Tag: tactics

New CastleLoader Attack Uses Cloudflare-Themed Clickfix Method to Compromise Windows Systems

Jul 25, 2025 11:27 AM

Tags: access, attack, cyber, google, malware, phishing, software, tactics, threat, windows

A newly identified loader malware dubbed CastleLoader has emerged as a significant threat since early 2025, rapidly evolving into a distribution platform for various information stealers and remote access trojans (RATs). Leveraging sophisticated phishing tactics under T1566 and drive-by compromise methods classified as T1189, attackers masquerade as legitimate software libraries, online meeting platforms like Google…
Clorox sues Cognizant for $380M over alleged helpdesk failures in cyberattack

Jul 23, 2025 9:12 PM

Tags: access, attack, breach, business, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data-breach, deep-fake, group, mfa, password, resilience, service, social-engineering, tactics, threat, tool, training

Attack attributed to social engineering specialists: The cyberattack in 2023 was attributed to Scattered Spider, a cybercriminal group known for sophisticated social engineering campaigns targeting IT helpdesks. However, in this case, the attackers succeeded through remarkably basic tactics rather than advanced technical methods.”Scattered Spider’s success with a plain ‘please reset my password’ call confirms that…
FBI and CISA Warn of Interlock Ransomware Targeting Critical Infrastructure

Jul 23, 2025 9:12 PM

Tags: cisa, infrastructure, ransomware, tactics

FBI warns of Interlock ransomware using unique tactics to hit businesses and critical infrastructure with double extortion. First seen on hackread.com Jump to article: hackread.com/fbi-cisa-interlock-ransomware-target-critical-infrastructure/
Microsoft Reveals Chinese State Hackers Exploiting SharePoint Flaws

Jul 23, 2025 9:12 PM

Tags: china, exploit, flaw, group, hacker, microsoft, tactics, threat

Microsoft reveals Chinese state-backed hacker groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, are exploiting SharePoint flaws, breaching over 100 organisations. Discover threat actors, their tactics and Microsoft’s urgent security guidance. First seen on hackread.com Jump to article: hackread.com/microsoft-chinese-state-hackers-exploit-sharepoint-flaws/
Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware

Jul 23, 2025 9:12 PM

Tags: crypto, docker, exploit, flaw, tactics, threat, vulnerability

The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances.The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long history of leveraging N-day security flaws in various web applications to deploy…
Russian Threat Actors Target NGOs with New OAuth Phishing Tactics

Jul 23, 2025 9:12 PM

Tags: access, attack, exploit, microsoft, phishing, russia, tactics, threat, tool

A new wave of phishing attacks exploiting Microsoft 365 OAuth tools has been observed impersonating diplomats to steal access codes First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-hackers-target-ngos-oauth/
Cybercriminals Merge Android Malware with Click Fraud Apps to Harvest Credentials

Jul 22, 2025 11:42 AM

Tags: android, credentials, cyber, cybercrime, data, exploit, fraud, login, malicious, malware, social-engineering, tactics

Researchers uncovered an active Android malware cluster that ingeniously combines brand impersonation with traffic monetization tactics, targeting users across multiple regions. These malicious Android Package Kit (APK) files exploit social engineering and off-market distribution channels to evade traditional security measures, preying on user trust to exfiltrate sensitive data such as login credentials. The campaign deploys…
Financial Institutions Under Siege by Greedy Sponge Hackers’ Modified AllaKore RAT

Jul 22, 2025 10:40 AM

Tags: access, control, cyber, finance, group, hacker, infrastructure, rat, tactics, threat

A financially motivated threat actor, now identified as Greedy Sponge, has been relentlessly targeting Mexican organizations with a customized version of the AllaKore Remote Access Trojan (RAT). Named for its monetary focus and a past reference to a popular “SpongeBob” meme on its command-and-control (C2) infrastructure, this group has evolved its tactics over the years.…
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

Jul 21, 2025 6:40 AM

Tags: attack, crypto, service, tactics

A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive. Although the service has since shuttered after browser makers took steps to ban miner-related apps and add-ons, researchers from the c/side said they found evidence of…
SquidLoader Malware Campaign Hits Hong Kong Financial Firms

Jul 20, 2025 6:40 PM

Tags: finance, malware, service, tactics

Trellix exposes SquidLoader malware targeting Hong Kong, Singapore, and Australia’s financial service institutions. Learn about its advanced evasion tactics and stealthy attacks. First seen on hackread.com Jump to article: hackread.com/squidloader-malware-hits-hong-kong-financial-firms/
EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware

Jul 20, 2025 6:40 PM

Tags: ai, cybersecurity, jobs, malware, tactics, threat

The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that’s targeting Web3 developers to infect them with information stealer malware.”LARVA-208 has evolved its tactics, using fake AI platforms (e.g., Norlax AI, mimicking Teampilot) to lure victims with job offers or portfolio review requests,” Swiss…
Lumma Infostealer Steals Browser Data and Sells It as Logs on Underground Markets

