Tag: attack
-
Iranian cyber espionage disguised as a Chaos Ransomware attack
Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended…
-
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
In hard-to-detect attacks, hackers are dropping the CloudZ RAT and a fresh plugin, Pheno, to hijack the Windows-based bridge between PCs and smartphones. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attacks-abuse-windows-phone-link-texts-bypass-2fa
-
Why ransomware attacks succeed even when backups exist
Backups don’t fail because they’re missing, they fail because attackers destroy them first. Acronis explains how ransomware targets backup systems before encryption, leaving no path to recovery. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-ransomware-attacks-succeed-even-when-backups-exist/
-
Phishing Attack Weaponizes Calendar Invites to Steal Login Credentials
A new large-scale phishing campaign is abusing fake event invitations to compromise U.S. organizations, combining credential theft, OTP interception, and the deployment of remote monitoring and management (RMM) tools in a single operation. The campaign stands out because it blends familiar user workflows with legitimate-looking infrastructure, making it harder for security teams to spot and…
-
Massive DDoS Attack Generates 2.45 Billion Requests Using 1.2 Million IP Addresses
A distributed denial-of-service attack targeted a major user-generated content platform, generating an astonishing 2.45 billion malicious requests in just 5 hours. Security provider DataDome successfully intercepted the assault in real time, ensuring legitimate users experienced no disruption. Threat researchers analyzing the incident discovered that the operation relied on 1.2 million unique Internet Protocol addresses. Instead…
-
Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign
Rapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-linked-apt-chaos-ransomware/
-
CISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-Attack
CISA’s CI Fortify initiative aim for critical infrastructure operators to build isolation & recovery First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-ci-fortify-isolation-recovery/
-
Hackers compromise Daemon Tools in global supply-chain attack, researchers say
Researchers at Kaspersky said attackers tampered with installers for Daemon Tools, a popular program used to mount disk images as virtual drives, and distributed them through the software’s official website. First seen on therecord.media Jump to article: therecord.media/hackers-compromise-daemon-tools-global-supply-chain-attack
-
New malware turns Linux systems into P2P attack networks
Persistence through rootkits and PAM backdoors: The researchers also wrote of QLNX’s use of rootkits and Linux Pluggable Authentication Modules (PAM) to establish long term persistence. According to Trend Micro, the malware leverages rootkit functionality to conceal malicious activity, processes, and components from administrative tools and security monitoring systems.The malware was also observed tampering with…
-
Taiwan High Speed Rail Hit by Spoofing Attack That Stops Three Trains
During the recent Qingming Festival holiday, the Taiwan High Speed Rail (THSR) experienced a severe cybersecurity incident that disrupted major transit operations. Three trains were suddenly forced into emergency stops, causing a 48-minute delay for passengers. Authorities have now determined that the disruption was not a mechanical failure but a targeted radio signal spoofing attack…
-
Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks
Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks.”This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute,” Google’s product and security teams said.The initiative builds upon the foundation of Pixel Binary Transparency, which Google…
-
Poisoned truth: The quiet security threat inside enterprise AI
It takes surprisingly little poison to corrupt: Bad internal data is the immediate problem. But the external supply chain may be even harder to control.Research by Anthropic, the UK AI Security Institute, and the Alan Turing Institute discovered that as few as 250 maliciously crafted documents can poison LLMs of any size.That creates a massive…
-
Palo Alto Networks PAN-OS flaw exploited for remote code execution
Palo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution. Palo Alto Networks has warned that a critical PAN-OS vulnerability, tracked as CVE-2026-0300 (CVSS score of 9.3), is actively exploited in the wild. The flaw is a buffer overflow that allows unauthenticated remote code execution,…
-
Palo Alto Networks warns of firewall RCE zero-day exploited in attacks
