Tag: tactics

Cybercriminals Merge Android Malware with Click Fraud Apps to Harvest Credentials

Jul 22, 2025 11:42 AM

Tags: android, credentials, cyber, cybercrime, data, exploit, fraud, login, malicious, malware, social-engineering, tactics

Researchers uncovered an active Android malware cluster that ingeniously combines brand impersonation with traffic monetization tactics, targeting users across multiple regions. These malicious Android Package Kit (APK) files exploit social engineering and off-market distribution channels to evade traditional security measures, preying on user trust to exfiltrate sensitive data such as login credentials. The campaign deploys…
Financial Institutions Under Siege by Greedy Sponge Hackers’ Modified AllaKore RAT

Jul 22, 2025 10:40 AM

Tags: access, control, cyber, finance, group, hacker, infrastructure, rat, tactics, threat

A financially motivated threat actor, now identified as Greedy Sponge, has been relentlessly targeting Mexican organizations with a customized version of the AllaKore Remote Access Trojan (RAT). Named for its monetary focus and a past reference to a popular “SpongeBob” meme on its command-and-control (C2) infrastructure, this group has evolved its tactics over the years.…
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

Jul 21, 2025 6:40 AM

Tags: attack, crypto, service, tactics

A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive. Although the service has since shuttered after browser makers took steps to ban miner-related apps and add-ons, researchers from the c/side said they found evidence of…
SquidLoader Malware Campaign Hits Hong Kong Financial Firms

Jul 20, 2025 6:40 PM

Tags: finance, malware, service, tactics

Trellix exposes SquidLoader malware targeting Hong Kong, Singapore, and Australia’s financial service institutions. Learn about its advanced evasion tactics and stealthy attacks. First seen on hackread.com Jump to article: hackread.com/squidloader-malware-hits-hong-kong-financial-firms/
EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware

Jul 20, 2025 6:40 PM

Tags: ai, cybersecurity, jobs, malware, tactics, threat

The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that’s targeting Web3 developers to infect them with information stealer malware.”LARVA-208 has evolved its tactics, using fake AI platforms (e.g., Norlax AI, mimicking Teampilot) to lure victims with job offers or portfolio review requests,” Swiss…
Lumma Infostealer Steals Browser Data and Sells It as Logs on Underground Markets

Jul 18, 2025 9:40 PM

Tags: authentication, credentials, crypto, cyber, data, login, malware, phishing, social-engineering, tactics, threat

Infostealers are specialized malware variants that routinely steal large amounts of sensitive data from compromised systems. This includes session tokens, login credentials, cryptocurrency wallet information, personally identifiable information (PII), multifactor authentication (MFA) artifacts, and pretty much any data stored in a browser. These threats propagate via phishing operations, social engineering tactics, malvertising, and SEO-manipulated campaigns,…
Hackers Exploit ClickFix Tactics to Spread NetSupport RAT, Latrodectus, and Lumma Stealer

Jul 18, 2025 12:42 PM

Tags: computer, cyber, exploit, hacker, malicious, malware, rat, social-engineering, tactics

Attackers are increasingly leveraging the ClickFix social engineering technique to distribute potent malware families, including NetSupport RAT, Latrodectus, and Lumma Stealer. This method, which emerged prominently in recent months, tricks users into executing malicious commands under the guise of resolving common computer issues like performance glitches or verification prompts. By hijacking the clipboard through JavaScript…
Microsoft Uncovers Scattered Spider Tactics, Techniques, and Procedures in Recent Attacks

Jul 18, 2025 12:42 PM

Tags: attack, cyber, cybercrime, group, microsoft, tactics, threat

Microsoft has shed light on the sophisticated operations of Octo Tempest, a financially motivated cybercriminal group alternatively known as Scattered Spider, Muddled Libra, UNC3944, or 0ktapus. This threat actor has demonstrated a versatile arsenal of tactics, techniques, and procedures (TTPs) in end-to-end attacks targeting organizations across various sectors. Octo Tempest’s methodology typically begins with initial…
Emerging Cloaking-as-a-Service Offerings are Changing Phishing Landscape

Jul 17, 2025 9:41 PM

Tags: ai, detection, malicious, phishing, scam, service, tactics, threat, tool

Threat actors are using anti-box tools, AI, and cloaking-as-a-service tactics to bypass security tools by showing a phishing or other malicious site to targets and harmless ones to detection and blocking tools, techniques that SlashNext researchers say are reshaping how such scams are run. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/emerging-cloaking-as-a-service-offerings-are-changing-phishing-landscape/
Microsoft Exposes Scattered Spider’s Latest Tactics

Jul 17, 2025 12:40 PM

Tags: cloud, infrastructure, microsoft, tactics

Microsoft has reported Scattered Spider continues to evolve tactics to compromise both on-premises infrastructure and cloud environments First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-exposes-scattered/
Scattered Spider expands its roster of tactics in recent hacks

