚨 ShadowPad malware is now actively exploiting a critical WSUS zero-day vulnerability (CVE-2025-59287) — giving attackers full SYSTEM-level control.

This flaw allows hackers to abuse WSUS deserialization, launch a PowerCat reverse shell, download payloads via certutil/curl, and load ShadowPad using DLL sideloading — creating a stealthy long-term backdoor.

If your WSUS server is exposed or unpatched, you may already be compromised.

🔐 Immediate actions:
✔️ Patch WSUS servers NOW
✔️ Remove public exposure
✔️ Monitor DLL loads and remote shell activity
✔️ Check for suspicious certutil/curl downloads

Stay ahead of advanced cyber threats — follow CyberScroll Shorts for real attacks in under 60 seconds.

08/11/2025

A new malware called “SORVEPOTEL” is wreaking havoc on WhatsApp — and it can send itself to your friends without you even knowing! 😱 Cybersecurity experts have uncovered this self-propagating malware that exploits WhatsApp Web links and attachments to infect your contacts and groups. 🦠 Once it's active, it hijacks your WhatsApp session and sends harmful links to everyone in your chat list — all behind your back! Early reports indicate that Brazilian users were among the first victims, but this attack could soon spread worldwide. 🔐 How to protect yourself: ✅ Don’t click on unknown WhatsApp links ✅ Keep your phone & WhatsApp up to date ✅ Be wary of suspicious messages — even from familiar contacts 🧩 This is one of the first self-replicating chat-based malwares identified in 2025 — and it’s a serious alert for everyone online. 🔥 For more urgent cyber alerts in under a minute — follow CyberScroll Shorts!

Xpand Live 2022 | Trellix 21/09/2022

If you have cybersecurity questions (I know I do) make sure to register for Xpand Live today: http://trellix.com/xpand

Xpand Live 2022 | Trellix Registration Now Open! Save the date and start planning to align with our leadership teams to learn our vision for a new kind of cybersecurity and learn more about our innovations in cyber intelligence and XDR architecture.

Ransomware group REvil attacks Midea Group and Kaseya - CIO News 21/09/2022

Learn how monitored REvil’s latest ransomware attack on Midea Group and Kaseya via John Fokker, Head of Cyber Investigations for Trellix Advanced Research Center.

Ransomware group REvil attacks Midea Group and Kaseya - CIO News REvil, one of the deadliest ransomware groups/gangs, had made its presence felt in India earlier this year through an attack on Oil India. Their computers

Limiting the Software Supply Chain Attack Surface 21/09/2022

Maliciously modified source code is immediately recognized as something done with intention to harm, but what about an unpatched vuln more than a decade old? This is the case with CVE-2007-4559 and the Trellix Advanced Research Center shares what you need to know.

Limiting the Software Supply Chain Attack Surface While investigating an unrelated vulnerability our team stumbled across this issue present in an enterprise device. Initially we thought we had found a new zero-day vulnerability. As we dug into the issue, we realized this was CVE-2007-4559. While the vulnerability was originally only marked as a 6....

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities 21/09/2022

"While we will fix as many repositories as possible, we cannot solve the overall problem. The number of vulnerable repositories we found beg the question, which other N-day vulnerabilities are lurking around in OSS, undetected or ignored for years?" - Charles McFarland, Trellix Advanced Research Center

What CVE-2007-4559 teaches us about how big an N-day problem can become.

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities The zero-day is the holy grail for cybercriminals; however, N-day vulnerabilities can pose problems even years after discovery. If a target is vulnerable, it doesn’t matter whether the vulnerability is unknown or has been known for decades. A bad actor can still use it for nefarious purposes. N-da...

How endpoint detection and response tools can help make up for a talent shortage | Federal News Network 04/09/2022

As the cybersecurity talent gap worsens, automated endpoint detection and response can provide relief to organizations in need of proactive threat detection and remediation.

Read how the government deploys EDR tools to protect federal agencies in the Federal News Network's interview with Trellix executives Ken Kartsen and Britt Norwood.

How endpoint detection and response tools can help make up for a talent shortage | Federal News Network Experts from Trellix say agencies need to focus on protecting their endpoints because that’s where the critical data resides and the attackers will spend their efforts trying to breach.

Press Releases | Trellix 04/09/2022

I am honored to welcome Trellix's newest CIO Kim Anstett aboard. With over 25 years of experience and a commitment to serving our customers, while driving efficiency and innovation for our teams, we know you'll make proud.

Press Releases | Trellix Read the latest Trellix news around products announcements, threat research, and company updates.

Want your school to be the top-listed School/college in Bangalore?

Click here to claim your Sponsored Listing.

Location

Telephone

Website

Address


Bangalore
560016