Tags: attack, authentication, exploit, firewall, network, rce, remote-code-execution, vulnerability, zero-dayPalo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-actively-exploited-firewall-zero-day/
-
Massive “Low and Slow” DDoS Attack Hits Platform With 2.45 Billion in 5 Hours
DataDome researchers uncovered a massive low and slow DDoS attack that delivered 2.45 billion requests using 1.2 million IP addresses. First seen on hackread.com Jump to article: hackread.com/low-and-slow-ddos-attack-hits-2-45-billion-5-hours/
-
QLNX Targets Developers in Supply Chain Credential Theft Campaign
QLNX is a newly documented Linux remote access trojan (RAT) that targets the theft on developers’ and DevOps credentials to hijack software supply chains. Recent attacks against popular projects like LiteLLM on PyPI and the Axios npm package have shown how a single compromised maintainer account can be used to push backdoored releases to millions…
-
Google expands Android Binary Transparency to counter supply chain attacks
Supply chain attacks on mobile software have grown alongside the expanding role of phones in daily life, from payments to government IDs to AI features. Google is responding … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/06/google-android-binary-transparency/
-
Attackers Bypass Azure AD Conditional Access Using Phantom Device Registration
A recent authorized red team operation by Howler Cell has demonstrated a critical attack path that completely bypasses Microsoft Entra ID (Azure AD) Conditional Access. Azure Conditional Access acts as the primary gatekeeper for cloud identity security, enforcing access rules based on user location, device compliance, and calculated risk scores. However, by starting with a…
-
Ransomware Gangs Escalate Attacks on Aviation and Aerospace Sector
Ransomware and data extortion groups are increasingly targeting the aviation and aerospace sector, exploiting interconnected systems, shared platforms, and identity-based access models to cause operational disruption and data compromise. Cyber risk across aviation has shifted beyond traditional IT incidents toward ransomware attacks, credential theft, and platform-level compromise. The aviation ecosystem relies heavily on shared IT…
-
India orders infosec red alert in case Mythos sparks crime spree
Securities regulator urges market players to develop new strategies and nail cyber-basics before AI models fuel mass attacks First seen on theregister.com Jump to article: www.theregister.com/2026/05/06/india_seb_mythos_infosec_advice/
-
News brief: Critical infrastructure, OT cybersecurity attacks
Check out the latest security news from TechTarget SearchSecurity’s sister sites, Cybersecurity Dive and Dark Reading. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366642732/News-brief-Critical-infrastructure-OT-cybersecurity-attacks
-
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
-
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools users: It’s time to check your machines for stealthy infections, stat. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/
-
CISA ‘CI Fortify’ Aims to Keep Services Running Under Attack
Critical Infrastructure Operators Urged to Fortify Against Nation-State Attacks. The Cybersecurity and Infrastructure Security Agency launched CI Fortify, urging critical infrastructure operators to adopt isolation and rapid recovery capabilities to maintain essential services under cyberattacks, amid warnings that nation-state actors are already embedded in operational systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisa-ci-fortify-aims-to-keep-services-running-under-attack-a-31602
-
Proof of Concept: Anatomy of a Breach – Cyber Readiness
Security Leaders From Equifax, Rapid7 on Identity Security and Visibility Failures. In part one of the Anatomy of a Breach series, Equifax’s Jeremy Koppen and Rapid7’s Christiaan Beek examine why familiar security gaps still lead to breaches. Experts discuss ways to improve readiness in the face of identity-driven attacks, visibility failures and governance weaknesses. First…
-
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools users: It’s time to check your machines for stealthy infections, stat. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/
-
CISA ‘CI Fortify’ Aims to Keep Services Running Under Attack
Critical Infrastructure Operators Urged to Fortify Against Nation-State Attacks. The Cybersecurity and Infrastructure Security Agency launched CI Fortify, urging critical infrastructure operators to adopt isolation and rapid recovery capabilities to maintain essential services under cyberattacks, amid warnings that nation-state actors are already embedded in operational systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisa-ci-fortify-aims-to-keep-services-running-under-attack-a-31602