Tag: detection
-
New XWorm V6 Variant with Anti-Analysis Features Targeting Windows Users in Active Attacks
Netskope Threat Labs has uncovered a new iteration of the XWorm malware, version 6.0, which demonstrates ongoing development by threat actors and introduces sophisticated enhancements aimed at evading detection and maintaining persistence on Windows systems. This variant builds upon previously documented infection chains, incorporating advanced anti-analysis techniques and process protection mechanisms that make it particularly…
-
Auto-Color RAT targets SAP NetWeaver bug in an advanced cyberattack
Tags: access, ai, attack, cvss, cyberattack, cybersecurity, detection, dns, flaw, malicious, malware, network, rat, sap, update, vulnerability, zero-trustThe attack stopped in its tracks: Darktrace analysts detected the suspicious ELF download and a flurry of odd DNS and SSL connections to known malicious infrastructure. The British cybersecurity outfit claims its “Autonomous Response” intervened within minutes, restricting the device to its usual, legitimate activities while analysts investigated unusual behavior.Darktrace researchers said the malware stalled…
-
Corelight Uses Gen AI to Power Smarter Threat Detection
SaaS Enhancements Aim to Boost Network Detection, Response for Small Security Teams. Corelight’s SaaS platform Investigator is designed to bring scalable network detection and response to smaller security teams. CEO Brian Dye says Gen AI workflows and enriched network context help defenders identify threats faster and with greater confidence than ever. First seen on govinfosecurity.com…
-
Chinese ‘Fire Ant’ spies start to bite unpatched VMware instances
Tunnelling allowed lateral movement: Once inside, Fire Ant bypassed network segmentation by exploiting CVE-2022-1388 in F5 BIG-IP devices. This allowed them to deploy encrypted tunnels such as Neo-reGeorg web shells to reach isolated environments, even leveraging IPv6 to evade IPv4 filters.”The threat actor demonstrated a deep understanding of the target environment’s network architecture and policies,…
-
Chinese ‘Fire Ant’ spies start to bite unpatched VMware instances
Tunnelling allowed lateral movement: Once inside, Fire Ant bypassed network segmentation by exploiting CVE-2022-1388 in F5 BIG-IP devices. This allowed them to deploy encrypted tunnels such as Neo-reGeorg web shells to reach isolated environments, even leveraging IPv6 to evade IPv4 filters.”The threat actor demonstrated a deep understanding of the target environment’s network architecture and policies,…
-
xonPlus Launches Real-Time Breach Alerting Platform For Enterprise Credential Exposure
Chennai, India, July 25th, 2025, CyberNewsWire xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly. Built by the team behind XposedOrNot, an open-source breach detection tool used by thousands, xonPlus…
-
Vectra CEO: SOCs Need AI Agents to Keep Up With Attacks
CEO Hitesh Sheth: New AI Offerings Boost Efficiency, Address Modern Network Needs. President and CEO Hitesh Sheth details how Vectra AI uses triage, stitching and prioritization agents to enhance SOC performance and curb alert fatigue. The network detection and response vendor is expanding AI Analyst via AWS Bedrock and integrations with Zscaler and CrowdStrike. First…
-
New ACRStealer Exploits Google Docs and Steam for C2 Server Using DDR Technique
ACRStealer, an infostealer malware that has been circulating since last year and gained momentum in early 2025, continues to evolve with sophisticated modifications aimed at evading detection and complicating analysis. Initially documented by AhnLab Security Intelligence Center (ASEC) for leveraging Google Docs and Steam as command-and-control (C2) servers through the Dead Drop Resolver (DDR) technique,…
-
Silicon Valley Engineer Pleads Guilty in U.S. Missile Detection Data Theft Case
A Silicon Valley engineer with dual U.S.-China citizenship pleaded guilty to stealing critical defense technologies worth hundreds of millions of dollars, including classified systems designed to detect nuclear missile launches and track hypersonic weapons. The case highlights growing concerns about economic espionage and technology transfer to foreign adversaries. Engineer Admits to Massive Data Theft Chenguang…
-
Kerberoasting Detections: A New Approach to a Decade-Old Challenge
Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections rely on brittle heuristics and static rules, which don’t hold up for detecting potential attack patterns in highly variable Kerberos traffic. They frequently generate false positives or miss “low-and-slow” attacks…
-
Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack
Tags: attack, authentication, credentials, detection, github, malicious, mfa, phishing, rce, remote-code-execution, supply-chain, updateAutomated GitHub alarms triggered a quick response: Detection was swift once the updates bypassed GitHub’s usual commit-based alerts and raised red flags in registry logs. The maintainer revoked the compromised token, deprecated the malicious releases, and collaborated with npm to remove them.Socket noted that the attack is a textbook example of “multi-stage supply chain compromise,”…
-
UK blames Russia’s infamous ‘Fancy Bear’ group for Microsoft cloud hacks
Authentic Antics malware tool to target Microsoft cloud accounts were the handiwork of the notorious Russian Fancy Bear hacking group, the UK’s National Cyber Security Centre (NCSC) has said.Authentic Antics was discovered after a cyberattack in 2023 which prompted an NCSC technical teardown of the malware that it published in May this year. The agency…
-
AI-Powered Cloaking Tools Help Threat Actors Hide Malicious Domains from Security Scans
Threat actors are increasingly adopting AI-powered cloaking services to obfuscate phishing domains, counterfeit e-commerce sites, and malware distribution endpoints from automated security scanners. This technique, known as cloaking, involves dynamically serving innocuous >>white pages>black pages.
