Tag: intelligence
-
Iranian Hackers Posing as Model Agency to Target Victims
Unit 42, the threat intelligence arm of Palo Alto Networks, has exposed a covert operation likely orchestrated by Iranian cyber actors. The campaign involves a fraudulent website, megamodelstudio[.]com, meticulously designed to impersonate the Hamburg-based Mega Model Agency. Cyberespionage Campaign Uncovered Registered on February 18, 2025, and hosted at IP address 64.72.205[.]32 since March 1, 2025,…
-
Russian COLDRIVER Hackers Deploy LOSTKEYS Malware to Steal Sensitive Information
The Google Threat Intelligence Group (GTIG) has uncovered a sophisticated new malware dubbed LOSTKEYS, attributed to the Russian government-backed threat actor COLDRIVER, also known as UNC4057, Star Blizzard, and Callisto. Active since at least December 2023, with significant campaigns observed in January, March, and April 2025, LOSTKEYS represents a notable evolution in COLDRIVER’s toolkit, which…
-
OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts
OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically designed to address this need-delivering robust capabilities for cyber threat intelligence (CTI) management and analysis. Created by Filigran, OpenCTI allows organizations to structure, store, and visualize both technical details (like Tactics, Techniques, and Procedures-TTPs-and observables) and non-technical information (such as attribution…
-
Why Identity Signals Are Replacing IOCs in Threat Intelligence
The CISO’s View: Too Many Alerts, Too Little Context Imagine a SOC analyst under pressure. Their screen is filled with IP addresses, malware hashes, geolocations, login alerts, and thousands of other signals. It’s a flood of noise. IOCs used to be the gold standard for cyber threat detection, but today? Attackers don’t need malware or……
-
Google Uncovers LOSTKEYS Malware Used by Russian COLDRIVER for Cyber Espionage
In a concerning escalation of cyber-espionage activity, Google’s Threat Intelligence Group (GTIG) has revealed the emergence of a First seen on securityonline.info Jump to article: securityonline.info/google-uncovers-lostkeys-malware-used-by-russian-coldriver-for-cyber-espionage/
-
Hacker Exploits AI Art Tool to Steal 1.1TB of Disney Data
California Man Pleads Guilty to Two Felony Charges Related to Hacking Employee’s PC. A California man agreed to plead guilty to hacking a Disney employee’s personal computer and stealing over one terabyte of confidential company data. Authorities say the man posted a malicious artificial intelligence art application online and used it to steal an employee’s…
-
Bridging Cyber and Physical Threats
CISO Sean Atkinson on Proactive, Integrated Approach to Hybrid Threat Defense. Center for Internet Security CISO Sean Atkinson calls for integrated threat intelligence, stronger community collaboration, and enhanced playbooks to confront rising hybrid threats that exploit gaps across cybersecurity and physical domains. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/bridging-cyber-physical-threats-a-28314
-
Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years
Now the US director of national intelligence, Gabbard failed to follow basic cybersecurity practices on several of her personal accounts, leaked records reviewed by WIRED reveal. First seen on wired.com Jump to article: www.wired.com/story/tulsi-gabbard-dni-weak-password/
-
Nation-State Actors Continue to Exploit Weak Passwords, MFA
Trellix’s John Fokker Advises CISOs to Prioritize Patching, MFA, Network Visibility. Threat actors aren’t rushing to adopt AI tools to exploit vulnerabilities. They still prefer a victim with weak passwords, bad MFA, bad patching. It is the easiest way to make money for criminals so they don’t have to invest in AI, said John Fokker,…
-
AI Security, Safety Questions Dominate RSAC Conference 2025
‘Building Fast’ While ‘Building Competently’ Remains Key, Expert Says. Questions over the risk posed by artificial intelligence dominated discussions at this year’s RSAC Conference in San Francisco. Experts said that building models – at speed – that are secure and reliable remains essential for creating AI tools organizations will trust and want to adopt. First…
-
Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX
As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service are revolutionizing data retrieval with advanced fuzzy search and LLM-driven Retrieval Augmented Generation (RAG) capabilities. However, beneath the promise of efficiency lies a critical security concern: unintended data exposure. A recent analysis highlights how even tightly configured access and masking…
-
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks.The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command…
-
New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims
Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes).The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS threat intelligence firm Infoblox.The attacks have been observed to lure victims with bogus First seen on…
-
OpenAI Shifts For-Profit Branch to Public Benefit Corporation, Staying Under Nonprofit Oversight
Landmark organizational shift, OpenAI announced its transition from a capped-profit LLC to a Public Benefit Corporation (PBC) while maintaining governance under its original nonprofit structure. The move, detailed in a May 2025 letter from CEO Sam Altman, aims to balance scalable resource acquisition with the company’s mission of ensuring artificial general intelligence (AGI) benefits all…
-
New ClickFix Attack Imitates Ministry of Defence Website to Target Windows Linux Systems
Tags: attack, cyber, cyberattack, government, india, infection, intelligence, linux, malicious, malware, threat, windowsA newly identified cyberattack campaign has surfaced, leveraging the recognizable branding of India’s Ministry of Defence to distribute cross-platform malware targeting both Windows and Linux systems. Uncovered by threat intelligence researchers at Hunt.io, this operation employs a ClickFix-style infection chain, mimicking official government press release portals to lure unsuspecting users into executing malicious payloads. The…
-
Top tips for successful threat intelligence usage
Tags: ai, attack, automation, cloud, computing, data, ddos, detection, exploit, firewall, group, guide, incident response, infosec, infrastructure, intelligence, law, mitigation, network, phishing, siem, skills, soar, software, threat, tool, update, vulnerability, vulnerability-managementMake sure you don’t have more intel than you need: Next is the matching phase: the most sophisticated TIP may be overkill if you have a small infosec department with limited skills or have a relatively simple computing environment. According to this 2025 report from Greynoise, threat feeds must match your own environment in terms…
-
xAI Developer Accidentally Leaks API Key Granting Access to SpaceX, Tesla, and X LLMs
An employee at Elon Musk’s artificial intelligence venture, xAI, inadvertently disclosed a sensitive API key on GitHub, potentially exposing proprietary large language models (LLMs) linked to SpaceX, Tesla, and Twitter/X. Cybersecurity specialists estimate the leak remained active for two months, offering outsiders the capability to access and query highly confidential AI systems engineered with internal…
-
Top cybersecurity products showcased at RSA 2025
Tags: access, ai, attack, automation, awareness, breach, cisco, compliance, control, crowdstrike, cyber, cybersecurity, data, defense, detection, edr, email, firewall, fortinet, framework, identity, incident response, infrastructure, injection, intelligence, login, malicious, open-source, phishing, risk, siem, soc, threat, tool, training, update, vulnerability, zero-trustCisco: Foundational AI Security Model: Cisco introduced its Foundation AI Security Model, an open-source framework designed to standardize safety protocols across AI models and applications. This initiative aims to address the growing concerns around AI security and ensure Safer AI deployments. Cisco also unveiled new agentic AI features in its XDR and Splunk platforms, along…
-
How OSINT supports financial crime investigations
In this Help Net Security interview, Stuart Clarke, CEO at Blackdot Solutions, discusses the strategic use of open-source intelligence (OSINT) in tackling financial crime. He … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/05/stuart-clarke-blackdot-solutions-financial-crime-osint/
-
Criminals Are Using AI to Put a New Face on Old Schemes
FBI’s Cynthia Kaiser on How AI Is Helping to Evolve Cyberthreats. Artificial intelligence is changing the way people work, including cybercriminals and fraudsters. But instead of introducing new types of cybercrime, AI has enhanced existing criminal activities, said Cynthia Kaiser, deputy assistant director at the FBI. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/criminals-are-using-ai-to-put-new-face-on-old-schemes-a-28257
-
How China and North Korea Are Industrializing Zero-Days
Tags: china, cloud, corporate, cyberattack, exploit, google, group, hacker, intelligence, korea, north-korea, organized, threat, zero-dayGoogle Cloud’s Hultquist on How State Hackers Exploit Code and Corporate Hiring. John Hultquist, chief analyst at Google Threat Intelligence Group, Google Cloud, discussed how China and North Korea are transforming cyberattacks into organized, factory-like operations. Alongside zero-day exploits, North Korean IT operatives are quietly infiltrating Fortune 500 companies under false identities. First seen on…
-
Supervisory Tech Critical to Managing Agentic AI
EMC Advisors’ Edna Conway on Minimizing Risks of Agentic AI Through Oversight. Agentic artificial intelligence has the potential to transform businesses, but Edna Conway, chief executive officer of EMC Advisors, discusses the top risks associated with agentic AI solutions and why supervisory technologies are needed to monitor and control the technology. First seen on govinfosecurity.com…
-
The Double-Edged Sword of AI in Cybersecurity: Threats, Defenses the Dark Web Insights Report 2025
Check Point Research’s latest AI Security Report 2025 reveals a rapidly evolving cybersecurity landscape where artificial intelligence simultaneously presents unprecedented threats and defensive capabilities. The comprehensive investigation, which included dark web surveillance and insights from Check Point’s GenAI Protect platform, uncovers how AI technologies are being weaponized by threat actors while also enhancing security researchers’…
-
What is EDR? An analytical approach to endpoint security
Tags: access, android, antivirus, api, attack, automation, breach, cloud, corporate, data, defense, detection, edr, email, endpoint, firewall, incident response, infection, infosec, infrastructure, intelligence, Intruder, linux, macOS, malicious, malware, network, service, siem, soar, software, threat, tool, trainingEDR vs. antivirus: What’s the difference?: Antivirus software has similar goals to EDR, in that it aims to block malware from installing on and infecting endpoints (usually user PCs). The difference is that antivirus spots malicious activity by trying to match it to signatures, known patterns of code execution or behavior that the security community…