Tag: detection

Hackers ‘Shellter’ Various Stealers in Red Team Tool to Evade Detection

Jul 8, 2025 5:34 PM

Tags: detection, hacker, malware, RedTeam, tool

Researchers have uncovered multiple campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware by leveraging key features of the AV/EDR evasion framework. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/hackers-shellter-red-team-tool-evade-detection
ClickFix-Attacken bedrohen Unternehmenssicherheit

Jul 8, 2025 4:34 PM

Tags: access, apple, awareness, cyberattack, detection, endpoint, exploit, intelligence, Internet, linux, mail, malware, microsoft, open-source, phishing, powershell, ransomware, social-engineering, spam, threat, tool, windows

Cyberkriminelle greifen immer häufiger auf ClickFix-Angriffe zurück.Weniger bekannt als Phishing ist die Social-Engineering-Methode ClickFix. Ziel solcher Attacken ist es, die Opfer dazu zu bewegen, bösartige Befehle in Tools wie PowerShell oder die Windows-Eingabeaufforderung einzufügen. Die Angriffe beginnen in der Regel, nachdem ein Benutzer eine kompromittierte oder bösartige Website besucht oder einen betrügerischen Anhang oder Link…
Oft mehr Schein als Sein: Managed Detection and Response (MDR)

Jul 8, 2025 7:34 AM

Tags: detection

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/scheinloesung-managed-detection-and-response-mdr
Batavia Spyware Targets Employees via Weaponized Word Documents Delivering Malware Payloads

Jul 7, 2025 7:34 PM

Tags: cyber, detection, email, kaspersky, malware, phishing, russia, spyware

Batavia, an unidentified spyware, has been using a sophisticated phishing operation to target Russian industrial organizations since July 2024. Kaspersky researchers have identified a sharp rise in detections since early March 2025, with over 100 users across dozens of organizations falling prey to bait emails disguised as contract agreements. These emails, often containing file names…
Researchers Share CitrixBleed 2 Detection Analysis After Initial Hold

Jul 7, 2025 3:34 PM

Tags: citrix, detection, flaw, vulnerability

Vulnerability research company WatchTowr published a detection analysis for the Citrix Blled 2 flaw First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/citrixbleed-2-detection-analysis/
XWorm RAT Deploys New Stagers and Loaders to Bypass Defenses

Jul 7, 2025 2:34 PM

Tags: access, attack, cyber, cybercrime, data, defense, detection, malicious, rat

The XWorm Remote Access Trojan (RAT), a longstanding favorite among cybercriminals, has recently showcased a significant evolution in its attack methodology, employing an array of sophisticated stagers and loaders to evade detection and infiltrate systems. Known for its comprehensive malicious capabilities including keylogging, remote desktop access, data exfiltration, and command execution XWorm has become a…
RingReaper: New Linux EDR Evasion Tool Exploits io_uring Kernel Feature

Jul 7, 2025 10:34 AM

Tags: cyber, detection, edr, endpoint, exploit, linux, tool

A new tool named RingReaper is raising eyebrows among defenders and red teamers alike. By leveraging the legitimate, high-performance Linux kernel feature known as io_uring, RingReaper demonstrates how advanced attackers can sidestep even modern Endpoint Detection and Response (EDR) systems. The Rise of io_uring in Offensive Security Introduced in Linux kernel 5.1, io_uring was designed to provide…
Skills gaps send CISOs in search of managed security providers

Jul 7, 2025 9:34 AM

Tags: access, awareness, business, ciso, compliance, control, cyber, cybersecurity, detection, governance, group, infrastructure, intelligence, jobs, monitoring, msp, mssp, network, penetration-testing, risk, risk-assessment, service, skills, strategy, threat, tool, training, update, vulnerability

Security operations centers (SOCs)Cloud platform managementSIEM and log monitoringFramework-based cybersecurity management functionsThreat intelligence feeds and analysisVulnerability scanning and patch managementEndpoint detection and response (EDR)Firewall and network security managementCompliance tracking and audit support”MSPs already have the infrastructure and staff in place to deliver these services efficiently, and at scale,” Richard Tubb, who runs the MSP community…
Malicious SEO Plugins on WordPress Can Lead to Site Takeover

Jul 4, 2025 3:34 PM

Tags: cyber, cyberattack, detection, malicious, malware, wordpress

A new wave of cyberattacks is targeting WordPress websites through malicious SEO plugins that can lead to complete site takeover. Security analysts have uncovered sophisticated malware campaigns where attackers disguise their plugins to blend seamlessly with legitimate site components, making detection extremely challenging for administrators. One particularly insidious tactic involves naming the malicious plugin after…
Australia’s privacy watchdog warns ‘vishing’ on the rise as Qantas strengthens security after cyber-attack

Jul 3, 2025 5:34 PM

Tags: access, attack, breach, cyber, cybercrime, data, data-breach, detection, email, privacy, social-engineering, threat, update

