Tag: detection
-
AsyncRAT Leverages Fileless Techniques to Bypass Detection
Fileless malware has become a formidable adversary for security teams, operating entirely in memory and evading disk-based detection. A recent incident demonstrates how attackers leveraged a multi-stage fileless loader to deploy AsyncRAT, a powerful Remote Access Trojan (RAT), through legitimate system tools”, leaving almost no footprint on disk. This case study highlights critical techniques for…
-
Kikimora Announces Launch of Kikimora Agent: Accessible AI-Powered Cybersecurity Platform for SME Security
Sofia, Bulgaria, September 10th, 2025, CyberNewsWire Kikimora, a cybersecurity specialist and a product developer, has announced the launch of Kikimora Agent, a new AI-powered platform providing accessible cybersecurity management, vulnerability detection, and asset monitoring for businesses, individuals, and students. Kikimora Agent combines conversational AI with automated security workflows, reducing the workload for small and medium-sized…
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
Phishing kit Salty2FA washes away confidence in MFA
A call for layered and adaptive defenses: Countering Salty2FA might need something more than passwords and legacy controls, industry experts agreed. Darren Guccione, CEO of Keeper Security, argued that passkeys and passwordless authentication should be part of the strategy. “These technologies complement existing security measures by reducing reliance on traditional passwords, which remain a prime…
-
Phishing kit Salty2FA washes away confidence in MFA
A call for layered and adaptive defenses: Countering Salty2FA might need something more than passwords and legacy controls, industry experts agreed. Darren Guccione, CEO of Keeper Security, argued that passkeys and passwordless authentication should be part of the strategy. “These technologies complement existing security measures by reducing reliance on traditional passwords, which remain a prime…
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
SentinelOne Announces Plans to Acquire Observo AI
The combined company will help customers separate data ingestion from SIEM, to improve detection and performance. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/sentinelone-acquire-observo-ai
-
5 ways CISOs are experimenting with AI
Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementTranslating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
-
5 ways CISOs are experimenting with AI
Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementTranslating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
-
SHARED INTEL QA: Is your antivirus catching fresh threats, or just echoing VirusTotal?
In cybersecurity, trust often hinges on what users think their software is doing, versus what’s actually happening under the hood. Related: Eddy Willem’s ‘Borrowed Brains’ findings Take antivirus, for example. Many users assume threat detection is based on proprietary… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/shared-intel-qa-is-your-antivirus-catching-fresh-threats-or-just-echoing-virustotal/
-
SHARED INTEL QA: Is your antivirus catching fresh threats, or just echoing VirusTotal?
In cybersecurity, trust often hinges on what users think their software is doing, versus what’s actually happening under the hood. Related: Eddy Willem’s ‘Borrowed Brains’ findings Take antivirus, for example. Many users assume threat detection is based on proprietary… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/shared-intel-qa-is-your-antivirus-catching-fresh-threats-or-just-echoing-virustotal/
-
SHARED INTEL QA: Is your antivirus catching fresh threats, or just echoing VirusTotal?
In cybersecurity, trust often hinges on what users think their software is doing, versus what’s actually happening under the hood. Related: Eddy Willem’s ‘Borrowed Brains’ findings Take antivirus, for example. Many users assume threat detection is based on proprietary… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/shared-intel-qa-is-your-antivirus-catching-fresh-threats-or-just-echoing-virustotal/
-
SentinelOne Buys Observo AI for $225M to Fuel Data Ingestion
Observo Buy Gives Customers Real-Time SIEM Ingestion and Vendor-Agnostic Options. SentinelOne’s Observo AI buy gives customers a flexible, AI-powered data pipeline for faster detection and SIEM freedom. The acquisition bolsters its AI-native SIEM vision and offers a lower-cost, real-time alternative to traditional solutions such as Splunk. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/sentinelone-buys-observo-ai-for-225m-to-fuel-data-ingestion-a-29392
-
GhostAction campaign steals 3325 secrets in GitHub supply chain attack
Tags: ai, attack, control, credentials, data-breach, detection, exploit, github, malicious, network, pypi, risk, supply-chain, threatThreat contained within days: GitGuardian’s security team responded quickly after detection, and the FastUUID package was set to read-only by PyPI administrators within minutes. The malicious commit was reverted shortly afterward. GitGuardian notified maintainers of the affected repositories, successfully contacting 573 projects, while also alerting GitHub, npm, and PyPI security teams to monitor for abuse.Although…
-
GhostAction campaign steals 3325 secrets in GitHub supply chain attack
