---
title: Threat Intelligence Center - Capstone Technologies Group
description: Discover how attackers exploited compromised IAM credentials to launch large-scale crypto mining on AWS. Detection and prevention strategies.
canonical_url: https://captechgroup.com/threat-intelligence-center?start=301
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=301.
markdown-tokens: 1249
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=301. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Illustration of RandomVIREL](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/37fff3ab10.jpg) ](https://captechgroup.com/threat-intelligence-center/compromised-iam-credentials-power-a-large-aws-crypto-mining-campaign-1765908528 "Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign") Security researchers have identified a significant campaign exploiting compromised IAM credentials to conduct large-scale cryptocurrency mining operations across AWS environments. Attackers gain access through credential compromise, then abuse cloud resources for illicit crypto mining, resulting in substantial financial losses and infrastructure degradation.

 

 

 

 

 

  [ ![Illustration of CVE-2025-61675](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/08edc8009a.jpg) ](https://captechgroup.com/threat-intelligence-center/freepbx-patches-critical-sqli-file-upload-and-authtype-bypass-flaws-enabling-rce-1765900861 "FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE") FreePBX has released security patches addressing four critical vulnerabilities that could allow attackers to execute arbitrary code on affected systems. These flaws include SQL injection attacks, arbitrary file upload capabilities, and authentication type bypass mechanisms. The vulnerabilities span multiple components and require immediate attention from organizations running FreePBX deployments.

 

 

 

 

  [ ![Illustration of WannaCry ransomware](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/91dff426da.jpg) ](https://captechgroup.com/threat-intelligence-center/stop-using-your-router-s-usb-port-what-pc-experts-recommend-instead-1765751745 "Stop Using Your Router's USB Port - What PC Experts Recommend Instead")  Router USB ports, while convenient for file sharing and printer connectivity, represent a significant security vulnerability in home and business networks. Threat actors have exploited these ports to deploy malware including WannaCry ransomware and establish persistent network access.



 

 

 

  [ ![Illustration of Kimsuky APT](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/83059cbdc6.jpg) ](https://captechgroup.com/threat-intelligence-center/gemini-enterprise-no-click-flaw-exposes-sensitive-data-1765749409 "Gemini Enterprise No-Click Flaw Exposes Sensitive Data")  Security researchers have identified a critical no-click vulnerability in Gemini Enterprise that enables unauthorized access to sensitive data without requiring user interaction. The flaw has been associated with Kimsuky APT, a sophisticated threat actor known for targeting enterprise environments.



 

 

 

  [ ![Illustration of Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/c69dae3ed2.jpg) ](https://captechgroup.com/threat-intelligence-center/google-adds-layered-defenses-to-chrome-to-block-indirect-prompt-injection-threats-1765748406 "Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats")  Indirect prompt injection attacks represent an evolving threat to web security, particularly affecting organizations in banking and healthcare sectors. Google has responded by implementing layered defensive mechanisms within Chrome to detect and block these sophisticated attacks before they can compromise user data or system integrity.



 

 

 

  [ ![Illustration of CVE-2025-11371](https://captechgroup.com/images/blog/065df86b-41c5-4ec6-9c3f-ae40e6ed6573_intro.webp) ](https://captechgroup.com/threat-intelligence-center/active-attacks-exploit-gladinet-s-hard-coded-keys-for-unauthorized-access-and-code-execution-1765745854 "Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution") Threat actors are actively exploiting hard-coded cryptographic keys in Gladinet to bypass authentication controls and achieve unauthorized access and code execution capabilities. Two critical vulnerabilities, CVE-2025-11371 and CVE-2025-30406, have been identified as primary attack vectors affecting healthcare and technology sectors.

 

 

 

 

  [ ![Conceptual image of ConsentFix illustrating phishing attack threats, emphasizing data protection and digital security in cybersecurity.](https://captechgroup.com/images/blog/5d27a8aacc_intro.webp) ](https://captechgroup.com/threat-intelligence-center/meet-consentfix-a-new-twist-on-the-clickfix-phishing-attack-1765592565 "Meet ConsentFix, a new twist on the ClickFix phishing attack") Security researchers have uncovered ConsentFix, a sophisticated phishing attack targeting Azure CLI users. This supply chain attack leverages compromised development tools to gain access to enterprise networks. Understanding the attack vectors and implementing proper vetting procedures is critical for organizations relying on third-party tools like the Azure CLI.
