Tag: group

TA446 Uses DarkSword Exploit Kit to Target iPhone Users

Mar 30, 2026 2:30 PM

Tags: cyber, data-breach, espionage, exploit, government, group, iphone, phishing, russia

TA446, a Russia-linked espionage group, has started using the DarkSword exploit kit to compromise iOS devices in a new phishing wave that abuses Atlantic Council”‘themed lures. The campaign underscores how quickly leaked iOS exploit chains can be weaponized against high”‘value policy and government targets. Unlike earlier TA446 operations that relied on password”‘protected ZIP attachments delivering…
APIs are the new perimeter: Here’s how CISOs are securing them

Mar 30, 2026 1:29 PM

Tags: access, ai, api, attack, authentication, banking, breach, business, ciso, cloud, compliance, computer, control, credentials, cyber, data, data-breach, defense, edr, endpoint, exploit, finance, gartner, governance, group, Hardware, identity, infrastructure, iot, least-privilege, malicious, mobile, monitoring, network, risk, risk-assessment, saas, service, software, strategy, technology, threat, tool, unauthorized, vulnerability, vulnerability-management, waf

Legacy defenses can’t keep up: Traditional perimeter-based defenses are often insufficient against API-layer attacks. Traditional security defenses, such as EDR, XDR, and WAF, “primarily focus on clients, hardware, and software endpoints, looking at IP-based attack vectors,” explains BECU’s Murphy. “APIs bring us into the world of business logic and runtime types of issues.”Others agree that…
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

Mar 30, 2026 10:29 AM

Tags: apt, attack, email, exploit, group, iphone, malicious, phishing, russia, spear-phishing, threat

Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

Mar 30, 2026 10:29 AM

Tags: apt, attack, email, exploit, group, iphone, malicious, phishing, russia, spear-phishing, threat

Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…
CanisterWorm Targets Docker, Kubernetes, and Redis to Steal Secrets

Mar 30, 2026 9:30 AM

Tags: access, api, cloud, credentials, cyber, cybercrime, data-breach, docker, exploit, extortion, group, kubernetes, malware, unauthorized, vulnerability

A financially motivated cybercrime group known as TeamPCP is actively exploiting poorly secured cloud environments using a self-propagating malware called “CanisterWorm.” The campaign targets exposed Docker APIs, Kubernetes clusters, Redis servers, and known vulnerabilities like React2Shell to gain unauthorized access, steal credentials, and extort victims. The activity escalated over the past weekend with a destructive…
Security Affairs newsletter Round 569 by Pierluigi Paganini INTERNATIONAL EDITION

Mar 29, 2026 12:30 PM

Tags: email, group, international, iran, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ShinyHunters claims the hack of the European Commission Iran-linked group Handala hacked FBI Director Kash Patel’s…
ShinyHunters claims the hack of the European Commission

Mar 28, 2026 6:30 PM

Tags: communications, cybercrime, data, group, leak, mail, theft

The European Commission has allegedly been breached by ShinyHunters, with reported data dumps including content from mail servers. The European Commission has allegedly been breached by ShinyHunters, with reported data dumps including content from mail servers and internal communications systems. The cybercrime group added the Commission to its Tor data leak site, claiming the theft…
Lloyds Group to Compensate 450,000 Customers After App Glitch

Mar 28, 2026 3:30 PM

Tags: banking, data-breach, group

Lloyds Banking Group to compensate 450,000 customers after app glitch exposed data. Find out how the glitch affected… First seen on hackread.com Jump to article: hackread.com/lloyds-compensate-customers-app-glitch-exposed-data/
Iran-linked group Handala hacked FBI Director Kash Patel’s personal email account

Mar 28, 2026 12:31 PM

Tags: data, email, government, group, hacking, iran

Iran-linked group Handala claims it hacked FBI Director Kash Patel’s personal email, leaking files. The FBI says no government data was exposed. Iran-linked hacking group Handala claims it breached FBI Director Kash Patel’s personal Gmail account and shared alleged data, including photos and files. The FBI confirmed it is aware of the incident and has…
TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Mar 28, 2026 10:31 AM

Tags: cybersecurity, email, exploit, group, phishing, russia, spear-phishing, threat

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices.The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under…
TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Mar 28, 2026 9:31 AM

