Tag: detection
-
XLoader malware Sharpens Obfuscation, Masks C2 Traffic via Decoy Servers
XLoader’s developers have released new versions that significantly harden the malware’s code and hide its command”‘and”‘control (C2) traffic behind layers of encryption and decoy servers, making analysis and detection more difficult for defenders. This article summarizes the latest obfuscation changes introduced in version 8.1 and explains how the current C2 protocol works. Formbook first appeared…
-
Google Drive Expands AI Ransomware Detection, File Recovery to More Users
Google expands Drive ransomware detection and file recovery with its latest AI model, which detects 14 times more infections as the features move beyond beta. The post Google Drive Expands AI Ransomware Detection, File Recovery to More Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-drive-ransomware-detection-file-recovery/
-
Latest Xloader Obfuscation Methods and Network Protocol
Tags: api, automation, breach, cloud, communications, credentials, data, detection, email, encryption, framework, google, Internet, malicious, malware, microsoft, network, password, powershell, software, threat, tool, update, windowsIntroduction Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader may execute arbitrary commands and download second-stage payloads on an infected system. The author of Xloader continues to update the codebase, with the most recent observed version being 8.7. Since…
-
Beyond the Spectacle RSAC 2026 and The 5 Layers of AI Security FireTail Blog
Tags: ai, attack, business, conference, control, cybersecurity, data, detection, edr, framework, LLM, strategy, technology, tool, vulnerability, vulnerability-managementMar 31, 2026 – Jeremy Snyder – If you were at RSA Conference last year, you probably remember the goats. Or the puppies. Or the miniature petting zoos. It was a year of “over-the-top” spectacle. A bit of a circus, if I’m being honest.Coming into RSAC 2026, the vibe shifted. The show floor was noticeably…
-
Passkeys vs Bots: Do They Really Solve the Human Verification Problem?
Passkeys secure authentication but do not prove users are human. Learn how bots operate after login and why modern apps need bot detection, behavioral analysis, and runtime identity. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/passkeys-vs-bots-do-they-really-solve-the-human-verification-problem/
-
Google Drive now detects ransomware and helps restore affected files
To help organizations minimize the impact of malware attacks on personal computers, Google launched ransomware detection and file restoration in beta in September 2025. These … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/google-drive-ransomware-detection-and-file-restoration/
-
Google Introduces Advanced Ransomware Defense and Recovery Features in Drive
Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to organizations globally. Originally launched for beta testing in September 2025, these security enhancements are designed to minimize the destructive impact of malware attacks on both personal and corporate endpoints. The general availability…
-
GhostSocks Hijacks Devices as Proxy Network for Stealthy Cyberattacks
A newly emerging malware known as GhostSocks is quietly reshaping how attackers evade detection by converting compromised systems into residential proxy nodes. Modern cyberattacks rely heavily on blending into normal network traffic. Residential proxies allow attackers to route malicious activity through legitimate home IP addresses, making it appear as if traffic originates from ordinary users…
-
Kernel Observability for Data Movement
Kernel-level visibility reveals hidden data movement in breaches, exposing gaps in modern security tools and improving detection, compliance, and system behavior tracking. First seen on hackread.com Jump to article: hackread.com/kernel-observability-for-data-movement/
-
AI-Powered ‘DeepLoad’ Malware Steals Credentials, Evades Detection
The massive amount of junk code that hides the malware’s logic from security scans was almost certainly generated by AI, researchers say. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ai-powered-deepload-steals-credentials-evades-detection
-
Newly observed malware campaign likely combines AI and ClickFix
Using the techniques in tandem helps hackers evade detection, a security firm said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-malware-clickfix-deepload/816086/
-
DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection
Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/deepload-malware-clickfix-ai-code/
-
ClickFix Evades PowerShell Detection via Rundll32 and WebDAV
A new variant of the ClickFix attack technique that shifts execution away from commonly monitored tools like PowerShell and mshta, instead abusing native Windows components such as rundll32.exe and WebDAV. This evolution allows attackers to bypass traditional script-based detection mechanisms, increasing the likelihood of a successful, stealthy compromise. The attack begins similarly to earlier ClickFix…
-
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
Tags: access, advisory, ai, api, attack, cisa, cloud, credentials, cve, cvss, data, data-breach, detection, endpoint, exploit, flaw, framework, github, infrastructure, injection, kev, malicious, monitoring, nvd, open-source, rce, remote-code-execution, software, supply-chain, threat, update, vulnerability, windowscredentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it.According to a Sysdig report, crooks started hitting a fleet of honeypot nodes with vulnerable instances across multiple cloud providers and regions right after they went live. Sysdig observed four such attempts within hours of deployment, with one attacker progressing to environment variable exfiltration.”This is…
-
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
