Collecting Cyber-News from over 60 sources

Tag: tactics

Langflow RCE Vulnerability Exploited to Deploy Monero Cryptominer on Exposed AI Servers

Jun 29, 2026 12:16 PM

Tags: ai, cve, cyber, data-breach, exploit, Internet, rce, remote-code-execution, tactics, threat, vulnerability

Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution (RCE) vulnerability in Langflow, to compromise internet-exposed AI application servers and silently deploy a customized Monero (XMR) cryptominer. Tracked and documented by Trend Micro researchers Simon Dulude and John Zhang, the campaign marks a significant pivot in commodity cryptominer delivery tactics, from traditional…
A Hack Too Far? Report Ties Russia to Jaguar Land Rover Hit

Jun 26, 2026 9:18 PM

Tags: attack, government, russia, tactics

How Should the British Government Respond to the $2.5B Economic Disruption? Suggestions that the Kremlin orchestrated the disruptive hack attack against British automotive giant Jaguar Land Rover raise the question of how the British government might respond. For businesses, Moscow’s advancing use of gray zone tactics is a reminder that they’re in the line of…
Russia’s Gamaredon Adapts Tactics to Target Ukraine

Jun 25, 2026 5:16 PM

Tags: cloud, data, espionage, infrastructure, malware, phishing, russia, spear-phishing, tactics, ukraine

Eset Documents New Malware Families and Infrastructure Tactics. Eset found Russia’s FSB-linked Gamaredon expanded its malware toolkit, launched dozens of spear-phishing campaigns, and increasingly relied on legitimate cloud, tunneling and social platforms to conceal C2 infrastructure, exfiltrate data and sustain espionage operations targeting Ukraine. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russias-gamaredon-adapts-tactics-to-target-ukraine-a-32068
Top 10 Best Cybersecurity Awareness Training Platforms 2026

Jun 22, 2026 12:34 PM

Tags: awareness, cyber, cybercrime, cybersecurity, defense, phishing, social-engineering, tactics, technology, training

In the complex digital landscape of 2026, technology alone is no longer enough to protect an organization from cyber threats. The human element, often cited as the weakest link, is now recognized as a critical line of defense the human firewall. Cybercriminals are increasingly targeting employees through sophisticated social engineering tactics like phishing, vishing, and…
The Cyber Express Weekly Roundup: Cybersecurity Weekly Round on Emerging Threats, Data Breaches, and Global Policy Shifts

Jun 19, 2026 9:34 PM

Tags: breach, cyber, cybersecurity, data, government, healthcare, risk, tactics, technology, threat

This week’s weekly roundup of cybersecurity developments highlights an expanding intersection of cyber risk, regulatory action, and enterprise vulnerability. Across healthcare, technology platforms, gaming companies, and government policy, organizations continue to confront a rapidly evolving cybersecurity landscape where data exposure, advanced intrusion tactics, and platform security failures are interconnected. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-global-threats/
INC Ransomware Uses Double Extortion and Printer Ransom Notes to Pressure Victims

Jun 19, 2026 9:34 PM

Tags: breach, cyber, data, extortion, group, ransom, ransomware, tactics

INC has matured from an emerging RaaS operation into one of 2026’s most active ransomware families, claiming more than 800 victims since 2023 and capitalizing on disruption among competitors to expand its affiliate base. The group’s recent campaigns demonstrate both incremental tooling refinement and novel pressure tactics: double extortion of stolen data combined with automated…
Weedhack MaaS Targets Minecraft Players to Steal Credentials and Hijack Accounts

Jun 9, 2026 9:42 AM

Tags: access, credentials, crypto, cyber, malware, service, tactics, theft

Weedhack, a Malware-as-a-Service (MaaS) operation specifically engineered to prey on Minecraft players, that has been active since at least January 2026. The service packages credential theft, cryptocurrency wallet extraction, account hijacking and full remote-access capabilities into a low-cost, subscription-based offering marketed through SEO poisoning,YouTube promotion and counterfeit Minecraft mod websites. By combining polished distribution tactics…
New Gafgyt Variant Targets Linux Systems With Modular Spread Tactics

Jun 5, 2026 12:42 PM

Tags: botnet, cve, cyber, exploit, firmware, iot, linux, malware, tactics, vulnerability

A new Gafgyt-family botnet, tracked as C0XMO, marks a notable technical shift in IoT malware design: the separation of scanning and propagation into distinct components and multi-architecture payloads that maximize reach across heterogeneous Linux devices. The operator delivered C0XMO by exploiting CVE-2021-27137 a stack buffer overflow in the UPnP SSDP parser of vulnerable DD-WRT firmware…
Proofpoint: TA4922 Deploys New RAT and Loader Arsenal

Jun 4, 2026 11:42 AM

Tags: china, cloud, cyber, cybercrime, detection, group, malware, rat, service, tactics, threat, tool

