Tag: mandiant
-
AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns
AI tools are not just creating new vulnerabilities, they are reviving old security failures, warned Jurgen Kutscher, VP of Mandiant Consulting First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-old-cybersecurity-mistakes/
-
Your MTTD Looks Great. Your Post-Alert Gap Doesn’t
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike’s 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant’s M-Trends 2026 First seen…
-
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
9th, 2026, CyberNewswire Built by a veteran security team and led by a former Google and Mandiant executive, Mallory delivers intelligence that drives action for enterprise security teams. Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: The platform monitors thousands of threat…
-
Mandiant veröffentlicht M-Trends Report 2026: Mittels KI konnten Angreifer Operationen ausweiten
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/mandiant-veroeffentlichung-m-trends-report-2026-ki-angreifer-operationen-ausweitung
-
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
Tags: access, breach, business, ceo, control, credentials, extortion, github, incident response, Internet, malicious, mandiant, open-source, saas, software, supply-chain, theft, updateA pattern of persistent access: This is the second compromise affecting the Trivy ecosystem within roughly a month. Socket identified compromised Aqua Trivy VS Code extension releases on OpenVSX in late February, and now trivy-action, Trivy’s official GitHub Action for running scans in CI/CD workflows, has been abused through manipulated version tags to distribute malicious…
-
Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack
Attackers compromised the open-source security tool and published malicious versions of the software. Mandiant warns the fallout could impact up to 10,000 downstream victims. First seen on cyberscoop.com Jump to article: cyberscoop.com/trivy-supply-chain-attack-aqua-downstream-extortion-fallout/
-
Attackers are handing off access in 22 seconds, Mandiant finds
Exploits remain the leading entry point for attackers for the sixth consecutive year, according to Mandiant’s M-Trends 2026 report, which draws on more than 500,000 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/24/mandiant-m-trends-2026-report/
-
High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports
High tech was the most frequently targeted industry in Mandiant investigations in 2025, overtaking financial services which led in 2023 and 2024 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/high-tech-top-target-cyberattacks/
-
The phone call is the new phishing email
Voice-based phishing was at the root of multiple attack sprees Mandiant responded to last year, reflecting a concerning shift in tactics. First seen on cyberscoop.com Jump to article: cyberscoop.com/social-engineering-surge-intrusion-vector-mandiant-m-trends/
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
Google Warns of AI”‘Driven Adaptive Malware Rewriting Its Own Code
The cybersecurity landscape experienced a major shift in 2025 as threat actors transitioned from experimenting with artificial intelligence to fully integrating it into real-world cyber operations. According to new insights from the Google Threat Intelligence Group (GTIG) and Mandiant, attackers are now deploying adaptive malware and autonomous AI agents that dynamically modify their behavior during…
-
Mandiant’s founder just raised $190M for his autonomous AI agent security startup
Mandia, who sold his previous company Mandiant to Google for $5.4 billion in 2022, has launched an agentic security startup. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/10/mandiants-founder-just-raised-190m-for-his-autonomous-ai-agent-security-startup/
-
ShinyHunters claims more high-profile victims in latest Salesforce customers data heist
And they abused a Mandiant-developed open source tool in the attacks First seen on theregister.com Jump to article: www.theregister.com/2026/03/09/shinyhunters_claims_more_highprofile_victims/
-
New Menlo Security CEO Eyes Agentic AI Runtime Protection
Former Mandiant Executive Bill Robbins Targets Browser-Based AI Security Growth. New CEO Bill Robbins said Menlo Security will boost growth by focusing on securing agentic AI runtimes through the browser, leveraging its visibility into web sessions to prevent prompt injection, malware and data loss. He also plans to sustain 40% plus revenue growth and drive…
-
China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries
