Tag: intelligence
-
Dutch intelligence agencies report country was targeted by Chinese cyber spies
The Netherlands announced on Thursday that it was targeted by a Chinese cyber-espionage campaign tracked as Salt Typhoon and RedMike that has been compromising critical infrastructure globally. First seen on therecord.media Jump to article: therecord.media/dutch-intelligence-cyber-spies-salt
-
Microsoft Unveils Storm-0501’s Cloud-Based Ransomware Deployment Tactics
Tags: backup, cloud, cyber, data, encryption, endpoint, exploit, intelligence, malware, microsoft, ransom, ransomware, tactics, threatMicrosoft Threat Intelligence has detailed the evolving tactics of the financially motivated threat actor Storm-0501, which has transitioned from traditional on-premises ransomware deployments to sophisticated cloud-based operations. Unlike conventional ransomware that relies on endpoint encryption malware and subsequent decryption key negotiations, Storm-0501 exploits cloud-native capabilities to exfiltrate massive data volumes, obliterate backups, and enforce ransom…
-
Chinese State Hackers Target Global Critical Infrastructure, NSA Warns
A coalition of cybersecurity and intelligence agencies from across the globe, including the United States National Security Agency (NSA), has issued a joint advisory revealing ongoing cyber intrusions by State-Sponsored Actors linked to the Chinese government. These actors are allegedly targeting critical infrastructure networks around the world in a broad and persistent campaign of cyber…
-
China linked UNC6384 targeted diplomats by hijacking web traffic
The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…
-
UNC6395 targets Salesloft in Drift OAuth token theft campaign
Hackers breached Salesloft to steal OAuth/refresh tokens for Drift AI chat; GTIG and Mandiant link the campaign to threat actor UNC6395. Google Threat Intelligence Group and Mandiant researchers investigate a large-scale data theft campaign carried out to hack the sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat…
-
Someone Created the First AI-Powered Ransomware Using OpenAI’s gpt-oss:20b Model
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock.Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time. The open-weight language model was released by OpenAI earlier this month.”PromptLock First seen on thehackernews.com…
-
NSA, FBI, Others Say Chinese Tech Firms are Aiding Salt Typhoon Attacks
A report from intelligence agencies in the U.S., UK, and elsewhere outlined how three Chinese tech firms are supply China’s intelligence services with products and services that are being used in global campaigns by the state-sponsored APT group Salt Typhoon. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/nsa-fbi-others-say-chinese-tech-firms-are-aiding-salt-typhoon-attacks/
-
Can AI make threat intelligence easier? One platform thinks so
When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They were manually tracking … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/28/feedly-threat-intelligence/
-
7 Anzeichen für akuten MSSP-Bedarf
Tags: best-practice, ceo, ciso, compliance, cyber, cybersecurity, data, incident, incident response, intelligence, mssp, service, soc, software, threat, tool, updateManaged Security Service Provider können das Sicherheitsniveau nachhaltig steigern.Ein Managed Security Service Provider (MSSP) bietet seinen Kunden ein umfassendes Spektrum an Sicherheits-Services. Als Drittanbieter kann ein MSSP die Arbeitsbelastung der internen IT-Teams deutlich reduzieren und Zeit freisetzen, um sich mit essenziellen Unternehmensprozessen und strategischen Überlegungen auseinanderzusetzen. Darüber hinaus kann ein MSSP unter anderem auch dazu…
-
Anthropic detects the inevitable: genAI-only attacks, no humans involved
Tags: ai, attack, business, ciso, control, cybercrime, cybersecurity, defense, dns, infrastructure, injection, intelligence, malicious, malware, open-source, openai, RedTeam, threat, tool, warfarenot find.”There is potentially a lot of this activity we’re not seeing. Anthropic being open about their platform being used for malicious activities is significant, and OpenAI has recently shared the same as well. But will others open up about what is already likely happening?” Brunkard asked. “Or maybe they haven’t shared because they don’t…
-
The Career Delta: Navigating AI, Cybersecurity and Change
Concerns About Enterprise AI Are Opening New Opportunities for Problem-Solvers Some organizations are hesitant about implementing artificial intelligence tools in their enterprises because of accuracy, security and privacy concerns. That hesitation creates opportunities for professionals who can bridge the gap between technical potential and practical deployment. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/career-delta-navigating-ai-cybersecurity-change-p-3930
-
Someone Created First AI-Powered Ransomware Using OpenAI’s gpt-oss:20b Model
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock.Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time. The open-weight language model was released by OpenAI earlier this month.”PromptLock First seen on thehackernews.com…
-
Allied spy agencies blame 3 Chinese tech companies for Salt Typhoon attacks
The three companies were accused of providing “cyber-related products and services to China’s intelligence services, including multiple units in the People’s Liberation Army and Ministry of State Security” since at least 2021, according to the advisory. First seen on therecord.media Jump to article: therecord.media/allied-spy-agencies-blame-chinese-companies-salt-typhoon
-
Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025.”The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions,” the company said. “ First seen on…
-
DDoS Threat Intelligence Report von Netscout – NoName057(16) treibt Zahl der DDoS-Angriffe in die Höhe
First seen on security-insider.de Jump to article: www.security-insider.de/netscout-bericht-ddos-attacken-2025-a-9010a88718afac17e633c6ab372cef4d/
-
VulnCheck Shifts To Channel-Focused Model For Exploit Intelligence Offering
VulnCheck launched its first formal partner program Wednesday to drive the next phase of growth for its exploit intelligence offering, which aims to provide greater automation for cyber defense, according to Founder and CEO Anthony Bettini. First seen on crn.com Jump to article: www.crn.com/news/security/2025/vulncheck-shifts-to-channel-focused-model-for-exploit-intelligence-offering
-
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent.The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group and Mandiant, tracked as UNC6395.”Beginning as…
-
Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025.These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity under…
-
China linked Silk Typhoon targeted diplomats by hijacking web traffic
The China-linked APT group Silk Typhoon targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group Silk Typhoon targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an…
-
Hackers Abuse Compromised OAuth Tokens to Access and Steal Salesforce Corporate Data
Google Threat Intelligence Group (GTIG) has issued an advisory concerning a broad data theft operation targeting corporate Salesforce instances via the Drift integration. Beginning as early as August 8, 2025, UNC6395 leveraged valid access and refresh tokens associated with the Salesloft Drift app to connect as an authenticated connected app user, executing large-scale SOQL queries…
-
Google Threat Intelligence Exposes UNC6384’s Stealthy Espionage Campaign
The post Google Threat Intelligence Exposes UNC6384’s Stealthy Espionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/google-threat-intelligence-exposes-unc6384s-stealthy-espionage-campaign/
-
Broadcom Extends Reach and Scope of Cybersecurity Portfolio
Tags: ai, communications, compliance, conference, cybersecurity, framework, intelligence, technology, update, vmware, zero-trustBroadcom today added a slew of cybersecurity updates, including a technology preview of an update to VMware vDefend that secures communications between artificial intelligence (AI) agents, promising to improve overall resiliency and automate compliance workflows. Announced at the VMware Explore 2025 conference, the update to vDefend introduces a zero-trust framework for AI agents. Additionally, Broadcom..…
-
How ACI Worldwide Plans to Take APP Scams Head-On – Part 1
ACI Worldwide’s Signals Network Intelligence Technology Promises to Fight APP Scams. Real-time payments are set to boost global GDP by $285.8 billion and bring 167 million people into the financial system by 2028. ACI Worldwide says real-time fraud prevention is key to protecting these gains. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/how-aci-worldwide-plans-to-take-app-scams-head-on-part-1-a-29293
-
Chinese UNC6384 Hackers Use Valid Code-Signing Certificates to Evade Detection
Google Threat Intelligence Group (GTIG) has uncovered a multifaceted cyber espionage operation attributed to the PRC-nexus threat actor UNC6384, believed to be associated with TEMP.Hex (also known as Mustang Panda). This campaign, aligned with China’s strategic interests, primarily targeted diplomats in Southeast Asia alongside global entities, employing advanced tactics such as adversary-in-the-middle (AitM) attacks, captive…
-
The Enterprise Risk of OAuth Device Flow Vulnerabilities And How SSOJet Solves It
SSOJet delivers far more than “just SSO”: we give your team the visibility, control, and security intelligence needed to defeat device flow phishing and build a future-proof identity management framework. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/the-enterprise-risk-of-oauth-device-flow-vulnerabilities-and-how-ssojet-solves-it/
-
Behind the Coinbase breach: Bribery emerges as enterprise threat
Coinbase’s widely praised incident response: Coinbase’s transparency, firm stance against the ransom, quick remediation, and willingness to compensate its customers earned wide praise from cybersecurity professionals.According to Coinbase’s Martin, the hackers resorted to paying help desk workers in India precisely because the company had built such a robust security program. Bribery, according to Martin, was…
-
Das kostet ein Data Breach 2025
Tags: ai, api, breach, ciso, cyberattack, cyersecurity, data, data-breach, germany, ibm, infrastructure, intelligence, ransomware, risk, security-incident, siem, supply-chain, threat, usa, vulnerabilityLaut einer aktuellen Studie liegen die durchschnittlichen Kosten einer Datenpanne in Deutschland bei 3,87 Millionen Euro.Laut dem aktuellen ‘Cost of a Data Breach”- Report von IBM sind die Kosten einer Datenpanne in Deutschland auf 3,87 Millionen Euro (ca. 4,03 Millionen Dollar) pro Vorfall gesunken im Vorjahr lagen sie noch bei 4,9 Millionen Euro (ca. 5,31…
-
Hackers Scan Over 1,000 IPs to Target Microsoft Remote Desktop Web Access
A sophisticated scanning campaign has escalated dramatically, with threat intelligence firm GreyNoise detecting over30,000 unique IP addressessimultaneously probing Microsoft Remote Desktop Protocol (RDP) services on August 24, 2024. This represents a significant expansion from an initial wave of nearly 2,000 IPs observed just three days earlier, marking one of the largest coordinated RDP reconnaissance operations…