Tag: detection
-
Critical Fortinet FortiSandbox flaws now exploited in attacks
Attackers are now exploiting several critical vulnerabilities in Fortinet’s FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-fortinet-fortisandbox-flaws-now-exploited-in-attacks/
-
Critical Fortinet FortiSandbox flaws now exploited in attacks
Attackers are now exploiting several critical vulnerabilities in Fortinet’s FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-fortinet-fortisandbox-flaws-now-exploited-in-attacks/
-
Webinar: How behavioral AI stops phishing and account takeovers
Modern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavioral AI can help automate detection, investigation, and remediation to reduce alert fatigue and accelerate response times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-how-behavioral-ai-stops-phishing-and-account-takeovers/
-
PhishLumos: Exposing phishing campaigns that evade detection by hiding content
Phishing remains one of the most stubbornly persistent threats in cybersecurity: humans are tired, distracted, trusting, and susceptible to urgency and authority in ways that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/15/phishlumos-phishing-campaign-detection/
-
A fast verdict on a broken detection is still the wrong answer
Tags: detectionFirst seen on scworld.com Jump to article: www.scworld.com/native/a-fast-verdict-on-a-broken-detection-is-still-the-wrong-answer
-
France accuses Israeli firm of interfering in Scottish elections and targeting SNP
Cyber agency says BlackCore targeted John Swinney, as well as interfering in France, New York and elsewhereFrance’s cyber-security agency has accused an Israeli firm called BlackCore of interfering in the Scottish elections earlier this year by targeting the first minister, John Swinney.The disinformation detection agency <a href=”https://www.sgdsn.gouv.fr/viginum”>Viginum said BlackCore had used proxy social media accounts…
-
Rethinking MDR as Attackers and Defenders Embrace AI
For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn’t staff around the clock, couldn’t hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now.The threat landscape has changed faster than the MDR model…
-
Hackers Use Residential Proxies Networks to Evade Detection
The impact of residential proxies across our customer base by compiling billions of DNS resolutions and the associated network telemetry. The Kimwolf Botnet inside our enterprise customer networks. Follow”‘up analysis of billions of DNS resolutions across Infoblox Threat Defense Cloud customers reveals a more systemic problem: in 2026 more than 65% of customers queried domains associated with residential…
-
Hackers Exploit AWS CloudTrail and Google Cloud Logging to Hide Attacks and Steal Logs
Threat actors increasingly abuse Amazon Web Services (AWS) CloudTrail and Google Cloud Logging to evade detection, poison or exfiltrate logs, and in some cases maintain long-term visibility into victim environments. The techniques are simple in concept, powerful in effect, and evade many orgs that assume logs themselves are sacrosanct. At the core of these attacks…
-
Hackers Exploit AWS CloudTrail and Google Cloud Logging to Hide Attacks and Steal Logs
Threat actors increasingly abuse Amazon Web Services (AWS) CloudTrail and Google Cloud Logging to evade detection, poison or exfiltrate logs, and in some cases maintain long-term visibility into victim environments. The techniques are simple in concept, powerful in effect, and evade many orgs that assume logs themselves are sacrosanct. At the core of these attacks…
-
Google DoubleClick Abused in New Malspam Campaign to Deliver .NET Loader
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-based loader.”Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to treat as suspicious,” First…
-
EDRChoker Tool Abuses Windows QoS Policies to Disrupt Endpoint Security Tools
A newly disclosed red-team tool dubbed “EDRChoker” is drawing attention across the cybersecurity community for its novel approach to disrupting Endpoint Detection and Response (EDR) visibility by abusing Windows Policy-based Quality of Service (quality of service). Unlike traditional EDR evasion techniques that rely on firewall manipulation or Windows Filtering Platform (WFP) rule injection, EDRChoker operates…
-
New Magecart Attack Abuses Stripe as Malware C2
A novel Magecart campaign that weaponizes legitimate cloud services to evade detection: attackers are storing a JavaScript skimmer inside Stripe customer metadata and delivering it to victim checkouts via Google Tag Manager. The combination makes Stripe both the command server for arbitrary code and the durable exfiltration sink for stolen card data, using domains (googletagmanager.com…
-
Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns
Microsoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-ai-adoption-malware/
-
Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting
Learn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threats operating below automated detection thresholds. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/hypotheses-telemetry-and-human-judgment-inside-cisco-talos-threat-hunting/
-
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen…
-
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen…
-
Proofpoint: TA4922 Deploys New RAT and Loader Arsenal
A rapidly evolving threat cluster tracked as TA4922, a Chinese-speaking cybercriminal actor deploying a diverse and expanding malware arsenal that now includes Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT. The group is notable for its high operational tempo, shifting tactics, and ability to blend custom malware with legitimate tools and cloud services, complicating detection efforts across…
-
ClawHub, Cisco, and Vercel Skill Detection Tools Evaded by Malicious Uploads
Security researchers have shown that AI skill security scanners from ClawHub, Cisco, and Vercel’s skills.sh can be reliably bypassed using simple techniques, raising serious concerns about agentic AI supply chain defenses. In tests conducted by Trail of Bits, multiple malicious skills designed to exfiltrate data, hijack agents, or execute arbitrary code were successfully uploaded and…
-
Payouts King Ransomware Bypasses EDR via Obfuscation and Direct Syscalls
Payouts King ransomware has emerged as a notable post-BlackBasta threat, leveraging advanced obfuscation and direct system calls to evade endpoint detection and response (EDR) solutions. Threat activity observed in early 2026 shows strong overlaps with historical BlackBasta tradecraft, particularly the use of spam bombing combined with phishing and vishing. In these campaigns, attackers overwhelm victims…
-
CrowdStrike Bets on AI Detection and Response Boom
CrowdStrike CEO George Kurtz Says Enterprises Are Seeking Controls for AI Agents. CrowdStrike says enterprise adoption of agentic AI is driving demand for AI Detection and Response, as organizations seek visibility, governance and protection against emerging AI-powered threats, non-human identities and expanding autonomous workloads. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/crowdstrike-bets-on-ai-detection-response-boom-a-31862
-
Google rolls out scam call detection for Android
First seen on scworld.com Jump to article: www.scworld.com/brief/google-rolls-out-ai-scam-call-detection-for-android
-
Attackers Use AI to Automate EDR Evasion Testing
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/attackers-automate-edr-evasion-testing
-
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT.”Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to…
-
Hackers Leverage AI-Powered Tools to Streamline Active Directory Compromise
A threat campaign in which attackers leveraged AI-powered tools to streamline Active Directory (AD) compromise and accelerate endpoint detection and response (EDR) evasion testing. The activity, observed on June 2, 2026, was triggered by suspicious files originating from the path C:\Users\User\Documents\test. Sophos investigation revealed a collection of malicious components forming a structured post-exploitation framework designed to…
-
New Android feature promises to spot deepfake scam calls
Android is introducing fake call detection to help protect users from impersonation scams. The feature can detect and flag suspected spoofed calls when both parties use Phone … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/android-fake-call-detection-feature/
-
Google adds a silent check to catch scammers posing as your contacts
Android is introducing fake call detection to help protect users from impersonation scams. The feature can detect and flag suspected spoofed calls when both parties use Phone … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/android-fake-call-detection-feature/
-
Critical Start expands MDR capabilities with multi-agent AI system
Critical Start has released SOC AI, a production-proven multi-agent framework powering its AI-led Managed Detection and Response (MDR). SOC AI coordinates ten specialized … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/critical-start-soc-ai/
-
Agent Threat Rules: Open detection rule format for AI agent security threats
AI agents run inside coding assistants, MCP servers, and multi-agent frameworks, and the access that makes them useful also opens paths to prompt injection, tool poisoning, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/agent-threat-rules-ai-detection/
-
Why supply chain attacks work and what detection can actually do about it
First seen on scworld.com Jump to article: www.scworld.com/perspective/why-supply-chain-attacks-work-and-what-detection-can-actually-do-about-it