Tags: access, advisory, ai, api, attack, cisa, cloud, credentials, cve, cvss, data, data-breach, detection, endpoint, exploit, flaw, framework, github, infrastructure, injection, kev, malicious, monitoring, nvd, open-source, rce, remote-code-execution, software, supply-chain, threat, update, vulnerability, windowscredentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it.According to a Sysdig report, crooks started hitting a fleet of honeypot nodes with vulnerable instances across multiple cloud providers and regions right after they went live. Sysdig observed four such attempts within hours of deployment, with one attacker progressing to environment variable exfiltration.”This is…
-
Watchguard optimiert Network-Detection and Response für KMUs und MSPs
Mit ‘WatchGuard NDR for Firebox”, ‘Managed NDR” und ‘Total NDR” hat Watchguard Technologies drei neue Lösungen vorgestellt, die Unternehmen mit geringem Aufwand den Einsatz von KI-gestützter Bedrohungserkennung im Netzwerk ermöglichen. Sie sind damit in der Lage, böswillige Aktivitäten aufzudecken, zu untersuchen und einzudämmen ganz ohne komplexe Betriebs- und Administrationsaufgaben. Mit dieser Erweiterung der bewährten NDR-Funktionen […]…
-
GitHub phishers use fake OpenClaw tokens to drain crypto wallets
Smart, obfuscated malware code: According to OX, the malicious phishing and wallet-stealing code is “highly obfuscated” and resides within the “eleven.js” JavaScript file in the repository.The threat actor used “watery-compost[.]today” to host a C2 server to collect information (including wallet address, transaction value, and name) and drain wallets once they were connected. Commands used by…
-
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control.But one question usually stays unanswered: Would your defenses actually stop a real attack?That’s where things get shaky. A control exists, so it’s assumed to work. A detection rule is active,…
-
Preventing Account Takeovers: A Practical Guide to Detection and Response
Yesterday’s password leak can become tomorrow’s identity crisis. According to research firm Gitnux, account-takeover attacks jumped 354 percent in 2023, driven by bots that replay stolen credentials and infostealer malware that sidesteps multi-factor prompts. The fallout, billions in fraud losses, shaken customer trust, and security teams scrambling, demands a clear plan. In this article, we:…
-
What the UK Cyber Security Resilience Bill Means for Security Practitioners
Tags: cloud, compliance, cyber, data, detection, finance, framework, incident response, msp, network, nis-2, regulation, resilience, risk, saas, service, supply-chainThe UK Cyber Security & Resilience Bill is progressing through Parliament Royal Assent expected later in 2026. The UK’s Cyber Security and Resilience Bill is working its way through Parliament, and if you haven’t started paying serious attention yet, now is the time. Introduced to the House of Commons in November 2025, the Bill represents…
-
GitHub adds AI-powered bug detection to expand security coverage
GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-adds-ai-powered-bug-detection-to-expand-security-coverage/
-
BSidesSLC 2025 LLM-Powered Network Intrusion Detection
Author, Creator & Presenter: -Taeyang Kim – Machine Learning Engineer at Pattern Inc. Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-llm-powered-network-intrusion-detection/
-
Bubble AI app builder abused to steal Microsoft account credentials
Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bubble-ai-app-builder-abused-to-steal-microsoft-account-credentials/
-
Miggo Security Expands Runtime Defense Platform With AI-BOM, Agentic Detection, and MCP Monitoring
Miggo Security is significantly expanding its Runtime Defense Platform at RSA Conference 2026, adding an AI Bill of Materials, runtime guardrails, and Agentic Detection and Response capabilities. The release is aimed at organizations running AI agents, Model Context Protocol toolchains, and shadow AI in production environments where existing security controls fall short. The problem Miggo..…
-
Cloud Phones Linked to Rising Financial Fraud Threat
Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cloud-phones-financial-fraud/
-
Broadcom Introduces Symantec CBX, Unifying Symantec and Carbon Black Into a Single XDR Platform
Broadcom has introduced Symantec CBX (Carbon Black XDR), a cloud-based platform that unifies Symantec and Carbon Black technologies into a single extended detection and response solution. The announcement was made March 23 at RSAC 2026 in San Francisco. The platform targets organizations that face serious threats but don’t have the staffing or budget to run..…
-
You Can’t Monetize What You Can’t See: AI Traffic Detection for Publishers
You can’t monetize what you can’t see. Learn how DataDome’s AI traffic detection helps publishers control access, stop content theft, and turn risk into revenue. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/you-cant-monetize-what-you-cant-see-ai-traffic-detection-for-publishers/
-
When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com Part Five
Tags: backdoor, control, data, detection, encryption, infrastructure, leak, malicious, malware, network, resilience, software, windowsDear blog readers, Continuing the “When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Four” blog post series in this post I’ll continue analyzing the next malicious software binary which I obtained by data mining Conti Leaks with a lot of success. …
-
Obfuscated VBS and PNG Loaders Power New Open Directory Malware Campaign with RAT Payloads
A sophisticated, multi-stage delivery framework leveraging obfuscated Visual Basic Script (VBS) files, fileless PowerShell loaders, and payloads hidden within PNG images. The activity was initially detected by LevelBlue’s Managed Detection and Response (MDR) SOC through a SentinelOne alert involving a suspicious VBS file. The file, identified as Name_File.vbs, was located in a public downloads directory…