Jul 16, 2025 6:40 PM

Tags: cybercrime, group, microsoft, tactics

Microsoft researchers warn they are seeing changing patterns as the cybercrime group has started trying to hack airlines and other industries after targeting retailers and insurers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/scattered-spider-expands-tactics-recent-hacks/753220/
NimDoor MacOS Malware Abuses Zoom SDK Updates to Steal Keychain Credentials

Jul 16, 2025 1:42 PM

Tags: credentials, crypto, cyber, exploit, macOS, malware, north-korea, social-engineering, tactics, threat, update

SentinelOne researchers have discovered NimDoor, a sophisticated MacOS malware campaign ascribed to North Korean-affiliated attackers, most likely the Stardust Chollima gang, in a notable increase in cyber threats targeting the bitcoin industry. Active since at least April 2025, NimDoor exploits social engineering tactics by masquerading as Zoom SDK updates to infiltrate Web3 and crypto organizations,…
7 obsolete security practices that should be terminated immediately

Jul 16, 2025 9:40 AM

Tags: access, advisory, antivirus, api, attack, authentication, awareness, breach, business, cloud, compliance, control, cybersecurity, data, defense, detection, edr, endpoint, exploit, google, grc, identity, infrastructure, iot, linkedin, mfa, microsoft, mobile, monitoring, network, office, password, phishing, phone, ransomware, risk, service, siem, social-engineering, strategy, tactics, technology, threat, tool, training, unauthorized, update, vpn, vulnerability, zero-trust

2. Taking a compliance-driven approach to security: Too many teams let compliance drive their security programs, focusing more on checking boxes than solving actual cybersecurity challenges, says George Gerchow, CSO at data security services firm Bedrock Security. He notes that many enterprises drive to meet compliance standards, yet still suffer serious breaches. The reason? They…
Experts unpack the biggest cybersecurity surprises of 2025

Jul 16, 2025 7:40 AM

Tags: attack, cybersecurity, group, tactics, threat

2025 has been a busy year for cybersecurity. From unexpected attacks to new tactics by threat groups, a lot has caught experts off guard. We asked cybersecurity leaders to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/16/biggest-cybersecurity-surprises-2025/
Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack

Jul 15, 2025 11:40 PM

Tags: android, attack, malicious, malware, phishing, tactics

Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users. First seen on hackread.com Jump to article: hackread.com/fake-telegram-apps-domains-android-malware-attack/
North Korean Hackers Exploit Zoom Invites in Attacks on Crypto Companies

Jul 15, 2025 1:40 PM

Tags: attack, blockchain, crypto, cyber, cybersecurity, data-breach, exploit, hacker, jobs, malware, north-korea, phishing, spear-phishing, tactics, threat

Cybersecurity firm SentinelOne has exposed an ongoing malware campaign orchestrated by North Korean threat actors, known for their persistent >>fake interview
SLOW#TEMPEST Hackers Adopt New Evasion Tactics to Bypass Detection Systems

Jul 11, 2025 8:40 PM

Tags: cyber, detection, hacker, malicious, malware, tactics, threat

Security researchers have uncovered a sophisticated evolution in the SLOW#TEMPEST malware campaign, where threat actors are deploying innovative obfuscation methods to evade detection and complicate analysis. This variant, distributed via an ISO file containing a mix of benign and malicious components, leverages DLL sideloading through a legitimate signed binary, DingTalk.exe, to load a malicious DLL…
Qilin Leads in Exploiting Unpatched Fortinet Vulnerabilities

Jul 11, 2025 7:40 PM

Tags: attack, cyber, data, exploit, extortion, fortinet, group, ransomware, tactics, vulnerability

The Qilin group has surged to prominence by aggressively exploiting critical vulnerabilities in Fortinet devices, underscoring a broader trend of sophisticated cyber extortion tactics targeting data-dependent sectors. Global ransomware victims dropped to 463, a 15% decline from May’s 545, yet the intensity of attacks remained high, with Qilin claiming 81 victims through opportunistic intrusions leveraging…
Anatomy of a Scattered Spider attack: A growing ransomware threat evolves

Jul 11, 2025 9:40 AM

Tags: access, attack, authentication, business, cloud, control, data, detection, endpoint, exploit, finance, firewall, group, iam, identity, incident response, infrastructure, mfa, microsoft, monitoring, ransomware, social-engineering, tactics, technology, threat, tool, vulnerability

Ensuing battle over IT resources: Despite the stealth of the attack incident response defenders at the compromised company detected the attack and began to fight back, setting up a tug-of-war to establish control over the organization’s IT resources. In response, Scattered Spider abandoned attempts at covert infiltration and began an aggressive attempt to disrupt business…
DHS Tells Police That Common Protest Activities Are ‘Violent Tactics’

Jul 11, 2025 12:40 AM

Tags: law, tactics

DHS is urging law enforcement to treat even skateboarding and livestreaming as signs of violent intent during a protest, turning everyday behavior into a pretext for police action. First seen on wired.com Jump to article: www.wired.com/story/dhs-tells-police-that-common-protest-activities-are-violent-tactics/
Browser Exploits Wane As Users Become The Attack Surface