A rapidly evolving threat cluster tracked as TA4922, a Chinese-speaking cybercriminal actor deploying a diverse and expanding malware arsenal that now includes Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT. The group is notable for its high operational tempo, shifting tactics, and ability to blend custom malware with legitimate tools and cloud services, complicating detection efforts across…
Phishing Attacks Pivot to Infostealer Malware Over Fake Login Pages

Jun 4, 2026 11:42 AM

Tags: attack, credentials, cyber, cybercrime, data, login, malware, phishing, tactics, threat

Cybercriminal tactics are evolving as phishing campaigns increasingly shift away from fake login pages toward infostealer malware designed to quietly harvest sensitive data from infected systems. While traditional credential-harvesting pages remain in use, threat actors are now prioritizing methods that reduce user interaction and increase data collection efficiency. Infostealers are purpose-built malware families that extract…
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Jun 1, 2026 9:42 PM

Tags: attack, cloud, credentials, service, supply-chain, tactics, worm

A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm.”This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential First seen on thehackernews.com Jump…
NightSpire Ransomware Abuses RDP for Stealthy Persistence

May 26, 2026 1:00 PM

Tags: cyber, data, extortion, leak, malware, ransom, ransomware, tactics, threat

NightSpire has quickly emerged as a significant ransomware threat since its discovery in early 2025, combining classic double-extortion tactics with stealthy intrusion techniques. The malware not only encrypts victim data but also exfiltrates sensitive files, threatening to publish them on a Tor-based leak site if ransom demands are not met. In just a three-month window…
Iranian APT Uses SEO Poisoning to Spread Fake SQL Developer Malware

May 25, 2026 9:00 AM

Tags: apt, cyber, group, iran, malware, sql, tactics, threat

A newly observed cyber campaign linked to the Iranian IRGC-affiliated threat group Nimbus Manticore (also tracked as UNC1549) highlights an evolution in both delivery tactics and malware sophistication. The activity, uncovered during the ongoing geopolitical conflict tied to Operation Epic Fury launched on February 28, 2026, shows the group adopting SEO poisoning malware for the…
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks

May 22, 2026 5:00 PM

Tags: attack, breach, data, data-breach, healthcare, ransomware, social-engineering, tactics

Ransomware and vendor breaches persist, but the 2026 Data Breach Investigations Report (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/verizon-dbir-healthcare-fends-off-increased-social-engineering-attacks
Operation Dragon Whistle Targets Changzhou University with Malicious LNK Files

May 22, 2026 10:00 AM

Tags: cloud, cyber, cyberattack, government, malicious, phishing, service, tactics, threat, tool

A recent phishing campaign dubbed “Operation Dragon Whistle” highlights an evolving trend in cyberattacks: threat actors abusing legitimate developer tools and cloud services to maintain stealth and persistence. Although initially linked to targeting academic environments such as Changzhou University, new analysis reveals overlapping tactics used in a broader campaign aimed at government-linked organizations, including Pakistan’s…
China-Linked Webworm APT Evolves Tactics, Expands to European Targets

May 20, 2026 2:01 PM

Tags: apt, china, cyber, espionage, government, tactics

China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/webworm-apt-evolves-tactics/
Exchange Server zero-day vulnerability can be triggered by opening a malicious email

May 15, 2026 11:00 PM

Tags: automation, data, email, malicious, microsoft, mitigation, risk, service, tactics, update, vulnerability, zero-day

Known issues with mitigation tactics: However, admins should note there are known issues once the mitigation is applied either manually or automatically through the EM Service.OWA Print Calendar functionality might not work. As a workaround, copy the data or screenshot the calendar you want to print, or use Outlook Desktop client. Inline images might not…
North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware

May 12, 2026 12:19 PM

Tags: attack, cyber, github, hacker, jobs, korea, malware, north-korea, social-engineering, tactics, threat

North Korean threat actors have introduced a stealthy new delivery mechanism in their ongoing “Contagious Interview” campaign, shifting tactics to abuse Git hooks for malware execution. The attack begins with a familiar social engineering lure. Victims, often developers targeted through fake job interviews, are asked to clone a GitHub repository containing a “coding assessment.” Hidden…
Tables Turned: Gentlemen Ransomware Group Suffers Data Leak

May 12, 2026 12:19 AM

Tags: backup, communications, cybercrime, data, group, leak, ransomware, tactics, tool

Internal Communications Dumped Online, Revealing Fresh Victims, Repeat Tactics. Ransomware group The Gentlemen, a relative newcomer to the cybercrime scene, suffered a leak of its internal communications, revealing previously non-public victims, a variety of tactics, techniques and tools, and a relentless focus on popping backup and storage infrastructure. First seen on govinfosecurity.com Jump to article:…
Scammers Exploit Disposable VoIP Numbers to Bypass Reputation Blocking

May 7, 2026 12:48 PM

Tags: attack, cyber, detection, email, exploit, fraud, infrastructure, malicious, phishing, phone, scam, tactics, threat, voip

New tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrastructure to evade detection and scale fraud operations. Telephone-oriented attack delivery (TOAD) remains a dominant phishing technique, in which victims are lured to call attacker-controlled numbers rather than clicking malicious…
Iranian cyber espionage disguised as a Chaos Ransomware attack

May 6, 2026 5:48 PM

Tags: apt, attack, credentials, cyber, data, espionage, extortion, iran, phishing, ransomware, tactics, theft

Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended…
New Attribution Framework Links APT Campaigns Across Key Layers

May 5, 2026 10:48 AM

Tags: apt, cyber, cybersecurity, framework, group, malware, tactics, threat

A new attribution framework is reshaping how cybersecurity analysts connect advanced persistent threat (APT) activity, moving beyond static group labels toward a dynamic, multi-layered model that reflects how modern adversaries actually operate. These profiles are built from observed tactics, techniques, procedures (TTPs), malware, and infrastructure. But this approach is increasingly strained. Threat actors evolve constantly…
CAPTCHA and ClickFix Abuse Fuels Credential Theft Surge

May 1, 2026 12:46 PM

Tags: captcha, credentials, cyber, email, malware, phishing, qr, risk, service, tactics, theft

Attackers are increasingly combining QR codes, fake CAPTCHA gates, and ClickFix-style tricks to steal credentials at scale, even as major phishing-as-a-service (PhaaS) platforms face disruption. These tactics shift risk from traditional malware attachments to highly convincing, hosted phishing flows that are harder for both users and email filters to spot. Across this volume, 78% of…
FBI Warns Logistics Sector of Fake Business Identity Cargo Scams

May 1, 2026 9:39 AM

Tags: attack, business, cyber, finance, identity, scam, service, tactics, theft, threat

The FBI issued a public service announcement warning the transportation and logistics sectors about a massive increase in cyber-enabled strategic cargo theft. Threat actors are increasingly using sophisticated tactics to impersonate legitimate businesses, hijack freight, and steal high-value shipments. The financial impact of these attacks is severe. In 2025 alone, estimated cargo theft losses in…
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

Apr 30, 2026 4:39 PM

Tags: flaw, Internet, password, scam, tactics, tool

The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online.Security is always a moving target. Millions…
Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators

Apr 30, 2026 2:40 PM

Tags: access, ai, cisa, communications, control, data-breach, detection, firewall, guide, infrastructure, network, open-source, siem, tactics, tool, vpn, zero-trust

What it means for security teams: The publication closes a gap that CISA’s Zero Trust Maturity Model 2.0 acknowledged, having stated it did not address challenges specific to operational technology. It follows February’s Barriers to Secure OT Communications and earlier CISA warnings that exposed VPNs, firewalls, and legacy edge devices remain the dominant entry points…
It’s Not the Computer, Stupid. It’s the Information in It. Two Recent Indictments Stretch the Limits of >>Theft<< of Information.

Apr 30, 2026 11:38 AM

Tags: computer, fraud, government, tactics, theft

The legal system persists in framing “computer crime” through the archaic lens of tangible property”, theft and conversion”, despite the fact that information is non-rivalrous and easily duplicated without depriving the original owner of possession. Recent federal indictments, such as the Van Dyke and SPLC matters, reveal a “doctrinally aggressive” expansion where the government claims…
It’s Not the Computer, Stupid. It’s the Information in It. Two Recent Indictments Stretch the Limits of >>Theft<< of Information.

Apr 30, 2026 11:38 AM

Tags: computer, fraud, government, tactics, theft

The legal system persists in framing “computer crime” through the archaic lens of tangible property”, theft and conversion”, despite the fact that information is non-rivalrous and easily duplicated without depriving the original owner of possession. Recent federal indictments, such as the Van Dyke and SPLC matters, reveal a “doctrinally aggressive” expansion where the government claims…
It’s Not the Computer, Stupid. It’s the Information in It. Two Recent Indictments Stretch the Limits of >>Theft<< of Information.

Apr 30, 2026 11:38 AM

Tags: computer, fraud, government, tactics, theft

The legal system persists in framing “computer crime” through the archaic lens of tangible property”, theft and conversion”, despite the fact that information is non-rivalrous and easily duplicated without depriving the original owner of possession. Recent federal indictments, such as the Van Dyke and SPLC matters, reveal a “doctrinally aggressive” expansion where the government claims…
The Evolution of Scattered Spider: How Organizations Are Strengthening Defenses

Apr 28, 2026 12:39 PM

Tags: defense, exploit, identity, tactics

An On Demand video from ID Dataweb. Scattered Spider is rapidly expanding its reach, exploiting identity processes and help desks to infiltrate organizations. Discover their tactics and the steps you can take now to reduce risk. Watch the webinar. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/evolution-scattered-spider-how-organizations-are-strengthening-defenses-a-31524