Jul 18, 2025 9:40 PM

Tags: authentication, credentials, crypto, cyber, data, login, malware, phishing, social-engineering, tactics, threat

Infostealers are specialized malware variants that routinely steal large amounts of sensitive data from compromised systems. This includes session tokens, login credentials, cryptocurrency wallet information, personally identifiable information (PII), multifactor authentication (MFA) artifacts, and pretty much any data stored in a browser. These threats propagate via phishing operations, social engineering tactics, malvertising, and SEO-manipulated campaigns,…
Hackers Exploit ClickFix Tactics to Spread NetSupport RAT, Latrodectus, and Lumma Stealer

Jul 18, 2025 12:42 PM

Tags: computer, cyber, exploit, hacker, malicious, malware, rat, social-engineering, tactics

Attackers are increasingly leveraging the ClickFix social engineering technique to distribute potent malware families, including NetSupport RAT, Latrodectus, and Lumma Stealer. This method, which emerged prominently in recent months, tricks users into executing malicious commands under the guise of resolving common computer issues like performance glitches or verification prompts. By hijacking the clipboard through JavaScript…
Microsoft Uncovers Scattered Spider Tactics, Techniques, and Procedures in Recent Attacks

Jul 18, 2025 12:42 PM

Tags: attack, cyber, cybercrime, group, microsoft, tactics, threat

Microsoft has shed light on the sophisticated operations of Octo Tempest, a financially motivated cybercriminal group alternatively known as Scattered Spider, Muddled Libra, UNC3944, or 0ktapus. This threat actor has demonstrated a versatile arsenal of tactics, techniques, and procedures (TTPs) in end-to-end attacks targeting organizations across various sectors. Octo Tempest’s methodology typically begins with initial…
Emerging Cloaking-as-a-Service Offerings are Changing Phishing Landscape

Jul 17, 2025 9:41 PM

Tags: ai, detection, malicious, phishing, scam, service, tactics, threat, tool

Threat actors are using anti-box tools, AI, and cloaking-as-a-service tactics to bypass security tools by showing a phishing or other malicious site to targets and harmless ones to detection and blocking tools, techniques that SlashNext researchers say are reshaping how such scams are run. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/emerging-cloaking-as-a-service-offerings-are-changing-phishing-landscape/
Microsoft Exposes Scattered Spider’s Latest Tactics

Jul 17, 2025 12:40 PM

Tags: cloud, infrastructure, microsoft, tactics

Microsoft has reported Scattered Spider continues to evolve tactics to compromise both on-premises infrastructure and cloud environments First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-exposes-scattered/
Scattered Spider expands its roster of tactics in recent hacks

Jul 16, 2025 6:40 PM

Tags: cybercrime, group, microsoft, tactics

Microsoft researchers warn they are seeing changing patterns as the cybercrime group has started trying to hack airlines and other industries after targeting retailers and insurers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/scattered-spider-expands-tactics-recent-hacks/753220/
NimDoor MacOS Malware Abuses Zoom SDK Updates to Steal Keychain Credentials

Jul 16, 2025 1:42 PM

Tags: credentials, crypto, cyber, exploit, macOS, malware, north-korea, social-engineering, tactics, threat, update

SentinelOne researchers have discovered NimDoor, a sophisticated MacOS malware campaign ascribed to North Korean-affiliated attackers, most likely the Stardust Chollima gang, in a notable increase in cyber threats targeting the bitcoin industry. Active since at least April 2025, NimDoor exploits social engineering tactics by masquerading as Zoom SDK updates to infiltrate Web3 and crypto organizations,…
7 obsolete security practices that should be terminated immediately

Jul 16, 2025 9:40 AM

Tags: access, advisory, antivirus, api, attack, authentication, awareness, breach, business, cloud, compliance, control, cybersecurity, data, defense, detection, edr, endpoint, exploit, google, grc, identity, infrastructure, iot, linkedin, mfa, microsoft, mobile, monitoring, network, office, password, phishing, phone, ransomware, risk, service, siem, social-engineering, strategy, tactics, technology, threat, tool, training, unauthorized, update, vpn, vulnerability, zero-trust

2. Taking a compliance-driven approach to security: Too many teams let compliance drive their security programs, focusing more on checking boxes than solving actual cybersecurity challenges, says George Gerchow, CSO at data security services firm Bedrock Security. He notes that many enterprises drive to meet compliance standards, yet still suffer serious breaches. The reason? They…
Experts unpack the biggest cybersecurity surprises of 2025

