Tag: intelligence
-
Tor-Based Clipper Malware Targets Wallet Seed Phrases
USB .lnk malware steals crypto via clipboard hijack, replaces wallet addresses, steals seed phrases, and screenshots. Microsoft Threat Intelligence has been tracking a clipboard-stealing malware (Clipper) campaign since February 2026 that targets cryptocurrency wallets. A clipper is a type of malicious software that monitors and manipulates your clipboard, the temporary memory where data is stored…
-
Attackers Steal Salesforce Data From Klue Battlecards Users
CRM Data Theft Tied to OAuth Tokens Stolen From Third-Party Market Intelligence App. Salesforce disabled connections to its customer relationship management environment from third-party app Klue Battlecards as a response to a security incident. Attackers breached Klue’s platform, generated OAuth tokens for Salesforce and stole data, now being held to ransom. First seen on govinfosecurity.com…
-
Klue OAuth breach linked to ‘Icarus’ Salesforce data theft attacks
Market intelligence platform Klue suffered a OAuth breach that enabled the “Icarus” threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/klue-oauth-breach-linked-to-icarus-salesforce-data-theft-attacks/
-
145 Mastra npm Packages Compromised via Hijacked Contributor Account
As many as 145 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, OX Security, SafeDep, Socket, StepSecurity, and Synk.”A single npm account (…
-
Turn underground intelligence into actionable security
Tags: intelligenceFirst seen on scworld.com Jump to article: www.scworld.com/perspective/turn-underground-intelligence-into-actionable-security
-
Mastra AI Framework Poisoned in npm Supply-Chain Attack
Microsoft-Owned GitHub, Which Runs npm, Previews Supply-Chain Security Fixes. The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation pipelines, has been poisoned by attackers, and Microsoft-owned GitHub has advised all developers to downgrade Mastra, pending compromised packages being found and eradicated. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mastra-ai-framework-poisoned-in-npm-supply-chain-attack-a-32003
-
Hostile states behind three-quarters of attacks on Britain’s critical infrastructure, cyber chief warns
NCSC CEO Richard Horne warned that “kinetic targeting in any conflict tomorrow will be based on intelligence gathered today” and that nation-state adversaries were “prepositioning” throughout British critical infrastructure. First seen on therecord.media Jump to article: therecord.media/britain-nation-state-cyberattacks-richard-horne-rusi
-
SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies
Austin, TX, USA, June 17th, 2026, CyberNewswire New SpyCloud research highlights the expansion of phishing attacks as AI and phishing-as-a-service fuel enterprise targeting. SpyCloud, the leader in identity threat protection, today released its 2026 Phishing Pulse Report, revealing that phishing attacks continue to increase in both volume and sophistication for enterprise organizations as artificial intelligence…
-
SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies
Austin, TX, USA, June 17th, 2026, CyberNewswire New SpyCloud research highlights the expansion of phishing attacks as AI and phishing-as-a-service fuel enterprise targeting. SpyCloud, the leader in identity threat protection, today released its 2026 Phishing Pulse Report, revealing that phishing attacks continue to increase in both volume and sophistication for enterprise organizations as artificial intelligence…
-
Everpure aims to bridge AI data gap with Universal Data Intelligence
Storage-to-data-management firm expands Enterprise Data Cloud at Accelerate 2026 with OneTouch integration and AI pipeline automation to combat enterprise data sprawl First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644438/Everpure-aims-to-bridge-AI-data-gap-with-Universal-Data-Intelligence
-
ESET MDR vs Sophos MDR: Compared Time to discover and respond to a threat
A detailed ESET MDR vs Sophos MDR comparison covering tiers, response speed, coverage, threat intelligence, pricing, and breach warranties to help you choose. First seen on hackread.com Jump to article: hackread.com/eset-mdr-vs-sophos-mdr/
-
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Cybersecurity researchers have flagged a “coordinated malware campaign” on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys.”Every plugin poses as an AI coding assistant built on DeepSeek and other large language models, offering chat, commit messages, code review, bug finding, and unit tests,”…
-
144 Mastra npm Packages Compromised via Hijacked Contributor Account
As many as 144 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity.”A single npm account (ehindero) mass-published more First seen on…
-
Anonymized infrastructure complicates IP intelligence for security teams
First seen on scworld.com Jump to article: www.scworld.com/brief/anonymized-infrastructure-complicates-ip-intelligence-for-security-teams
-
Anonymized infrastructure complicates IP intelligence for security teams
First seen on scworld.com Jump to article: www.scworld.com/brief/anonymized-infrastructure-complicates-ip-intelligence-for-security-teams
-
Anonymized infrastructure complicates IP intelligence for security teams
First seen on scworld.com Jump to article: www.scworld.com/brief/anonymized-infrastructure-complicates-ip-intelligence-for-security-teams
-
Chinese Espionage Actor Abuses Email Rules to Steal Research Data
