Tag: service
-
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites
A new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.pdb” strings, which Talos used to trace its development history. Evidence suggests the malware has been actively…
-
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites
A new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.pdb” strings, which Talos used to trace its development history. Evidence suggests the malware has been actively…
-
WantToCry Ransomware Exploits SMB to Encrypt Remote Files
A new ransomware campaign named “WantToCry” that leverages exposed Server Message Block (SMB) services to gain access and encrypt victim data without deploying traditional malware on compromised systems. This approach significantly reduces the detection surface, making it harder for conventional security tools to identify the attack. The name “WantToCry” appears to reference the infamous WannaCry…
-
Third-Party Risk Management Needs to Evolve
Annual vendor risk assessments are no longer enough as AI, cloud services, and fourth-party ecosystems rapidly expand risk exposure. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/third-party-risk-management-needs-to-evolve/
-
Check Point Validates AI-Driven Actions With Deepchecks Buy
Acquisition Focuses on Validating AI Agents, Models in Critical Security Workflows. Check Point said its acquisition of AI evaluation startup Deepchecks will help validate and monitor autonomous security agents, as enterprises increasingly rely on generative AI to manage critical network security operations without introducing hallucinations or service disruptions. First seen on govinfosecurity.com Jump to article:…
-
Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs
Microsoft disrupted the Fox Tempest operation after attackers abused Azure Artifact Signing to distribute malware disguised as trusted software. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-disrupts-malware-signing-service-used-by-ransomware-gangs/
-
Bulgaria fires up Google Cloud for national cyber security
The Bulgarian national systems integrator, BIS, has deployed Google Cloud’s Cybershield government security service as part of a national federated SOC deployment. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643458/Bulgaria-fires-up-Google-Cloud-for-national-cyber-security
-
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world.The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS…
-
Microsoft disrupts cybercrime operation that hid behind legitimate software
The Fox Tempest malware-signing-as-a-service operation was linked to numerous ransomware attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-disrupts-cybercrime-hid-legitimate-software/820724/
-
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-carrier-billing-fraud-four/
-
AI Botnets Drive Surge in Financial Sector DDoS Attacks
Akamai Links Attack Growth to AI-Enabled Botnets and Hacktivists. Akamai says AI-enabled botnets, geopolitical hacktivism and financially motivated cybercriminals drove a massive rise in DDoS, API and web attacks against global financial services firms in 2025, with banks suffering the majority of incidents. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-botnets-drive-surge-in-financial-sector-ddos-attacks-a-31730
-
AI Botnets Drive Surge in Financial Sector DDoS Attacks
Akamai Links Attack Growth to AI-Enabled Botnets and Hacktivists. Akamai says AI-enabled botnets, geopolitical hacktivism and financially motivated cybercriminals drove a massive rise in DDoS, API and web attacks against global financial services firms in 2025, with banks suffering the majority of incidents. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-botnets-drive-surge-in-financial-sector-ddos-attacks-a-31730
-
Fox Tempest Linked to Malware-Signing Service Abusing Microsoft Artifact Signing
Tags: cyber, cybercrime, group, intelligence, malicious, malware, microsoft, ransomware, service, software, threatFox Tempest, a financially motivated threat actor, has been linked to a large-scale malware-signing-as-a-service (MSaaS) operation that abused Microsoft’s Artefact Signing platform to enable cybercriminals to distribute malicious software that appeared to be trusted. According to Microsoft Threat Intelligence, the group enabled ransomware campaigns and malware distribution by generating fraudulent but valid code-signing certificates, allowing…
-
Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash
A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was reportedly triggered by a previously undisclosed flaw in Huawei enterprise routers. The attack disrupted landline, 4G, 5G, and emergency communications for more than three hours after specially crafted…
-
DevilNFC Malware Traps Android Users in NFC Relay Attacks
A newly identified Android malware family named DevilNFC is raising concern among cybersecurity researchers for its advanced use of kiosk mode to trap victims during NFC relay attacks. These malware families mark a significant evolution in NFC relay threats. Unlike earlier campaigns dominated by Chinese-speaking Malware-as-a-Service ecosystems, DevilNFC and NFCMultiPay are developed by independent regional…
-
Cybercrime service disrupted for abusing Microsoft platform to sign malware
Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company’s Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybercrime-service-disrupted-for-abusing-microsoft-platform-to-sign-malware/
-
Cybercrime service disrupted for abusing Microsoft platform to sign malware
Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company’s Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybercrime-service-disrupted-for-abusing-microsoft-platform-to-sign-malware/
-
LogicMonitor und Deutsche Telekom bauen AI-First-Observability und Managed Services aus
Deutsche Telekom setzt auf KI-Offensive: Die Ausweitung der Partnerschaft ist Teil des modularen und herstellerunabhängigen Managed-Services-Portfolios. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/logicmonitor-und-deutsche-telekom-bauen-ai-first-observability-und-managed-services-aus/a45191/
-
Microsoft Self-Service Password Reset abused in Azure data theft attacks
A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-self-service-password-reset-abused-in-azure-data-theft-attacks/
-
What to Look for When Choosing an ASPM Platform
Application security posture management (ASPM) has become a foundational capability for software-as-a-service (SaaS) and software companies building increasingly complex, artificial intelligence-assisted applications. As engineering velocity increases and AI-generated code becomes part of everyday development workflows, security teams are under pressure to unify visibility, reduce fragmented tooling, and improve how risk isidentifiedand prioritized across the software…
-
Microsoft dismantled malware-signing network Fox Tempest
Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with short-lived certificates to make malicious software appear legitimate. The service abused Microsoft Artifact Signing and supported…
-
Microsoft disrupts Fox Tempest malware-signing-asservice platform tied to ransomware gangs
The company unsealed a legal case in U.S. District Court on Tuesday detailing the disruption of Fox Tempest, a popular service that has operated since May 2025 and provides cybercriminals with code signing tools. First seen on therecord.media Jump to article: therecord.media/microsoft-disrupts-fox-tempest-malware-signing-service
-
Microsoft disrupts cybercrime service that abused software verification systems en masse
Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-digital-crimes-unit-disrupts-fox-tempest/
-
OverDoS in n8n Wie eine OAuth-Funktion über 70.000 Automatisierungsserver lahmlegen kann
Die Open-Source-Automatisierungsplattform n8n steht erneut im Fokus der Sicherheitsforschung. Diesmal geht es nicht um klassischen Remote Code Execution, sondern um eine besonders perfide Denial-of-Service-Schwachstelle mit dem Namen OverDoS. Sicherheitsforscher von Checkmarx zeigen, wie Angreifer ohne Authentifizierung ganze n8n-Instanzen gezielt mit Daten fluten und dadurch unbrauchbar machen können. Betroffen sind potenziell zehntausende öffentlich erreichbare Systeme. CVE-2026-42236:…
-
Internet Explorer may be dead, but its ghost still runs malware
A legacy Windows tool that refuses to die: Bitdefender’s findings suggest MSHTA remains attractive because it checks several boxes attackers like. These include it being Microsoft-signed, preinstalled on Windows, capable of in-memory execution, and still implicitly trusted in many environments.Other sophisticated campaigns picked it up too. Bitdefender detailed PurpleFox using MSHTA to launch ‘msiexec’ commands…
-
SASE-Spezialist Versa erhält ENS-Zertifizierung für den spanischen Markt
Versa verfügt ab sofort über die spanische ENS-Zertifizierung der höchsten Stufe ALTA. Der Spezialist für Secure-Access-Service-Edge (SASE) erfüllt somit vollständig die strengen Anforderungen des Königlichen Dekrets 311/2022 und unterstreicht sein Engagement, Behörden und kritische Infrastrukturen mit höchsten Sicherheitsstandards zu schützen. Die Esquema Nacional de Seguridad (ENS) ist das gesetzlich verankerte Sicherheitsrahmenwerk für die elektronische Verwaltung…
-
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had…
-
Hosting Service Standards That Define High-Performing Agencies
Tags: serviceThere’s a quiet pattern among the agencies that consistently outperform their competitors. Their client retention rates are higher…. First seen on hackread.com Jump to article: hackread.com/hosting-service-standards-high-performing-agencies/
-
Westcon-Comstor and TD Synnex roll out partner white-label offerings
Tags: serviceChannel players launch services that can be taken up by partners keen to extend their own capabilities and visibility in the market First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366643373/Westcon-Comstor-and-TD-Synnex-roll-out-partner-white-label-offerings
-
ShinyHunters Takes Responsibility for Attack on Learning Management Platform
A cyberattack linked to the notorious threat group ShinyHunters has disrupted a widely used Learning Management System (LMS), impacting educational institutions and students across the United States. According to a Public Service Announcement (PSA) issued by the FBI on May 15, 2026 (Alert I-051526-PSA), the platform has since been restored. However, concerns remain over potential…