No recent events yet!
ngCERT is issuing an alert on the infiltration of Pseudomanuscrypt malware, a sophisticated spyware campaign primarily impacting Windows OS. Notably, this mass-scale operation has infected over 35,000 systems globally, focusing mainly on industrial control systems (ICS) and government entities. Particularly, Pseudomanuscrypt infiltration can lead to theft of sensitive credentials and data, potentially enabling follow-on ransomware attacks, financial fraud, and possible sabotage of critical infrastructure across various sectors. This underscores the need for individuals and organisations to take proactive steps to safeguard against Pseudomanuscrypt infiltration.
ngCERT alerts stakeholders on M0yv malware infection detected in Nigeria’s cyberspace. M0yv is a sophisticated file-infector virus developed by Maze ransomware creators, which spreads by appending malicious code to executable files on infected systems and networks. The malware is often misidentified as Expiro by antivirus software and targets Windows environments, while enabling further attacks like ransomware deployment. The impacts range from file corruption to potential data loss, ransomware encryption, network-wide propagation and disruptions, as well as heightened risks of data exfiltration or persistent threats. Individuals and organisations are advised to take proactive steps to safeguard systems from the threats posed by M0yv malware.
ngCERT is issuing an urgent security alert on increasing Pykspa malware infiltrations targeting critical systems. Pykspa, also identified as (Tigger RAT or HeyHey) is a Remote Access Trojan (RAT) and worm malware family used by threat actors to harvest credentials, deploy additional payloads, and conduct surveillance on infected systems. Evolving through multiple versions, including an updated v2 Domain Generation Algorithm (DGA) in late 2023, Pykspa maintains a global footprint with at least 10,000 infected hosts daily as of early 2024. Its resilience stems from DGA-based command-and-control (C2) evasion and self-propagation tactics, posing ongoing risks to individuals, enterprises, and critical infrastructure reliant on communication tools. Accordingly, users and systems administrators are advised to take proactive steps to guard against Pykspa malware threats
ngCERT cautions on active exploitation of Zero-Day vulnerabilities in Windows Remote Access Connection Manager (RasMan) and Windows Agere Modem Driver services dubbed (CVE-2025-59230 and CVE-2025-24990). Both flaws are elevation of privilege (EoP) vulnerabilities stemming from improper access control, allowing local attackers to escalate to SYSTEM-level privileges. Notably, other vulnerabilities related privileged escalation have been identified as (CVE-2025-49708 and CVE-2025-55315) with CVSS scores: 9.9. Although these vulnerabilities were addressed in Microsoft's October 2025 Patch Tuesday updates, Windows system users are at high risk of compromise and attacks. The ongoing exploitation of these vulnerabilities by attackers underscores the critical need for organizations to deploy security patches without delay.
ngCERT has detected a critical and easily exploitable vulnerability affecting the Oracle E-Business Suite (EBS) in Nigeria. This vulnerability assigned CVE-2025-61882 could be exploited remotely by an unauthenticated attacker with network access via HTTP to achieve remote code execution (RCE), potentially leading to full system takeover. Assigned a CVSS 3.1 with a base score of 9.8 (Critical), the flaw has been actively exploited in the wild by the Cl0p ransomware group; hence, it has been listed in CISA's Known Exploited Vulnerabilities (KEV) Catalogue. There is therefore an urgent need for organisations to update applications and apply patches to safeguard against exploits and possible cyberattacks.