Airline has not indicated whether customers will be compensated after the social engineering attack on a third-party system<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>Qantas has said it will beef up its security and threat detection in the wake of a <a href=”https://www.theguardian.com/business/2025/jul/02/qantas-confirms-cyber-attack-exposes-records-of-up-to-6-million-customers”>cyber-attack affecting up to 6 million customers,…
New ‘BUBBAS GATE’ Malware Advertised on Telegram Boasts SmartScreen and AV/EDR Bypass

Jul 3, 2025 3:34 PM

Tags: cyber, detection, malware, microsoft, threat

A new malware loader dubbed”BUBBAS GATE”has surfaced on underground forums and Telegram channels, drawing attention for its bold claims of advanced evasion capabilities, including bypassing Microsoft’s SmartScreen and modern AV/EDR solutions. The loader was first advertised on June 22, 2025, with the threat actor touting a suite of features designed to evade detection and maximize…
Industrial security is on shaky ground and leaders need to pay attention

Jul 3, 2025 6:34 AM

Tags: cyber, detection, iot, threat

44% of industrial organizations claim to have strong real-time cyber visibility, but nearly 60% have low to no confidence in their OT and IoT threat detection capabilities, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/03/ot-iot-threat-detection-confidence/
North Korean crypto thieves deploy custom Mac backdoor

Jul 3, 2025 12:35 AM

Tags: apple, apt, attack, backdoor, control, crime, crypto, cyberespionage, data, detection, email, finance, government, group, hacker, infection, injection, macOS, malicious, malware, north-korea, programming, rust, theft, threat, update

North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update.”North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled…
Sixfold surge of ClickFix attacks threatens corporate defenses

Jul 2, 2025 7:34 PM

Tags: access, attack, control, corporate, defense, detection, email, endpoint, incident response, malicious, powershell, tool, training

Countermeasures: ClickFix attacks often bypass many security tools because the approach relies on user interaction. Training users to recognize suspicious prompts and avoid copying and running code from untrusted sources is a critical first step in defending against the growing threat.Tightening up technical controls such as endpoint protection, web filtering, and email security technologies to…
Managed-Detection and Response meist mehr Schein als Sein

Jul 2, 2025 5:34 PM

Tags: detection, edr

Ein Blick hinter die Fassade vieler MDR-Services. Managed-Detection and Response (MDR) ist der neue Hype der IT-Sicherheitsbranche. Kaum ein Systemhaus, das nicht plötzlich MDR im Portfolio hat. Was sich hinter diesem Label verbirgt, ist oft enttäuschend: vollautomatisierte EDR- oder XDR-Lösungen mit dem Etikett ‘Managed”, das in Wahrheit kaum mehr bedeutet, als dass ein Dienstleister Herstellerlösungen lizensiert…
Cybercriminals Use Malicious PDFs to Impersonate Microsoft, DocuSign, and Dropbox in Targeted Phishing Attacks

Jul 2, 2025 4:34 PM

Tags: attack, cisco, cyber, cybercrime, detection, email, exploit, malicious, microsoft, phishing, update

Cisco’s Talos security team has uncovered a surge in sophisticated phishing campaigns leveraging malicious PDF payloads to impersonate trusted brands like Microsoft, DocuSign, and Dropbox. According to a recent update to Cisco’s brand impersonation detection engine, these attacks have expanded in scope, targeting a broader array of well-known organizations with deceptive emails designed to exploit…
Office”¯365 Introduces New Mail Bombing Detection to Shield Users

Jul 2, 2025 2:35 PM

Tags: cyber, detection, email, mail, microsoft, office, threat

Microsoft has announced a significant security upgrade for its Office 365 platform, introducing a new Mail Bombing Detection feature within Microsoft Defender for Office 365. This enhancement, rolling out globally from late June through early July 2025, is designed to automatically identify and block email bombing attacks”, a growing threat that floods user inboxes with…
That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat

Jul 2, 2025 1:34 PM

Tags: breach, cyber, detection, endpoint, firewall, network, soc, threat, vpn

With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous?Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most important threats to your organization? Breaches at edge devices and VPN gateways have risen…
LevelBlue Acquires Trustwave, Forms World’s Largest Independent MSSP

Jul 1, 2025 11:34 PM

Tags: cyber, detection, incident response, mssp, service

As the largest managed security services provider, the combined entity will offer cyber consulting, managed detection and response, and incident response services. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/levelblue-trustwave-forms-largest-independent-mssp
TA829 Hackers Use New TTPs and Enhanced RomCom Backdoor to Evade Detection

Jul 1, 2025 7:34 PM

Tags: backdoor, cyber, cybercrime, detection, espionage, group, hacker, russia, tactics

The cybercriminal group TA829, also tracked under aliases like RomCom, Void Rabisu, and Tropical Scorpius, has been observed deploying sophisticated tactics, techniques, and procedures (TTPs) alongside an updated version of its infamous RomCom backdoor, now dubbed SingleCamper (aka SnipBot). This group, known for blending financially motivated cybercrime with espionage campaigns often aligned with Russian state…
Snake Keyloggers Exploit Java Utilities to Evade Detection by Security Tools

Jul 1, 2025 6:34 PM

Tags: cyber, detection, exploit, government, group, intelligence, malware, russia, service, tool

