Tag: attack
-
When security becomes the attack surface: Why endpoint protection must evolve
When attackers target security tools, protection must be resilient, self-healing and always on. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/spons/when-security-becomes-the-attack-surface-why-endpoint-protection-must-evol/818265/
-
AI is reshaping DevSecOps to bring security closer to the code
Tags: access, ai, api, application-security, attack, authentication, automation, breach, business, cloud, communications, compliance, container, control, data, data-breach, detection, exploit, governance, infrastructure, injection, least-privilege, risk, service, skills, software, sql, strategy, supply-chain, threat, tool, training, vulnerabilityExplicit security requirements elevate AI benefits: While deploying AI with DevSecOps is helping to shift the emphasis on security to earlier in the development lifecycle, this requires “explicit instruction to do it right,” says Noe Ramos, vice president of AI operations at business software provider Agiloft.”AI coding assistants accelerate development meaningfully, but they optimize for…
-
North Korean Hackers Target Pharma Firms with Malware-Laced Excel Attacks
North Korean state-backed hackers are using weaponized Excel-themed files to infect pharmaceutical and life science companies with malware, abusing Windows shortcut files, PowerShell, and cloud storage for stealthy data theft. The campaign begins with highly tailored spear”‘phishing emails sent to drug manufacturers and related life science organizations. Messages typically reference legitimate”‘sounding topics such as ERP…
-
North Korean Hackers Target Pharma Firms with Malware-Laced Excel Attacks
North Korean state-backed hackers are using weaponized Excel-themed files to infect pharmaceutical and life science companies with malware, abusing Windows shortcut files, PowerShell, and cloud storage for stealthy data theft. The campaign begins with highly tailored spear”‘phishing emails sent to drug manufacturers and related life science organizations. Messages typically reference legitimate”‘sounding topics such as ERP…
-
BlackFile Group Targets Retail and Hospitality with Vishing Attacks
Researchers uncover a new data theft and extortion group dubbed “BlackFile” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/blackfile-group-targets-retail/
-
BlackFile Group Targets Retail and Hospitality with Vishing Attacks
Researchers uncover a new data theft and extortion group dubbed “BlackFile” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/blackfile-group-targets-retail/
-
BlackFile Group Targets Retail and Hospitality with Vishing Attacks
Researchers uncover a new data theft and extortion group dubbed “BlackFile” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/blackfile-group-targets-retail/
-
ClickFix Attack Swaps PowerShell for Cmdkey, Remote Regsvr32 Payloads
A newly identified ClickFix attack variant is raising concerns among cybersecurity researchers after it was observed replacing traditional PowerShell-based delivery with a stealthier technique leveraging native Windows utilities. The infection begins with a familiar ClickFix tactic: a phishing page disguised as a CAPTCHA verification prompt. Victims are instructed to press Win + R, paste a…
-
Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions
What happened SentinelOne has uncovered Fast16, a Lua-based sabotage malware developed and deployed years before Stuxnet that was designed to tamper with high-precision calculation software used in civil engineering, physics, and physical process simulations. The malware was used in an attack in 2005 and was referenced in the ShadowBrokers’ 2016 leak of NSA offensive tools….The…
-
Trigona ransomware adopts custom tool to steal data and evade detection
Trigona ransomware now uses a custom command-line tool to steal data faster and evade detection, replacing tools like Rclone and MegaSync. Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities like Rclone or MegaSync. This shift, seen in March 2026 incidents, gives attackers more control and…
-
Introducing Proactive Hardening and Attack Surface Reduction (PHASR) for Linux and macOS
<div cla As Linux dominates cloud-native infrastructure and macOS becomes the standard for high-value targets in development and executive leadership, the attack surface is no longer Windows-centric. Modern attack playbooks weaponize Living off the Land (LOTL) binariespre-installed, legitimate system toolsto blend malicious activity with normal operations and bypass standard detection telemetry. First seen on securityboulevard.com…
-
Best of the Worst: Five Attacks That Looked Broken (and Worked)
<div cla I skipped last week’s roundup. Holiday weekend, family stuff, the usual. So this is a two-week-ish view of what we’ve published in the Threat Intelligence series since Edition 03 dropped on April 13. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/best-of-the-worst-five-attacks-that-looked-broken-and-worked/
-
Best of the Worst: Five Attacks That Looked Broken (and Worked)
<div cla I skipped last week’s roundup. Holiday weekend, family stuff, the usual. So this is a two-week-ish view of what we’ve published in the Threat Intelligence series since Edition 03 dropped on April 13. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/best-of-the-worst-five-attacks-that-looked-broken-and-worked/
-
9 Identity-Based Threats Redefining Cybersecurity in 2026 (Beyond Credential Stuffing)
Tags: ai, attack, authentication, credentials, cybersecurity, deep-fake, identity, mfa, phishing, threatDiscover the 9 most dangerous identity-based threats in 2026, from AI phishing attacks and deepfake authentication bypass to MFA fatigue and harvest-now-decrypt-later quantum threats. Learn why legacy authentication fails against each one and how phishing-resistant, passwordless authentication changes the equation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/9-identity-based-threats-redefining-cybersecurity-in-2026-beyond-credential-stuffing/
-
9 Identity-Based Threats Redefining Cybersecurity in 2026 (Beyond Credential Stuffing)