Tags: access, api, apt, china, cloud, communications, cyber, cyberespionage, data, defense, endpoint, espionage, google, government, group, hacker, infrastructure, intelligence, linux, mandiant, monitoring, network, phone, radius, service, spy, theft, threat, vpnHow Mandiant found it: The campaign came to light during a Mandiant Threat Defense investigation, when analysts flagged unusual activity on a CentOS server. A binary named xapt, designed to masquerade as the apt package manager on Debian-based Linux systems, had already escalated to root and was running shell commands to confirm its access level,…
-
Google Disrupts Chinese Hacker Network Behind 53 Telecom, Gov’t Breaches
Tags: breach, china, cyber, espionage, google, government, group, hacker, infrastructure, intelligence, mandiant, network, threatGoogle and its partners have disrupted a major Chinese state-linked cyber espionage campaign that breached at least 53 telecommunications and government entities across 42 countries on four continents. The operation, led by Google Threat Intelligence Group (GTIG) alongside Mandiant and industry partners, dismantled the infrastructure of a suspected People’s Republic of China (PRC) nexus group…
-
Chinese cyberspies breached dozens of telecom firms, govt agencies
Google’s Threat Intelligence Group (GTIG), Mandiant, and partners disrupted a global espionage campaign attributed to a suspected Chinese threat actor that used SaaS API calls to hide malicious traffic in attacks targeting telecom and government networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-cyberspies-breached-dozens-of-telecom-firms-govt-agencies/
-
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
Pivot techniques: In addition to the payloads themselves, the investigation also revealed new techniques. For example, the legitimate shell script convert_hosts.sh that exists on these appliances has been modified to include the path of the backdoors to achieve persistence.The SLAYSTYLE web shell, which is designed to receive commands over HTTP and execute them on the…
-
China-linked APT weaponized Dell RecoverPoint zero-day since 2024
A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. >>Mandiant and Google Threat Intelligence Group (GTIG) have identified…
-
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
Tags: china, credentials, cve, exploit, google, group, intelligence, mandiant, threat, vulnerability, zero-dayA maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG).The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials…
-
Chinese APT Group Exploits Dell Zero-Day for Two Years
Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-apt-exploits-dell-zeroday/
-
Zero-Day in Dell RecoverPoint Exploited by Chinese Hacker Group
A critical zero-day vulnerability, tracked as CVE-2026-22769, is being actively exploited in Dell Technologies’ RecoverPoint for Virtual Machines. According to Mandiant and Google Threat Intelligence Group (GTIG), the flaw carries a perfect score severity score of 10, and has been weaponized by a Chinese threat cluster, identified as UNC6201. First seen on thecyberexpress.com Jump to…
-
Dell 0-Day Vulnerability Targeted by Chinese Hackers Since Mid-2024 for Ongoing Malware Campaign
A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been actively exploited by Chinese state-sponsored hackers since mid-2024. Mandiant and Google Threat Intelligence Group (GTIG) attribute this campaign to UNC6201, a threat cluster with significant overlaps to the group known as Silk Typhoon. The vulnerability, tracked as CVE-2026-22769, carries a maximum CVSS score of 10.0, allowing attackers to gain…
-
Dell 0-Day Vulnerability Targeted by Chinese Hackers Since Mid-2024 for Ongoing Malware Campaign
A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been actively exploited by Chinese state-sponsored hackers since mid-2024. Mandiant and Google Threat Intelligence Group (GTIG) attribute this campaign to UNC6201, a threat cluster with significant overlaps to the group known as Silk Typhoon. The vulnerability, tracked as CVE-2026-22769, carries a maximum CVSS score of 10.0, allowing attackers to gain…
-
Microsoft Urges Users to Finally Ditch NTLM Authentication
Seeking to Add Urgency, Mandiant Publishes Rainbow Tables for NTLM Key Hashes. For nearly 30 years, security experts have warned organizations to ditch the weak NTLM authentication protocol in Windows. But its use persists, even amidst easy and active exploits. Now Google has published rainbow tables for NTLMv1. Will this finally drive holdout organizations to…
-
ShinyHunters Leads Surge in Vishing Attacks to Steal SaaS Data
Several threat clusters are using vishing in extortion campaigns that include tactics that are consistent with those used by high-profile threat group ShinyHunters. They are stealing SSO and MFA credentials to access companies’ environments and steal data from cloud applications, according to Mandiant researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/shinyhunters-leads-surge-in-vishing-attacks-to-steal-saas-data/