The S2 Group Intelligence team has uncovered a Russian-origin malware known as Snake Keylogger, a stealer coded in .NET, leveraging legitimate Java utilities to bypass security tools. This operation, distributed via a Malware as a Service (MaaS) model, targets diverse victims, including companies, governments, and individuals, with a particular focus on the oil industry during…
U.S. House Homeland Security Appropriations Bill Seeks to Modernize Border Infrastructure Security with Proactive OT/IT Security Measures

Jul 1, 2025 4:34 PM

Tags: ai, attack, awareness, cctv, cisa, cloud, control, cryptography, cyber, cybersecurity, data, defense, detection, fedramp, government, incident response, infrastructure, intelligence, Internet, iot, law, mitigation, monitoring, network, office, privacy, risk, service, strategy, supply-chain, technology, threat, tool, vulnerability, zero-trust

The FY 2026 House Homeland Security Appropriations Bill highlights growing focus in Congress on protecting border infrastructure from cyber threats. The directive to implement continuous monitoring and real-time threat intelligence reflects a broader push toward modern, preventive cybersecurity across federal agencies. As the digital and physical worlds become increasingly intertwined, the technologies used to protect…
Blind Eagle Hackers Leverage Open-Source RATs and Ciphers to Evade Static Detection

Jul 1, 2025 12:34 PM

Tags: access, cyber, detection, finance, hacker, infrastructure, open-source, rat, threat

Trustwave SpiderLabs has uncovered a chilling cyber threat targeting Latin American organizations, particularly in the financial sector, with a focus on Colombian institutions. The threat cluster, linked to the notorious Proton66 OOO infrastructure, employs a cunning mix of open-source Remote Access Trojans (RATs) and advanced obfuscation techniques to bypass static detection mechanisms. Unmasking a Sophisticated…
PowerShell überwachen so geht’s

Jul 1, 2025 6:34 AM

Tags: access, cloud, cyberattack, detection, hacker, login, mail, microsoft, monitoring, powershell, tool, windows

Wird PowerShell nicht richtig überwacht, ist das Security-Debakel meist nicht weit.Kriminelle Hacker setzen mitunter auf raffinierte Techniken, um sich über ausgedehnte Zeiträume in den Netzwerken von Unternehmen einzunisten und still und heimlich sensible Daten oder Logins abzugreifen. Dabei missbrauchen die Cyberkriminellen in vielen Fällen auch vom jeweiligen Zielunternehmen freigegebene Tools, um sich initial Zugang zu…
Zig Strike: New Offensive Toolkit Generates Payloads to Evade AV, EDR, and XDR

Jun 30, 2025 8:33 AM

Tags: antivirus, cyber, cybersecurity, defense, detection, edr, endpoint

A newly released offensive cybersecurity toolkit,Zig Strike, is making waves in the security community for its advanced ability to generate payloads that evade traditional and next-generation security defenses, including antivirus (AV), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR) solutions. According to the report, Zig Strike emerges as a response to the escalating…
Building Preemptive Security Solutions to Improve Threat Detection (Part 2)

Jun 29, 2025 10:33 PM

Tags: detection, threat

First seen on scworld.com Jump to article: www.scworld.com/native/emerging-tech-building-preemptive-security-solutions-to-improve-threat-detection-part-2
CVE-2025-5777, CVE-2025-6543: Frequently Asked Questions About CitrixBleed 2 and Citrix NetScaler Exploitation

Jun 28, 2025 10:34 PM

Tags: access, advisory, attack, authentication, citrix, cloud, control, cve, data, detection, dos, exploit, group, mfa, mitigation, ransomware, service, software, threat, update, vulnerability, zero-day

Frequently asked questions about recent Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild, including CVE-2025-5777 known as CitrixBleed 2. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding CVE-2025-5777 and CVE-2025-6543, two Citrix NetScaler ADC and Gateway vulnerabilities that have…
AsyncRAT Campaign Continues to Evade Endpoint Detection

Jun 28, 2025 10:34 PM

Tags: detection, endpoint

First seen on scworld.com Jump to article: www.scworld.com/native/asyncrat-campaign-continues-to-evade-endpoint-detection
Fake account creation attacks: anatomy, detection, and defense

Jun 27, 2025 8:36 PM

Tags: attack, automation, defense, detection, framework, infrastructure

Fake account creation is one of the most persistent forms of online abuse. What used to be a fringe tactic (bots signing up to post spam) has become a scaled, repeatable attack. Today’s fake account farms operate with disposable identities, rotating infrastructure, and automation frameworks built to evade First seen on securityboulevard.com Jump to article:…
Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks

Jun 27, 2025 2:36 PM

Tags: advisory, ai, attack, authentication, breach, business, cloud, container, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, finance, firmware, group, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iran, mfa, military, network, password, risk, russia, service, strategy, tactics, technology, terrorism, threat, tool, update, vulnerability, vulnerability-management

The current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. Here’s what you need to know, and how Tenable can help. The cybersecurity landscape is in constant flux, but rarely do we see such a rapid escalation of threats as we are currently experiencing. The U.S. Department of Homeland Security’s (DHS) National Terrorism Advisory…