Tags: cybersecurity, data-breach, email, exploit, group, phishing, russia, spear-phishing, threat

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices.The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under…
Iran-Linked Threat Group Hacks FBI Director Kash Patel’s Personal Email

Mar 27, 2026 10:30 PM

Tags: attack, data, email, group, iran, leak, threat

Iran-linked threat group Handala hacked into the personal email account of FBI Director Kash Patel, posting photos of him and links to documents found in the account. The DOJ confirmed the attack, which the bad actors said was in relation for the FBI’s seizure of several of its data leak websites a week ago. First…
European Parliament rejects extension of CSAM scanning rules for tech platforms

Mar 27, 2026 10:30 PM

Tags: group, law

The 311 members of Parliament who voted against an extension did so despite strong support from law enforcement, children’s rights groups, German Chancellor Friedrich Merz, several European commissioners and a half dozen big tech companies to allow the scans to continue. First seen on therecord.media Jump to article: therecord.media/eu-parliament-rejects-csam-scanning-extension
FBI confirms theft of director’s personal emails by Iran-linked hacking group

Mar 27, 2026 10:30 PM

Tags: email, government, group, hacking, iran, risk, theft

An FBI spokesperson told Recorded Future News that the information is “historical in nature and involves no government information,” adding that the agency has “taken all necessary steps to mitigate potential risks associated with this activity.” First seen on therecord.media Jump to article: therecord.media/fbi-confirms-theft-of-directors-personal-emails-iran-group
Iranian hackers claim breach of FBI director Kash Patel’s personal email account

Mar 27, 2026 10:30 PM

Tags: breach, email, government, group, hacker, hacking, iran

Handala, a pro-Iranian hacking group allegedly working for Iran’s government, published emails it said were taken from the Gmail account of FBI director Kash Patel. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/27/iranian-hackers-claim-breach-of-fbi-director-kash-patels-personal-email-account/
China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks

Mar 27, 2026 10:30 PM

Tags: apt, china, espionage, government, group, middle-east, network, spy, threat

China-linked Red Menshen APT group used stealthy BPFDoor implants in telecom networks to spy on government targets. Rapid7 Labs uncovered a China-linked threat group known as Red Menshen has been running a long-term espionage campaign by infiltrating telecom networks, mainly in the Middle East and Asia. Active since at least 2021, the group uses highly…
TeamPCP Hackers Focus on AI Developers, Planting Malicious Code to Disrupt Projects

Mar 27, 2026 10:30 PM

Tags: ai, attack, credentials, cyber, exploit, group, hacker, intelligence, malicious, security-incident, supply-chain, threat, tool

The FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor group TeamPCP. The hackers successfully compromised two widely used developer tools, creating a cascading security incident for organizations building artificial intelligence software. By exploiting weak credential management and leveraging AI-assisted coding, the group distributed malicious…
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware

Mar 27, 2026 10:30 PM

Tags: attack, cyber, group, ransomware, russia, threat, ukraine, windows

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker.”Bearlyfy (also known as Labubu) operates as a dual-purpose group aimed at inflicting maximum damage upon Russian…
LiteLLM Hit in Cascading Supply-Chain Attack

Mar 26, 2026 11:49 PM

Tags: attack, backdoor, breach, credentials, exploit, group, hacker, malicious, malware, pypi, supply-chain, theft, threat, tool

Stolen Credentials From Trivy Breach Let Hackers Push Malware to PyPI. Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing developers to credential theft, persistent backdoors and lateral movement tools within hours of publication. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/litellm-hit-in-cascading-supply-chain-attack-a-31210
Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection

Mar 26, 2026 7:47 PM

Tags: access, ai, attack, business, chatgpt, corporate, cyber, cybersecurity, data, data-breach, defense, detection, google, group, injection, LLM, malicious, monitoring, openai, privacy, risk, strategy, threat, unauthorized

Tenable One’s new Model Refusal Detection turns an LLM’s refusal to execute a risky or suspicious prompt into a high-fidelity early warning signal. It helps you uncover and stop prompt injection attacks, insider threats, and other risky user behaviors before they escalate into a breach. Key takeaways: AI has shifted traditional cyber detection methods away…
Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware

