Links submitted by the Threat Radar community and AI curated for defenders.

Community Curated

Check Point Research

CVE Database V5

AlienVault OTX General

Bleeping Computer

SANS ISC Handlers Diary

Threatpost

SecurityWeek

Exploit-DB RSS Feed

Reddit ExploitDev

Reddit ThreatIntel

Reddit BlueTeam

Reddit Reverse Engineering

Reddit Malware

Reddit Cybersecurity

Reddit NetSec

ThreatFox MISP Feed

CIRCL OSINT Feed

NCSC UK

GCP Compute Engine Security

GCP Kubernetes Security

AWS Security Bulletins

CERT/CC

Tenable Research

Google Project Zero

Microsoft Security Blog

Cisco Talos

Zero Day Initiative

Palo Alto Unit 42

Krebs on Security

Kaspersky Security Blog

GCVE Database

Reddit InfoSec News

The Hacker News

Dark Reading

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

JVN Japan

The report details the resurgence of the Funnull cybercriminal group, now utilizing a new arsenal called RingH23. It exposes their tactics, including compromising GoEdge CDN nodes, poisoning the MacCMS supply chain, and deploying sophisticated malware components like Badredis2s, Badnginx2s, and Badhide2s. The group has expanded its operations to inject malicious JavaScript, hijack cryptocurrency transactions, and redirect traffic to fraudulent sites. The campaign's impact is estimated to affect millions of users daily. The report also highlights Funnull's use of a suspicious new CDN infrastructure, CDN1.AI, likely created to evade detection.

The Funnull threat actor group has re-emerged with a new set of tools and tactics collectively referred to as the RingH23 arsenal. This campaign notably targets the MacCMS content management system supply chain and GoEdge CDN nodes, employing supply chain poisoning and CDN poisoning techniques to propagate malware and malicious scripts. The malware components Badredis2s, Badnginx2s, and Badhide2s are used to facilitate various malicious activities, including injecting JavaScript into web traffic, hijacking cryptocurrency transactions, and redirecting users to fraudulent websites. The group’s use of a newly established CDN infrastructure, CDN1.AI, suggests an attempt to evade detection and maintain persistence. The attack chain involves multiple MITRE ATT&CK techniques such as T1133 (External Remote Services), T1578 (Supply Chain Compromise), T1608.004 (Malware), T1140 (Deobfuscate/Decode Files or Information), and others related to credential access, persistence, and defense evasion. Although no active exploits have been reported in the wild, the campaign’s scale—potentially affecting millions daily—indicates a high-impact threat with a broad attack surface. The supply chain attack vector is particularly concerning as it can bypass traditional perimeter defenses, enabling widespread distribution of malicious payloads through trusted software updates or CDN content delivery. The campaign’s focus on cryptocurrency theft and traffic hijacking also highlights financial motivations and risks for affected users and organizations.

Detailed information about Funnull Resurfaces: Exposing RingH23 Arsenal and MacCMS Supply Chain Attacks. Get real-time updates, technical details, and mitigatio

Funnull Resurfaces: Exposing RingH23 Arsenal and MacCMS Supply Chain Attacks - Live Threat Intelligence - Threat Radar | OffSeq.com

Funnull Resurfaces: Exposing RingH23 Arsenal and MacCMS Supply Chain Attacks

Threats Tagged 'ringh23'

Stop chasing alerts. Route them.

Check if your credentials are on the dark web

Filter Threats

Threats Tagged 'ringh23'

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility