Tag: tactics
-
Ransomware insurance losses spike despite fewer claims: Resilience
AI-powered phishing, “double extortion” tactics and insurance policy theft are fueling more destructive, costly ransomware attacks, the;cybersecurity firm said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ransomware-insurance-losses-spike-claims-resilience-ai-phishing/759626/
-
Lazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing Campaign
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus continues to evolve its tactics to target cryptocurrency and financial institutions worldwide. Over the last decade, Lazarus has homed in…
-
Lazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing Campaign
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus continues to evolve its tactics to target cryptocurrency and financial institutions worldwide. Over the last decade, Lazarus has homed in…
-
Lazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing Campaign
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus continues to evolve its tactics to target cryptocurrency and financial institutions worldwide. Over the last decade, Lazarus has homed in…
-
New Salty2FA Phishing Kit Bypasses MFA and Clones Login Pages
A new, sophisticated phishing kit, Salty2FA, is using advanced tactics to bypass MFA and mimic trusted brands. Read… First seen on hackread.com Jump to article: hackread.com/salty2fa-phishing-kit-bypasses-mfa-clone-login-pages/
-
GPUGate Malware Shows Hardware-Specific Evasion Tactics: Arctic Wolf
Bad actors are using GitHub’s repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed “GPUGate” that includes new hardware-specific evasion techniques that may begin to appear in other attacks, according to Arctic Wolf threat researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/gpugate-malware-shows-hardware-specific-evasion-tactics-arctic-wolf/
-
GPUGate Malware Shows Hardware-Specific Evasion Tactics: Arctic Wolf
Bad actors are using GitHub’s repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed “GPUGate” that includes new hardware-specific evasion techniques that may begin to appear in other attacks, according to Arctic Wolf threat researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/gpugate-malware-shows-hardware-specific-evasion-tactics-arctic-wolf/
-
Link11 Reports 225% more DDoS attacks in H1 2025 with new tactics against infrastructure
Frankfurt am Main, Germany, September 9th, 2025, CyberNewsWire The threat landscape surrounding distributed denial-of-service (DDoS) attacks intensified significantly in the first half of 2025, according to the latest Link11 European Cyber Report. Documented attacks targeting the Link11 network increased by 225% compared to the same period in 2024. The report highlights not only a marked rise in attack…
-
Link11 Reports 225% more DDoS attacks in H1 2025 with new tactics against infrastructure
Frankfurt am Main, Germany, 9th September 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/link11-reports-225-more-ddos-attacks-in-h1-2025-with-new-tactics-against-infrastructure/
-
Link11 Reports 225% more DDoS attacks in H1 2025 with new tactics against infrastructure
Frankfurt am Main, Germany, 9th September 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/link11-reports-225-more-ddos-attacks-in-h1-2025-with-new-tactics-against-infrastructure/
-
Link11 Reports 225% more DDoS attacks in H1 2025 with new tactics against infrastructure
Frankfurt am Main, Germany, 9th September 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/link11-reports-225-more-ddos-attacks-in-h1-2025-with-new-tactics-against-infrastructure/
-
RatOn Hijacks Bank Account to Launch Automated Money Transfers
Dubbed RatOn, that combines traditional overlay attacks with NFC relay tactics to hijack bank accounts and initiate automated money transfers. Developed from scratch by a threat actor group observed since July 2025, RatOn represents a significant evolution in mobile fraud capabilities. Security researchers have uncovered a new Android banking trojan Unlike standalone NFC relay tools…
-
RatOn Hijacks Bank Account to Launch Automated Money Transfers
Dubbed RatOn, that combines traditional overlay attacks with NFC relay tactics to hijack bank accounts and initiate automated money transfers. Developed from scratch by a threat actor group observed since July 2025, RatOn represents a significant evolution in mobile fraud capabilities. Security researchers have uncovered a new Android banking trojan Unlike standalone NFC relay tools…
-
Flattery Can Make AI Chatbots Break the Rules
Study Shows Persuasion Tactics Push GPT-4o-Mini Past Guardrails. Want an AI chatbot to call you a jerk or walk you through making a controlled substance? A University of Pennsylvania study shows that just old-fashioned persuasion tricks – the same ones that sway humans – can push large language models off their guardrails. First seen on…
-
MostereRAT Targets Windows, Uses AnyDesk and TightVNC for Full Access
MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity… First seen on hackread.com Jump to article: hackread.com/mostererat-windows-anydesk-tightvnc-access/
-
MostereRAT Targets Windows, Uses AnyDesk and TightVNC for Full Access
MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity… First seen on hackread.com Jump to article: hackread.com/mostererat-windows-anydesk-tightvnc-access/
-
MostereRAT Targets Windows Users With Stealth Tactics
Phishing campaign unveiled MostereRAT, targeting Windows systems with advanced evasion techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rat-targets-windows-users-stealth/
-
Remote Access Abuse Biggest Pre-Ransomware Indicator
Cisco Talos found that abuse of remote services and remote access software are the most prevalent ‘pre-ransomware’ tactics deployed by threat actors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/remote-access-abuse-pre-ransomware/
-
MeetC2 A serverless C2 framework that leverages Google Calendar APIs as a communication channel
MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response. Background:Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept (PoC) to study and demonstrate those techniques in a controlled way, emulating those tactics so red and blue teams…
-
Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
In response to the CISA Advisory (AA25-239A), AttackIQ has updated the assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the Chinese adversary Salt Typhoon and released a new attack graph emulating the behaviors exhibited during the SparrowDoor and ShadowPad campaign in March 2025. First seen on securityboulevard.com Jump to…
-
Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
In response to the CISA Advisory (AA25-239A), AttackIQ has updated the assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the Chinese adversary Salt Typhoon and released a new attack graph emulating the behaviors exhibited during the SparrowDoor and ShadowPad campaign in March 2025. First seen on securityboulevard.com Jump to…
-
Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
In response to the CISA Advisory (AA25-239A), AttackIQ has updated the assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the Chinese adversary Salt Typhoon and released a new attack graph emulating the behaviors exhibited during the SparrowDoor and ShadowPad campaign in March 2025. First seen on securityboulevard.com Jump to…
-
Ukraine’s cyber chief on Russian hackers’ shifting tactics, US cyber aid
A former information security professor with more than 25 years in the Ukrainian armed forces, Oleksandr Potii is blunt about Moscow’s capabilities: “We see that Russia’s technical level is high and its potential is strong. We cannot underestimate them.” First seen on therecord.media Jump to article: therecord.media/ukraine-cyber-chief-on-russia-hacks-us-aid
-
XWorm Malware Adopts New Infection Chain to Bypass Security Detection
Cybersecurity researchers have identified a sophisticated evolution in XWorm malware operations, with the backdoor campaign implementing advanced tactics to evade detection systems. The Trellix Advanced Research Center has documented this significant shift in the malware’s deployment strategy, revealing a deliberate move toward more deceptive and intricate infection methods designed to increase success rates while remaining…
-
Dire Wolf Ransomware Targets Windows, Wipes Logs and Backups
The recently emerged DireWolf ransomware group has launched a sophisticated new campaign targeting Windows systems worldwide, employing ruthless tactics to delete event logs, erase backup-related data, and thwart recovery efforts. First sighted in May 2025, DireWolf has rapidly escalated its operations, infecting 16 organizations across 16 regions”, including the United States, Thailand, Taiwan, Australia, and…
-
Dire Wolf Ransomware Targets Windows, Wipes Logs and Backups
The recently emerged DireWolf ransomware group has launched a sophisticated new campaign targeting Windows systems worldwide, employing ruthless tactics to delete event logs, erase backup-related data, and thwart recovery efforts. First sighted in May 2025, DireWolf has rapidly escalated its operations, infecting 16 organizations across 16 regions”, including the United States, Thailand, Taiwan, Australia, and…