Tags: ai, attack, control, credentials, data-breach, detection, exploit, github, malicious, network, pypi, risk, supply-chain, threatThreat contained within days: GitGuardian’s security team responded quickly after detection, and the FastUUID package was set to read-only by PyPI administrators within minutes. The malicious commit was reverted shortly afterward. GitGuardian notified maintainers of the affected repositories, successfully contacting 573 projects, while also alerting GitHub, npm, and PyPI security teams to monitor for abuse.Although…
-
MeetC2 A serverless C2 framework that leverages Google Calendar APIs as a communication channel
MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response. Background:Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept (PoC) to study and demonstrate those techniques in a controlled way, emulating those tactics so red and blue teams…
-
Keeper Security Announces Integration With CrowdStrike Falcon Next-Gen SIEM
Keeper Security has announced a new partnership with CrowdStrike, which aims to protect businesses against cyber threats. Keeper’s cloud-native PAM platform, KeeperPAM®, now integrates with CrowdStrike Falcon® Next-Gen SIEM, the AI-powered engine of the modern Security Operations Center (SOC). Organisations can now find and investigate threats with AI-powered detections from Falcon Next-Gen SIEM and rich insights…
-
Cybersecurity Snapshot: Expert Advice for Securing Critical Infrastructure’s OT and Industrial Control Systems, IoT Devices and Network Infrastructure
Tags: access, advisory, apt, attack, authentication, breach, china, cisa, cisco, cloud, compliance, computer, computing, control, credentials, cryptography, cve, cyber, cybersecurity, data, defense, detection, espionage, exploit, firmware, framework, google, government, guide, hacker, Hardware, incident response, infrastructure, international, Internet, iot, login, mfa, military, mitigation, monitoring, network, nist, organized, password, phishing, ransomware, regulation, risk, russia, sans, service, software, technology, theft, threat, tool, update, vulnerability, zero-trustDestructive cyber attacks against critical infrastructure have unfortunately become increasingly frequent. Just last week, multinational government agencies blared the alarm about a global cyber espionage campaign targeting critical infrastructure networks. With this type of cyber threat in the spotlight, we’re rounding up recent cyber advice for securing critical infrastructure. In case you missed it, here…
-
Threat Actors Exploit ScreenConnect Installers for Initial Access
A marked escalation in the abuse of ConnectWise ScreenConnect installers since March 2025, with U.S.-based businesses bearing the brunt of these incursions. Adversaries are now deploying lightweight ClickOnce runner installers”, devoid of embedded configurations”, to evade static detection, fetching malicious components at runtime. Post-installation, attackers automate the rapid deployment of two distinct remote access trojans…
-
Hackers Exploit Google Calendar API with Serverless MeetC2 Framework
A novel serverless command-and-control (C2) technique that abuses Google Calendar APIs to obscure malicious traffic inside trusted cloud services. Dubbed MeetC2, this lightweight, cross-platform proof-of-concept demonstrates how adversaries can seamlessly blend C2 communications into everyday SaaS usage, presenting fresh detection, telemetry, and response challenges for red and blue teams alike. In a recent internal purple-team…
-
Hackers Exploit Raw Disk Reads to Evade EDR and Steal Sensitive Files
Attackers can bypass Endpoint Detection and Response (EDR) tools and file locks by reading raw disk sectors directly, highlighting the urgent need for organizations to audit and secure the drivers installed on their Windows systems. In modern Windows environments, drivers provide low-level access to hardware and disk functions. A recent investigation by Workday’s Offensive Security…
-
Colombian Malware Exploits SWF and SVG to Evade Detection
A sophisticated malware campaign targeting Colombian institutions through an unexpected vector: weaponized SWF and SVG files that successfully evade traditional antivirus detection. The discovery emerged through VirusTotal’s newly enhanced Code Insight platform, which added support for analyzing these vector-based file formats just as attackers began exploiting them to impersonate the Colombian justice system. Despite Adobe…
-
Colombian Malware Exploits SWF and SVG to Evade Detection
A sophisticated malware campaign targeting Colombian institutions through an unexpected vector: weaponized SWF and SVG files that successfully evade traditional antivirus detection. The discovery emerged through VirusTotal’s newly enhanced Code Insight platform, which added support for analyzing these vector-based file formats just as attackers began exploiting them to impersonate the Colombian justice system. Despite Adobe…
-
Sitecore zero-day configuration flaw under active exploitation
__VIEWSTATE and can be signed and encrypted with keys, called ValidationKey and DecryptionKey, stored in the application configuration file.If these keys are stolen or leaked, attackers can use them to craft malicious ViewState payloads inside POST requests that the server will then decrypt, validate, and execute by loading them into the memory of its worker…
-
Shift5 Gets $75M for Cyber Push in Defense and Transit
Startup to Expand Dual-Use Tech, Tackle GPS Jamming Threats With Series C Funding. With a $75 million Series C raise, Shift5 plans to scale its operational intelligence platform across military and commercial transportation. Its focus includes enhanced threat detection, predictive maintenance and data-driven safety measures amid rising cyberthreats to infrastructure. First seen on govinfosecurity.com Jump…