Tag: tactics

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

May 15, 2026 11:00 PM

Tags: automation, data, email, malicious, microsoft, mitigation, risk, service, tactics, update, vulnerability, zero-day

Known issues with mitigation tactics: However, admins should note there are known issues once the mitigation is applied either manually or automatically through the EM Service.OWA Print Calendar functionality might not work. As a workaround, copy the data or screenshot the calendar you want to print, or use Outlook Desktop client. Inline images might not…
North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware

May 12, 2026 12:19 PM

Tags: attack, cyber, github, hacker, jobs, korea, malware, north-korea, social-engineering, tactics, threat

North Korean threat actors have introduced a stealthy new delivery mechanism in their ongoing “Contagious Interview” campaign, shifting tactics to abuse Git hooks for malware execution. The attack begins with a familiar social engineering lure. Victims, often developers targeted through fake job interviews, are asked to clone a GitHub repository containing a “coding assessment.” Hidden…
Tables Turned: Gentlemen Ransomware Group Suffers Data Leak

May 12, 2026 12:19 AM

Tags: backup, communications, cybercrime, data, group, leak, ransomware, tactics, tool

Internal Communications Dumped Online, Revealing Fresh Victims, Repeat Tactics. Ransomware group The Gentlemen, a relative newcomer to the cybercrime scene, suffered a leak of its internal communications, revealing previously non-public victims, a variety of tactics, techniques and tools, and a relentless focus on popping backup and storage infrastructure. First seen on govinfosecurity.com Jump to article:…
Scammers Exploit Disposable VoIP Numbers to Bypass Reputation Blocking

May 7, 2026 12:48 PM

Tags: attack, cyber, detection, email, exploit, fraud, infrastructure, malicious, phishing, phone, scam, tactics, threat, voip

New tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrastructure to evade detection and scale fraud operations. Telephone-oriented attack delivery (TOAD) remains a dominant phishing technique, in which victims are lured to call attacker-controlled numbers rather than clicking malicious…
Iranian cyber espionage disguised as a Chaos Ransomware attack

May 6, 2026 5:48 PM

Tags: apt, attack, credentials, cyber, data, espionage, extortion, iran, phishing, ransomware, tactics, theft

Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended…
New Attribution Framework Links APT Campaigns Across Key Layers

May 5, 2026 10:48 AM

Tags: apt, cyber, cybersecurity, framework, group, malware, tactics, threat

A new attribution framework is reshaping how cybersecurity analysts connect advanced persistent threat (APT) activity, moving beyond static group labels toward a dynamic, multi-layered model that reflects how modern adversaries actually operate. These profiles are built from observed tactics, techniques, procedures (TTPs), malware, and infrastructure. But this approach is increasingly strained. Threat actors evolve constantly…
CAPTCHA and ClickFix Abuse Fuels Credential Theft Surge

May 1, 2026 12:46 PM

Tags: captcha, credentials, cyber, email, malware, phishing, qr, risk, service, tactics, theft

Attackers are increasingly combining QR codes, fake CAPTCHA gates, and ClickFix-style tricks to steal credentials at scale, even as major phishing-as-a-service (PhaaS) platforms face disruption. These tactics shift risk from traditional malware attachments to highly convincing, hosted phishing flows that are harder for both users and email filters to spot. Across this volume, 78% of…
FBI Warns Logistics Sector of Fake Business Identity Cargo Scams

May 1, 2026 9:39 AM

Tags: attack, business, cyber, finance, identity, scam, service, tactics, theft, threat

The FBI issued a public service announcement warning the transportation and logistics sectors about a massive increase in cyber-enabled strategic cargo theft. Threat actors are increasingly using sophisticated tactics to impersonate legitimate businesses, hijack freight, and steal high-value shipments. The financial impact of these attacks is severe. In 2025 alone, estimated cargo theft losses in…
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

Apr 30, 2026 4:39 PM

Tags: flaw, Internet, password, scam, tactics, tool

The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online.Security is always a moving target. Millions…
Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators

Apr 30, 2026 2:40 PM

Tags: access, ai, cisa, communications, control, data-breach, detection, firewall, guide, infrastructure, network, open-source, siem, tactics, tool, vpn, zero-trust

What it means for security teams: The publication closes a gap that CISA’s Zero Trust Maturity Model 2.0 acknowledged, having stated it did not address challenges specific to operational technology. It follows February’s Barriers to Secure OT Communications and earlier CISA warnings that exposed VPNs, firewalls, and legacy edge devices remain the dominant entry points…
It’s Not the Computer, Stupid. It’s the Information in It. Two Recent Indictments Stretch the Limits of >>Theft<< of Information.

