Hacking 2025: A Pen Tester’s Take on Today’s Cybersecurity Chaos

  Trusted Tools Turned Threats: Inside the EtherRAT GitHub Spoofing Campaign As an independent cybersecurity blogger and part-time penetration tester, this campaign highlights one of the most dangerous trends in modern attacks: Attackers are no longer breaking into systems. They are inviting themselves in through trust. The EtherRAT campaign takes advantage of something every IT professional relies on daily, trusted administrative tools and GitHub repositories. By weaponizing familiarity, attackers are achieving stealth, persistence, and scale. What Happened: EtherRAT Distributed via Spoofed GitHub Repositories Researchers uncovered a sophisticated campaign distributing EtherRAT malware through fake GitHub repositories designed to mimic legitimate administrative tools. The attack leverages: SEO poisoning to rank malicious repositories in search results Fake GitHub “facade” repositories with professional-looking content Hidden secondary repositories delivering the act...

  Destruction Over Encryption: Inside the Vect 2.0 Ransomware Threat As an independent cybersecurity blogger and part-time penetration tester, this latest ransomware development stands out for one critical reason, it breaks the fundamental assumption that ransomware is reversible. Vect 2.0 is not just encrypting files. In many cases, it is destroying them. That changes everything. For years, ransomware response strategies have relied on one key factor, recovery is possible. With Vect 2.0, that assumption no longer holds. What Happened: Vect 2.0 Acts More Like a Wiper Than Ransomware Security researchers have identified that Vect 2.0 ransomware: Targets Windows, Linux, and ESXi systems Encrypts some files while permanently destroying others Fails to properly preserve decryption keys during execution Leaves victims unable to recover data even after paying Critically, files above a certain size threshold are not recoverable at all, making the attack functionally destructive r...

Signed, Trusted, Exploited: Inside the Codesys Backdoor Playbook A trusted industrial automation platform turned silent entry point, the latest findings around Codesys backdoored applications reveal a dangerous evolution in cyber attacks. As an independent blogger and part-time penetration tester, this shift stands out immediately. Attackers are no longer just breaching systems, they are embedding themselves into the operational logic that drives real-world processes. This is not about malware sitting on endpoints. This is about manipulating the very instructions that control industrial environments, while everything appears legitimate. Attack Vector: Weaponised Industrial Control Applications Threat actors are modifying Codesys applications directly, inserting malicious logic into otherwise legitimate automation workflows. These backdoored applications allow attackers to: Maintain persistent access within PLC environments Execute remote commands without triggering traditional alerts B...