Tags: china, compliance, credentials, data, email, espionage, google, group, intelligence, malware, threatThreat Actor Silently Forwarded Sensitive Emails Matching Strategic Topics. Google says Chinese espionage group UNC6508 compromised REDCap environments at North American research institutions, deployed custom malware, stole credentials and covertly forwarded strategically relevant emails through abused compliance rules to support long-term intelligence collection. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-espionage-actor-abuses-email-rules-to-steal-research-data-a-31993
-
Restore Fable and Mythos Access, Cybersecurity Leaders Urge
Experts Say White House Export Ban Risks Adoption Boost for China’s AI Alternatives. New export controls on artificial intelligence startup Anthropic’s Fable 5 and Mythos large language models, over their vulnerability-discovery capabilities, must be lifted, not least because Chinese models will soon offer equal capabilities, cybersecurity experts warned the Trump administration. First seen on govinfosecurity.com…
-
Hackers Exploit Critical Fortinet FortiSandbox Flaws in Active Attacks
Security researchers have reported active exploitation attempts targeting multiple critical vulnerabilities in Fortinet FortiSandbox appliances, raising concerns about potential compromises in enterprise security infrastructure. According to threat intelligence shared by Defused Cyber, attackers have started leveraging newly disclosed flaws, including CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089, within the last 24 hours. Critical Fortinet FortiSandbox Flaws FortiSandbox is…
-
Hackers Exploit Critical Fortinet FortiSandbox Flaws in Active Attacks
Security researchers have reported active exploitation attempts targeting multiple critical vulnerabilities in Fortinet FortiSandbox appliances, raising concerns about potential compromises in enterprise security infrastructure. According to threat intelligence shared by Defused Cyber, attackers have started leveraging newly disclosed flaws, including CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089, within the last 24 hours. Critical Fortinet FortiSandbox Flaws FortiSandbox is…
-
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms.Yet despite this abundance of information, many organizations continue to face a fundamental challenge: sifting through the noise to understand who is behind…
-
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber.In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours.CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability in FortiSandbox JRPC API that could First…
-
Critical Fortinet FortiSandbox flaws now exploited in attacks
Attackers are now exploiting several critical vulnerabilities in Fortinet’s FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-fortinet-fortisandbox-flaws-now-exploited-in-attacks/
-
Critical Fortinet FortiSandbox flaws now exploited in attacks
Attackers are now exploiting several critical vulnerabilities in Fortinet’s FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-fortinet-fortisandbox-flaws-now-exploited-in-attacks/
-
China-linked actor spent two years inside medical research networks
Tags: china, credentials, cyberespionage, email, google, group, intelligence, military, network, threatChina’s UNC6508 hid in North American medical research networks for 2 years, stealing credentials and forwarding emails to Gmail Google’s Threat Intelligence Group published a report this week on UNC6508, a China-linked cyberespionage group that breached North American medical and military research organizations and stayed hidden for more than two years. The earliest confirmed intrusion…
-
ShinyHunters Hits Universities Via Oracle Zero-Day
Mandiant: 68% of Targets Were Higher Ed Institutions Running PeopleSoft. ShinyHunters exploited a critical zero-day in Oracle PeopleSoft to breach more than 100 organizations globally, researchers at Mandiant and Google’s Threat Intelligence Group said, with universities and colleges accounting for the majority of confirmed targets in the active extortion campaign. First seen on govinfosecurity.com Jump…
-
15th June Threat Intelligence Report
The University of Nottingham, a UK research university, has suffered a data breach after ShinyHunters accessed its student records system. The incident affected about 454,600 current and former students and exposed contact details, […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/15th-june-threat-intelligence-report/
-
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data
Threat intelligence sources have flagged a potential cybersecurity incident involving Nintendo after threat actor “SHADOWBYT3$” allegedly claimed responsibility for breaching internal systems and exfiltrating sensitive data. The claim surfaced on June 13, 2026, via underground monitoring channels and was later amplified by threat intelligence platform Hackmanac. At the time of writing, the incident remains unverified,…
-
Google Sues Operators of AI-Powered ‘Outsider’ Phishing Kit Linked to 1.5 Million URLs
Google has launched a lawsuit against the operators behind the Outsider AI phishing kit. This alleged AI phishing kit, the company says, has been used to create convincing phishing websites using artificial intelligence tools, including Google’s Gemini. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/google-sues-outsider-ai-phishing-kit/