Apr 30, 2026 11:38 AM

Tags: computer, fraud, government, tactics, theft

The legal system persists in framing “computer crime” through the archaic lens of tangible property”, theft and conversion”, despite the fact that information is non-rivalrous and easily duplicated without depriving the original owner of possession. Recent federal indictments, such as the Van Dyke and SPLC matters, reveal a “doctrinally aggressive” expansion where the government claims…
It’s Not the Computer, Stupid. It’s the Information in It. Two Recent Indictments Stretch the Limits of >>Theft<< of Information.

Apr 30, 2026 11:38 AM

Tags: computer, fraud, government, tactics, theft

The legal system persists in framing “computer crime” through the archaic lens of tangible property”, theft and conversion”, despite the fact that information is non-rivalrous and easily duplicated without depriving the original owner of possession. Recent federal indictments, such as the Van Dyke and SPLC matters, reveal a “doctrinally aggressive” expansion where the government claims…
It’s Not the Computer, Stupid. It’s the Information in It. Two Recent Indictments Stretch the Limits of >>Theft<< of Information.

Apr 30, 2026 11:38 AM

Tags: computer, fraud, government, tactics, theft

The legal system persists in framing “computer crime” through the archaic lens of tangible property”, theft and conversion”, despite the fact that information is non-rivalrous and easily duplicated without depriving the original owner of possession. Recent federal indictments, such as the Van Dyke and SPLC matters, reveal a “doctrinally aggressive” expansion where the government claims…
The Evolution of Scattered Spider: How Organizations Are Strengthening Defenses

Apr 28, 2026 12:39 PM

Tags: defense, exploit, identity, tactics

An On Demand video from ID Dataweb. Scattered Spider is rapidly expanding its reach, exploiting identity processes and help desks to infiltrate organizations. Discover their tactics and the steps you can take now to reduce risk. Watch the webinar. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/evolution-scattered-spider-how-organizations-are-strengthening-defenses-a-31524
UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

Apr 24, 2026 12:39 PM

Tags: malware, microsoft, social-engineering, tactics, threat

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.”As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT help desk employees, convincing their victim to accept a Microsoft Teams chat invitation from…
China-Linked Cyber Actors Turn to Massive Covert Botnets to Evade Detection

Apr 24, 2026 10:38 AM

Tags: advisory, botnet, china, cyber, cybersecurity, detection, international, malicious, network, tactics, threat

A newly issued cybersecurity advisory highlights an evolution in the tactics, techniques and procedures (TTPs) employed by China-Nexus threat actors. The report, released with support from the UK Cyber League and coordinated by the National Cyber Security Centre (NCSC-UK) alongside international partners, sheds light on how Chinese threat actors are relying on large-scale covert networks of compromised…
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

Apr 23, 2026 9:39 PM

Tags: malware, microsoft, social-engineering, tactics, threat

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.”As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an…
North Korean Fake IT Workers Infiltrate Firms to Dodge Sanctions

Apr 23, 2026 11:39 AM

Tags: crypto, cyber, infrastructure, international, north-korea, tactics, threat

North Korean threat actors are once again leveraging deceptive remote work schemes to infiltrate global organizations, using fake IT worker personas to generate revenue and bypass international sanctions. A recent investigation, triggered by cryptocurrency security researcher ZachXBT, sheds light on the infrastructure and tactics behind this evolving campaign. ZachXBT identified the domain luckyguys[.]site as being…
Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

Apr 23, 2026 5:39 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, detection, github, infection, intelligence, korea, login, malicious, malware, military, monitoring, network, open-source, service, tactics, threat, tool, windows

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample uncovered a campaign leveraging a multi-stage attack chain where a trojanized SumatraPDF reader deploys an AdaptixC2 Beacon agent, ultimately leading to the download and abuse of Visual Studio (VS) Code tunnels for…
Malicious pgserve, automagik developer tools found in npm registry

Apr 23, 2026 5:39 AM

Tags: access, attack, breach, cloud, control, corporate, credentials, crypto, data, firewall, github, infrastructure, least-privilege, malicious, malware, network, open-source, password, radius, risk, service, software, tactics, theft, threat, tool, worm

Advice to victimized developers: Developers who have downloaded the malicious versions of pgserver and automagik need to act fast, says Tanya Janca, head of Canadian secure coding consultancy SheHacksPurple.”Rotate every credential you can think of, right now, before you do anything else,” she said. “Then harden your CI/CD network egress controls so your build runners…
Google expands Gemini AI use to fight malicious ads on its platform

Apr 17, 2026 12:48 AM

Tags: ai, google, malicious, scam, tactics, threat

Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-expands-gemini-ai-use-to-fight-malicious-ads-on-its-platform/
China-linked cloud credential heist runs on typos and SMTP