Tags: ai, attack, authentication, credentials, cybersecurity, deep-fake, identity, mfa, phishing, threatDiscover the 9 most dangerous identity-based threats in 2026, from AI phishing attacks and deepfake authentication bypass to MFA fatigue and harvest-now-decrypt-later quantum threats. Learn why legacy authentication fails against each one and how phishing-resistant, passwordless authentication changes the equation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/9-identity-based-threats-redefining-cybersecurity-in-2026-beyond-credential-stuffing/
-
15 Costliest Credential Stuffing Attack Examples of the Decade (and the Authentication Lessons They Teach)
Explore the 15 most expensive credential stuffing attacks of the decade. Learn the critical authentication lessons to protect your business from account takeover. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/15-costliest-credential-stuffing-attack-examples-of-the-decade-and-the-authentication-lessons-they-teach/
-
TekStream Targets Proactive Security With ImagineX Cyber Buy
Acquisition Adds Advisory, GRC and Vulnerability Services to ImagineX’s MDR Core. TekStream acquired ImagineX’s cyber division to integrate advisory, vulnerability management and GRC with its MDR services, aiming to help CISOs defend against faster, AI-driven attacks by unifying proactive and reactive security into a single operational model. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/tekstream-targets-proactive-security-imaginex-cyber-buy-a-31507
-
AI-Driven Cybersecurity: Transforming Enterprise Security with Intelligent Automation
The rise of cloud computing, remote work, IoT devices, and interconnected systems has significantly expanded the attack surface. At the same time, cyber threats are evolving rapidly”, becoming more sophisticated, automated, and harder to detect. Traditional cybersecurity approaches, which rely heavily on rule-based systems and manual intervention, are no longer sufficient. This is where AI-driven…
-
New ClickFix attack Hides in Native Windows Tools to Reduce Detection Risk
Fake CAPTCHA ClickFix attack tricks users into running malicious commands, using cmdkey and regsvr32 to maintain persistence and avoid detection on Windows First seen on hackread.com Jump to article: hackread.com/clickfix-variant-native-windows-tools-bypass-security/
-
TDL 020 – Why DNS Is Your First Line of Cyber Defense – Chris Buijs
Tags: access, attack, automation, business, cisco, ciso, cloud, container, corporate, country, cyber, cybersecurity, data, ddos, defense, dns, encryption, endpoint, finance, firewall, group, hacker, ibm, infrastructure, Internet, iot, jobs, malicious, microsoft, network, office, phone, programming, router, saas, service, software, startup, strategy, switch, technology, threat, tool, training, update, usa, vulnerability, zero-trustIn Episode 20 of The Defender’s Log, host David Redekop sits down with Amsterdam-based tech veteran Chris Buijs to discuss the often-overlooked backbone of internet security: DNS (Domain Name System). The “Set-it-and-Forget-it” Trap Buijs, who transitioned from an electrician to a network architect, notes that many organizations treat DNS as a “utility” rather than a…
-
TDL 020 – Why DNS Is Your First Line of Cyber Defense – Chris Buijs
Tags: access, attack, automation, business, cisco, ciso, cloud, container, corporate, country, cyber, cybersecurity, data, ddos, defense, dns, encryption, endpoint, finance, firewall, group, hacker, ibm, infrastructure, Internet, iot, jobs, malicious, microsoft, network, office, phone, programming, router, saas, service, software, startup, strategy, switch, technology, threat, tool, training, update, usa, vulnerability, zero-trustIn Episode 20 of The Defender’s Log, host David Redekop sits down with Amsterdam-based tech veteran Chris Buijs to discuss the often-overlooked backbone of internet security: DNS (Domain Name System). The “Set-it-and-Forget-it” Trap Buijs, who transitioned from an electrician to a network architect, notes that many organizations treat DNS as a “utility” rather than a…
-
Flurry of Supply-Chain Software Library Attacks
Continuous Integration Has Its Downsides. As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not only rely on code integrity tools, but also to introduce a delay before merging new repos, since unfolding attacks tend to get spotted in days, if not hours or minutes. First seen on govinfosecurity.com Jump…
-
New BlackFile extortion group linked to surge of vishing attacks
A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-blackfile-extortion-gang-targets-retail-and-hospitality-orgs/
-
AI-Driven Attacks on Banking Databases: Governance at Scale
Mythos-class AI systems pose a new database security risk for financial institutions. Learn how Liquibase Secure protects against autonomous attacks and state corruption. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ai-driven-attacks-on-banking-databases-governance-at-scale/
-
AI-Driven Attacks on Banking Databases: Governance at Scale
Mythos-class AI systems pose a new database security risk for financial institutions. Learn how Liquibase Secure protects against autonomous attacks and state corruption. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ai-driven-attacks-on-banking-databases-governance-at-scale/
-
Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner
Germany’s Bundestag President Klöckner was targeted in a Signal phishing attack via a fake CDU group chat. Germany’s Bundestag President Julia Klöckner has reportedly become the latest European political figure targeted through a Signal-based phishing attack, reported Der Spiegel. The incident is another reminder that even trusted messaging apps can become entry points when attackers…
-
TeamPCP Hijacks Bitwarden CLI, Uses Dependabot to Deploy Shai-Hulud Malware
GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools. First seen on hackread.com Jump to article: hackread.com/teampcp-bitwarden-cli-dependabot-shai-hulud-malware/
-
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable/
-
Checkmarx supply chain attack impacts Bitwarden npm distribution path
Bitwarden CLI was hit by the Checkmarx supply chain attack. Version 2026.4.0 shipped malicious code in bw1.js via a compromised GitHub Action. Bitwarden CLI has been compromised as part of the ongoing Checkmarx supply chain campaign, researchers warn. The affected version, @bitwarden/cli 2026.4.0, contained malicious code hidden in the bw1.js file. The breach likely stemmed…