Mar 26, 2026 5:46 PM

Tags: cyberattack, group, hacker, ransomware, russia, tool, ukraine

A pro-Ukrainian hacker group known as Bearlyfy has carried out more than 70 cyberattacks against Russian companies over the past year and is now escalating its campaign with newly developed ransomware tools, researchers have found. First seen on therecord.media Jump to article: therecord.media/ransomware-ukraine-russia-bearlyfy
New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy Malware

Mar 26, 2026 4:47 PM

Tags: attack, cyber, exploit, group, macOS, malware, threat, windows

Threat actors are standardizing a powerful ClickFix-based attack that abuses the Windows Run dialog box and macOS Terminal to deliver malware while sidestepping traditional browser protections. Insikt Group has tracked five distinct ClickFix activity clusters active since at least May 2024, with lures impersonating brands such as Intuit QuickBooks and Booking.com. Using Recorded Future’s HTML…
Critical Ivanti EPMM Vulnerabilities Expose Systems to Arbitrary Code Execution Attacks

Mar 26, 2026 1:46 PM

Tags: attack, cyber, data, endpoint, exploit, group, incident response, ivanti, mobile, remote-code-execution, threat, vulnerability, zero-day

In February 2026, threat actors actively exploited two critical remote code execution (RCE) vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). A recent incident response investigation by WithSecure’s STINGR Group revealed that attackers used highly automated methods to exfiltrate sensitive data from compromised servers within seconds. These zero-day vulnerabilities allow unauthenticated attackers to execute arbitrary code…
Silver Fox Tax Audit Phishing Campaign Shifts from RATs to Python Stealers

Mar 26, 2026 1:46 PM

Tags: apt, backdoor, china, cyber, cybercrime, exploit, group, intelligence, monitoring, phishing, rat, threat, vulnerability

Threat intelligence teams have tracked Silver Fox (also known as Void Arachne), a China-based intrusion set that sits at the intersection of financially motivated cybercrime and APT-style espionage. Originally associated with large-scale, profit-driven campaigns, the group has steadily adopted more advanced tradecraft, including modular backdoors, rootkits, and the exploitation of vulnerable drivers. TDR’s monitoring between…
Iran-Linked Pay2Key Ransomware Group Re-Emerges

Mar 26, 2026 12:47 PM

Tags: group, iran, ransomware

Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iranlinked-pay2key-ransomware/
Fake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware Attack

Mar 26, 2026 11:46 AM

Tags: attack, backdoor, china, cyber, group, malware

Fake screenshot links are being used to quietly deploy a multi”‘stage backdoor against Web3 customer support teams, in a campaign assessed to be linked to the Chinese financially motivated group APT”‘Q”‘27 (GoldenEyeDog). The operation abuses live chat workflows, signed .NET loaders, AWS S3 dead drops, and DLL sideloading to land a memory”‘resident Farfli backdoor that…
Administrative Cooperation Group – BSI erhält Vorsitz für Zusammenarbeit für CRA

Mar 26, 2026 10:46 AM

Tags: bsi, group

First seen on security-insider.de Jump to article: www.security-insider.de/bsi-vorsitz-adco-cra-cyber-resilience-act-eu-a-5907dc9212ff26e3cd44fd28fd98fdb1/
Administrative Cooperation Group – BSI erhält Vorsitz für Zusammenarbeit für CRA

Mar 26, 2026 10:46 AM

Tags: bsi, group

First seen on security-insider.de Jump to article: www.security-insider.de/bsi-vorsitz-adco-cra-cyber-resilience-act-eu-a-5907dc9212ff26e3cd44fd28fd98fdb1/
Administrative Cooperation Group – BSI erhält Vorsitz für Zusammenarbeit für CRA

Mar 26, 2026 10:46 AM

Tags: bsi, group

First seen on security-insider.de Jump to article: www.security-insider.de/bsi-vorsitz-adco-cra-cyber-resilience-act-eu-a-5907dc9212ff26e3cd44fd28fd98fdb1/
Administrative Cooperation Group – BSI erhält Vorsitz für Zusammenarbeit für CRA

Mar 26, 2026 10:46 AM

Tags: bsi, group

First seen on security-insider.de Jump to article: www.security-insider.de/bsi-vorsitz-adco-cra-cyber-resilience-act-eu-a-5907dc9212ff26e3cd44fd28fd98fdb1/