Jul 16, 2025 7:40 AM

Tags: attack, cybersecurity, group, tactics, threat

2025 has been a busy year for cybersecurity. From unexpected attacks to new tactics by threat groups, a lot has caught experts off guard. We asked cybersecurity leaders to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/16/biggest-cybersecurity-surprises-2025/
Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack

Jul 15, 2025 11:40 PM

Tags: android, attack, malicious, malware, phishing, tactics

Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users. First seen on hackread.com Jump to article: hackread.com/fake-telegram-apps-domains-android-malware-attack/
North Korean Hackers Exploit Zoom Invites in Attacks on Crypto Companies

Jul 15, 2025 1:40 PM

Tags: attack, blockchain, crypto, cyber, cybersecurity, data-breach, exploit, hacker, jobs, malware, north-korea, phishing, spear-phishing, tactics, threat

Cybersecurity firm SentinelOne has exposed an ongoing malware campaign orchestrated by North Korean threat actors, known for their persistent >>fake interview
SLOW#TEMPEST Hackers Adopt New Evasion Tactics to Bypass Detection Systems

Jul 11, 2025 8:40 PM

Tags: cyber, detection, hacker, malicious, malware, tactics, threat

Security researchers have uncovered a sophisticated evolution in the SLOW#TEMPEST malware campaign, where threat actors are deploying innovative obfuscation methods to evade detection and complicate analysis. This variant, distributed via an ISO file containing a mix of benign and malicious components, leverages DLL sideloading through a legitimate signed binary, DingTalk.exe, to load a malicious DLL…
Qilin Leads in Exploiting Unpatched Fortinet Vulnerabilities

Jul 11, 2025 7:40 PM

Tags: attack, cyber, data, exploit, extortion, fortinet, group, ransomware, tactics, vulnerability

The Qilin group has surged to prominence by aggressively exploiting critical vulnerabilities in Fortinet devices, underscoring a broader trend of sophisticated cyber extortion tactics targeting data-dependent sectors. Global ransomware victims dropped to 463, a 15% decline from May’s 545, yet the intensity of attacks remained high, with Qilin claiming 81 victims through opportunistic intrusions leveraging…
Anatomy of a Scattered Spider attack: A growing ransomware threat evolves

Jul 11, 2025 9:40 AM

Tags: access, attack, authentication, business, cloud, control, data, detection, endpoint, exploit, finance, firewall, group, iam, identity, incident response, infrastructure, mfa, microsoft, monitoring, ransomware, social-engineering, tactics, technology, threat, tool, vulnerability

Ensuing battle over IT resources: Despite the stealth of the attack incident response defenders at the compromised company detected the attack and began to fight back, setting up a tug-of-war to establish control over the organization’s IT resources. In response, Scattered Spider abandoned attempts at covert infiltration and began an aggressive attempt to disrupt business…
DHS Tells Police That Common Protest Activities Are ‘Violent Tactics’

Jul 11, 2025 12:40 AM

Tags: law, tactics

DHS is urging law enforcement to treat even skateboarding and livestreaming as signs of violent intent during a protest, turning everyday behavior into a pretext for police action. First seen on wired.com Jump to article: www.wired.com/story/dhs-tells-police-that-common-protest-activities-are-violent-tactics/
Browser Exploits Wane As Users Become The Attack Surface

Jul 10, 2025 2:40 PM

Tags: attack, exploit, tactics

For browsers, exploitation is out, getting users to compromise their own systems is in. Improved browser security has forced attackers to adapt their tactics, and they’ve accepted the challenge. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/browser-exploits-wane-users-become-attack-surface
SQL Injection Prevention: 6 Ways to Protect Your Stack

Jul 9, 2025 9:40 PM

Tags: attack, injection, sql, tactics

SQL injection is a code injection technique that can expose your data. Learn 5 proven tactics to prevent attacks and secure your applications. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/how-to-prevent-sql-injection-attacks/
Trend Micro flags BERT: A rapidly growing ransomware threat

Jul 9, 2025 6:39 PM

Tags: ceo, cybersecurity, data, edr, email, group, healthcare, malware, phishing, phone, radius, ransom, ransomware, tactics, threat, tool

Low-code, high impact: BERT is not an isolated development, it is part of a growing wave of emerging ransomware groups that are proving both capable and elusive. In just the last three to four months, cybersecurity researchers have identified multiple new ransomware families that signal a shift toward leaner, low-code, and faster malware operations.For instance,…
French intel chief warns of evolving Russian hybrid operations, ‘existential threat’ to Europe

Jul 9, 2025 6:39 PM

Tags: intelligence, russia, tactics, threat

DGSE intelligence head Nicolas Lerner said Moscow’s tactics are evolving and increasingly include on-the-ground activities carried out by paid operatives. First seen on therecord.media Jump to article: therecord.media/french-intelligence-chief-russia-threat