Apr 14, 2026 3:52 PM

Tags: access, china, cloud, credentials, detection, espionage, infrastructure, linux, malicious, malware, mitre, monitoring, network, service, tactics, tool

Typosquatting for cloud-native espionage: The campaign relies heavily on deception, the researchers pointed out, using C2 domains closely resembling legitimate Alibaba Cloud services. The typosquatting approach allows malicious traffic to blend into routine cloud operations, specifically in environments where outbound filtering is absent.The implant used is an obfuscated ELF binary, with an executable designed for…
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses

Apr 14, 2026 2:51 PM

Tags: access, ai, api, attack, automation, cloud, credentials, crypto, data, github, guide, intelligence, kubernetes, linux, macOS, malicious, malware, open-source, pypi, risk, software, supply-chain, tactics, theft, tool, update, windows, worm

<div cla TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most activity focused on credential theft, host reconnaissance, and staged payload delivery. The quarter’s defining pattern was trust abuse: attackers succeeded by…
EDR Killers Broaden Ransomware Tactics, ESET Warns

Apr 13, 2026 8:52 AM

Tags: cyber, edr, ransomware, tactics, tool, vulnerability

Ransomware gangs are rapidly expanding their use of EDR killers, moving beyond vulnerable drivers to a broader mix of scripts, anti”‘rootkits, and driverless techniques. The company’s latest telemetry-backed study tracks almost 90 distinct EDR killers actively used in the wild. It warns that these tools have become a predictable, standard stage in modern ransomware operations. In…
Microsoft’s Copilot strategy is just more user abuse from Redmond, says Mozilla

Apr 12, 2026 1:52 PM

Tags: ai, browser, microsoft, strategy, tactics

Firefox maker warns old web tactics are now shaping AI at the expense of user choice First seen on theregister.com Jump to article: www.theregister.com/2026/04/10/mozilla_microsofts_copilot_strategy/
STX RAT Targets Finance Sector With Advanced Stealth Tactics

Apr 9, 2026 6:53 PM

Tags: access, finance, rat, tactics

STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/stx-rat-targets-finance-sector/
Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

Apr 8, 2026 11:52 PM

Tags: espionage, group, infrastructure, malware, phishing, russia, spear-phishing, tactics, ukraine

APT28 targets Ukraine and allies with PRISMEX malware, using stealthy techniques for espionage and command-and-control. Russia-linked group APT28 (aka UAC-0001, akaFancy Bear,Pawn Storm,Sofacy Group,Sednit,BlueDelta, andSTRONTIUM) is running a spear-phishing campaign against Ukraine and its allies, deploying a new malware suite called PRISMEX. Active since September 2025, the campaign uses advanced stealth techniques like steganography and…
Arelion employs NETSCOUT Arbor DDoS protection products

Apr 8, 2026 9:52 PM

Tags: ai, attack, automation, business, cyber, cyberattack, cybersecurity, ddos, defense, detection, government, infrastructure, intelligence, Internet, mitigation, monitoring, network, risk, router, service, strategy, tactics, technology, threat

“As a Tier-1 Internet carrier supporting the majority of global Internet traffic, this continued collaboration reflects our ongoing investment in best-of-breed network security solutions to protect the technology ecosystem. Our partnership combines Arelion’s global network performance and NETSCOUT’s leading Arbor DDoS attack protection solutions to provide world-class experiences for our customers.” Scott Nichols, Chief Commercial…
How botnet-driven DDoS attacks evolved in 2H 2025

Apr 8, 2026 8:52 PM

Tags: ai, attack, botnet, dark-web, ddos, defense, dns, finance, government, group, infrastructure, intelligence, international, Internet, iot, jobs, law, LLM, mitigation, network, resilience, risk, service, strategy, tactics, threat, tool, usa, vulnerability

Massive attack capacity: Demonstration attacks peaked at 30Tbps and 4 gigapackets per second, primarily launched by Internet of Things (IoT) botnets such as Aisuru and TurboMirai variants.AI integration: The use of AI, including dark-web large language models (LLMs), moved from emerging trend to operational reality, making sophisticated attacks accessible to a wider range of threat actors.Persistent threat…
The zero-day timeline just collapsed. Here’s what security leaders do next

Apr 8, 2026 12:52 PM

Tags: access, ai, api, attack, authentication, breach, cio, ciso, control, cyber, cybersecurity, data, data-breach, defense, endpoint, exploit, google, Internet, Intruder, leak, least-privilege, open-source, penetration-testing, resilience, service, strategy, tactics, update, vulnerability, zero-day

Scaling vulnerability discovery to machine speed: Agentic AI is AI that can act, not just advise. Give it an objective, and it will plan steps, run them, learn from what happens and adjust until it succeeds or hits a hard stop. In cybersecurity, that looks like an automated operator. It can probe an application, test…