Jul 10, 2025 2:40 PM

Tags: attack, exploit, tactics

For browsers, exploitation is out, getting users to compromise their own systems is in. Improved browser security has forced attackers to adapt their tactics, and they’ve accepted the challenge. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/browser-exploits-wane-users-become-attack-surface
SQL Injection Prevention: 6 Ways to Protect Your Stack

Jul 9, 2025 9:40 PM

Tags: attack, injection, sql, tactics

SQL injection is a code injection technique that can expose your data. Learn 5 proven tactics to prevent attacks and secure your applications. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/how-to-prevent-sql-injection-attacks/
Trend Micro flags BERT: A rapidly growing ransomware threat

Jul 9, 2025 6:39 PM

Tags: ceo, cybersecurity, data, edr, email, group, healthcare, malware, phishing, phone, radius, ransom, ransomware, tactics, threat, tool

Low-code, high impact: BERT is not an isolated development, it is part of a growing wave of emerging ransomware groups that are proving both capable and elusive. In just the last three to four months, cybersecurity researchers have identified multiple new ransomware families that signal a shift toward leaner, low-code, and faster malware operations.For instance,…
French intel chief warns of evolving Russian hybrid operations, ‘existential threat’ to Europe

Jul 9, 2025 6:39 PM

Tags: intelligence, russia, tactics, threat

DGSE intelligence head Nicolas Lerner said Moscow’s tactics are evolving and increasingly include on-the-ground activities carried out by paid operatives. First seen on therecord.media Jump to article: therecord.media/french-intelligence-chief-russia-threat
XwormRAT Hackers Leverage Code Injection for Sophisticated Malware Deployment

Jul 9, 2025 6:39 PM

Tags: cyber, cybercrime, detection, hacker, injection, malicious, malware, tactics

A sophisticated new distribution method for XwormRAT malware that leverages steganography techniques to hide malicious code within legitimate files. This discovery highlights the evolving tactics of cybercriminals who are increasingly using advanced obfuscation methods to bypass security detection systems and deceive unsuspecting users. The latest XwormRAT campaign represents a significant evolution in malware distribution methodology,…
Hackers Manipulate Search Results to Target IT Pros with Trojanized PuTTY and WinSCP

Jul 8, 2025 9:34 PM

Tags: cyber, cybersecurity, exploit, hacker, malware, tactics, threat, tool

Arctic Wolf has uncovered a cunning cybersecurity threat that exploits search engine optimization (SEO) poisoning and malvertising tactics to distribute Trojanized versions of widely used IT tools such as PuTTY and WinSCP. This campaign cunningly targets IT professionals and system administrators, individuals who frequently rely on these tools for secure file transfers and remote system…
Researchers Reveal Scatter Spider’s Tools, Tactics, and Key Indicators

Jul 8, 2025 9:34 PM

Tags: attack, cyber, group, phishing, social-engineering, tactics, tool

Check Point Research has revealed important details about the phishing domain patterns and advanced attack techniques of the infamous Scattered Spider organization, which has brought a new wave of cyberthreats under close investigation. Known for their aggressive social engineering tactics, this financially motivated group active since at least 2022 and comprising young individuals aged 1922…
AiLock Ransomware Emerges with Hybrid Encryption Tactics: ChaCha20 Meets NTRUEncrypt

Jul 7, 2025 5:34 PM

Tags: cyber, cybersecurity, data, encryption, leak, malicious, ransom, ransomware, service, tactics

The AiLock ransomware organization, which Zscaler first discovered in March 2025, has become a powerful force in the ransomware-as-a-service (RaaS) market, which is a frightening trend for cybersecurity professionals. This malicious entity operates with a sophisticated structure, leveraging both a negotiation site to extract ransoms from victims and a Data Leak Site (DLS) to threaten…
Inside the ZIP Trap: How APT36 Targets BOSS Linux to Exfiltrate Critical Data

Jul 7, 2025 4:34 PM

Tags: cyber, data, defense, espionage, government, india, linux, tactics, threat

CYFIRMA has uncovered a highly sophisticated cyber-espionage campaign orchestrated by APT36, also known as Transparent Tribe, a Pakistan-based threat actor with a notorious history of targeting Indian defense and government sectors. This latest operation marks a significant shift in tactics, as APT36 adapts its arsenal to infiltrate Linux-based environments, specifically focusing on BOSS Linux, a…
Scattered Spider Enhances Tactics to Exploit Legitimate Tools for Evasion and Persistence

Jul 4, 2025 2:35 PM

Tags: cloud, cyber, cybercrime, exploit, group, phishing, tactics, tool

Scattered Spider, also tracked under aliases such as UNC3944, Scatter Swine, and Muddled Libra, has emerged as a formidable financially motivated cybercriminal group since at least May 2022. Initially known for targeting telecommunications and tech firms with phishing and SIM-swapping campaigns, the group has significantly evolved, orchestrating full-spectrum, multi-stage intrusions across both cloud and on-premises…