-
Novel malware from Russia’s APT28 prompts LLMs to create malicious Windows commands
Tags: ai, api, attack, computer, control, cyber, cyberattack, cybercrime, data, detection, dos, exploit, government, group, hacking, infrastructure, intelligence, LLM, malicious, malware, military, network, phishing, programming, russia, service, tool, ukraine, vulnerability, windows.pif (MS-DOS executable) extension, though variants with .exe and .py extensions have also been observed.CERT-UA attributes these attacks to a group it tracks as UAC-0001, but which is better known in the security community as APT28. Western intelligence agencies have officially associated this group with Unit 26165, or the 85th Main Special Service Center (GTsSS)…
-
New QR Code Attacks Through PDFs Bypass Detection and Steal Credentials
Tags: attack, communications, credentials, cyber, detection, email, exploit, intelligence, phishing, qrResearchers at Cyble Research and Intelligence Labs (CRIL) have uncovered an ongoing quishing campaign dubbed >>Scanception,
-
8 trends transforming the MDR market today
Tags: access, ai, at&t, attack, automation, breach, cloud, compliance, control, cyber, cybersecurity, data, detection, edr, endpoint, framework, GDPR, google, identity, infrastructure, intelligence, iot, least-privilege, monitoring, mssp, network, nis-2, ransomware, risk, service, siem, soc, sophos, strategy, technology, threat, tool, zero-trustDigital transformation complexifies the attack surface: As businesses modernize their IT environments, the complexity of securing hybrid and cloud-native infrastructures increases, making MDR an attractive option for scalable, expert-led protection, experts say.The shift to hybrid work, IoT adoption, and an increase in cloud migrations have dramatically expanded attack surfaces, while ransomware and AI-powered attacks constantly…
-
10 Best XDR (Extended Detection And Response) Solutions 2025
In 2025, the cybersecurity landscape is more fragmented and perilous than ever before. Organizations face an explosion of data sources, an increasing attack surface spanning endpoints, networks, cloud environments, and identities, and a relentless onslaught of sophisticated, multi-stage attacks. Traditional siloed security tools, while still important, often fail to provide the holistic visibility and coordinated…
-
Scanception Exposed: New QR Code Attack Campaign Exploits Unmonitored Mobile Access
Tags: access, attack, control, credentials, data-breach, detection, exploit, intelligence, malicious, mobile, qrCyble’s Research and Intelligence Lab (CRIL) has analyzed a new quishing campaign that leverages QR codes embedded in PDF files to deliver malicious payloads. The campaign, dubbed Scanception, bypasses security controls, harvests user credentials, and evades detection by traditional systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/scanception-qr-code-quishing-campaign/
-
Emerging Cloaking-as-a-Service Offerings are Changing Phishing Landscape
Threat actors are using anti-box tools, AI, and cloaking-as-a-service tactics to bypass security tools by showing a phishing or other malicious site to targets and harmless ones to detection and blocking tools, techniques that SlashNext researchers say are reshaping how such scams are run. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/emerging-cloaking-as-a-service-offerings-are-changing-phishing-landscape/
-
Wiz Deal Highlights Google’s Multi-Cloud Security Strategy
COO Francis deSouza Explains Google Cloud’s Push for Unified Multi-Cloud Security. COO Francis deSouza shares insights into Google Cloud’s security priorities as it pursues the $32 billion acquisition of Wiz. He explains the need for seamless multi-cloud protection, the value of Mandiant’s threat intelligence, and how AI is changing threat detection and response at scale.…
-
AI Cloaking Tools Enable HarderDetect Cyber-Attacks
Cybercriminals are using AI cloaking tools to evade detection, disguising phishing and malware sites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-cloaking-tools-enable-complex/
-
China-linked hackers target Taiwan chip firms in a coordinated espionage campaign
Tags: access, ai, attack, china, compliance, control, credentials, cyber, cybersecurity, detection, email, espionage, exploit, finance, framework, government, group, hacker, intelligence, international, login, monitoring, network, phishing, software, supply-chain, technology, threat, warfareInvestment banks in the crosshairs: A second group, UNK_DropPitch, targeted the financial ecosystem surrounding Taiwan’s semiconductor industry. This group conducted phishing campaigns against investment banks, focusing on individuals specializing in Taiwanese semiconductor analysis. The phishing emails purported to come from fictitious financial firms seeking collaboration opportunities.The third group, UNK_SparkyCarp, focused on credential harvesting through sophisticated…
-
How AI is changing the GRC strategy
Tags: access, ai, best-practice, breach, business, ciso, compliance, control, data, detection, finance, framework, fraud, governance, grc, guide, law, monitoring, network, nist, privacy, regulation, risk, risk-analysis, risk-management, strategy, threat, toolAdapting existing frameworks with AI risk controls: AI risks include data safety, misuse of AI tools, privacy considerations, shadow AI, bias and ethical considerations, hallucinations and validating results, legal and reputational issues, and model governance to name a few.AI-related risks should be established as a distinct category within the organization’s risk portfolio by integrating into…