Tag: tactics
-
Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack
Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users. First seen on hackread.com Jump to article: hackread.com/fake-telegram-apps-domains-android-malware-attack/
-
North Korean Hackers Exploit Zoom Invites in Attacks on Crypto Companies
Tags: attack, blockchain, crypto, cyber, cybersecurity, data-breach, exploit, hacker, jobs, malware, north-korea, phishing, spear-phishing, tactics, threatCybersecurity firm SentinelOne has exposed an ongoing malware campaign orchestrated by North Korean threat actors, known for their persistent >>fake interview
-
SLOW#TEMPEST Hackers Adopt New Evasion Tactics to Bypass Detection Systems
Security researchers have uncovered a sophisticated evolution in the SLOW#TEMPEST malware campaign, where threat actors are deploying innovative obfuscation methods to evade detection and complicate analysis. This variant, distributed via an ISO file containing a mix of benign and malicious components, leverages DLL sideloading through a legitimate signed binary, DingTalk.exe, to load a malicious DLL…
-
Qilin Leads in Exploiting Unpatched Fortinet Vulnerabilities
The Qilin group has surged to prominence by aggressively exploiting critical vulnerabilities in Fortinet devices, underscoring a broader trend of sophisticated cyber extortion tactics targeting data-dependent sectors. Global ransomware victims dropped to 463, a 15% decline from May’s 545, yet the intensity of attacks remained high, with Qilin claiming 81 victims through opportunistic intrusions leveraging…
-
DHS Tells Police That Common Protest Activities Are ‘Violent Tactics’
DHS is urging law enforcement to treat even skateboarding and livestreaming as signs of violent intent during a protest, turning everyday behavior into a pretext for police action. First seen on wired.com Jump to article: www.wired.com/story/dhs-tells-police-that-common-protest-activities-are-violent-tactics/
-
Browser Exploits Wane As Users Become The Attack Surface
For browsers, exploitation is out, getting users to compromise their own systems is in. Improved browser security has forced attackers to adapt their tactics, and they’ve accepted the challenge. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/browser-exploits-wane-users-become-attack-surface
-
SQL Injection Prevention: 6 Ways to Protect Your Stack
SQL injection is a code injection technique that can expose your data. Learn 5 proven tactics to prevent attacks and secure your applications. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/how-to-prevent-sql-injection-attacks/
-
Trend Micro flags BERT: A rapidly growing ransomware threat
Low-code, high impact: BERT is not an isolated development, it is part of a growing wave of emerging ransomware groups that are proving both capable and elusive. In just the last three to four months, cybersecurity researchers have identified multiple new ransomware families that signal a shift toward leaner, low-code, and faster malware operations.For instance,…
-
French intel chief warns of evolving Russian hybrid operations, ‘existential threat’ to Europe
DGSE intelligence head Nicolas Lerner said Moscow’s tactics are evolving and increasingly include on-the-ground activities carried out by paid operatives. First seen on therecord.media Jump to article: therecord.media/french-intelligence-chief-russia-threat
-
XwormRAT Hackers Leverage Code Injection for Sophisticated Malware Deployment
A sophisticated new distribution method for XwormRAT malware that leverages steganography techniques to hide malicious code within legitimate files. This discovery highlights the evolving tactics of cybercriminals who are increasingly using advanced obfuscation methods to bypass security detection systems and deceive unsuspecting users. The latest XwormRAT campaign represents a significant evolution in malware distribution methodology,…
-
Hackers Manipulate Search Results to Target IT Pros with Trojanized PuTTY and WinSCP
Arctic Wolf has uncovered a cunning cybersecurity threat that exploits search engine optimization (SEO) poisoning and malvertising tactics to distribute Trojanized versions of widely used IT tools such as PuTTY and WinSCP. This campaign cunningly targets IT professionals and system administrators, individuals who frequently rely on these tools for secure file transfers and remote system…
-
AiLock Ransomware Emerges with Hybrid Encryption Tactics: ChaCha20 Meets NTRUEncrypt
The AiLock ransomware organization, which Zscaler first discovered in March 2025, has become a powerful force in the ransomware-as-a-service (RaaS) market, which is a frightening trend for cybersecurity professionals. This malicious entity operates with a sophisticated structure, leveraging both a negotiation site to extract ransoms from victims and a Data Leak Site (DLS) to threaten…
-
Inside the ZIP Trap: How APT36 Targets BOSS Linux to Exfiltrate Critical Data
CYFIRMA has uncovered a highly sophisticated cyber-espionage campaign orchestrated by APT36, also known as Transparent Tribe, a Pakistan-based threat actor with a notorious history of targeting Indian defense and government sectors. This latest operation marks a significant shift in tactics, as APT36 adapts its arsenal to infiltrate Linux-based environments, specifically focusing on BOSS Linux, a…
-
Scattered Spider Enhances Tactics to Exploit Legitimate Tools for Evasion and Persistence
Scattered Spider, also tracked under aliases such as UNC3944, Scatter Swine, and Muddled Libra, has emerged as a formidable financially motivated cybercriminal group since at least May 2022. Initially known for targeting telecommunications and tech firms with phishing and SIM-swapping campaigns, the group has significantly evolved, orchestrating full-spectrum, multi-stage intrusions across both cloud and on-premises…
-
Massive Android Ad Fraud ‘IconAds’ Uses Google Play to Target and Exploit Users
HUMAN’s Satori Threat Intelligence and Research Team has dismantled a sprawling ad fraud operation named IconAds, which infiltrated the Google Play Store with 352 malicious apps. At its peak, this scheme generated a staggering 1.2 billion bid requests daily, flooding users’ screens with out-of-context ads while employing cunning tactics to hide app icons and obscure…
-
Scattered Spider Tactics Include Data Theft, Extortion: CrowdStrike
Threat researchers from CrowdStrike are pointing to Scattered Spider’s focus on more than just traditional ransomware attacks, as experts have separately linked the threat group to a data theft attack against Australian airline Qantas. First seen on crn.com Jump to article: www.crn.com/news/security/2025/scattered-spider-tactics-include-data-theft-extortion-crowdstrike
-
TA829 Hackers Use New TTPs and Enhanced RomCom Backdoor to Evade Detection
The cybercriminal group TA829, also tracked under aliases like RomCom, Void Rabisu, and Tropical Scorpius, has been observed deploying sophisticated tactics, techniques, and procedures (TTPs) alongside an updated version of its infamous RomCom backdoor, now dubbed SingleCamper (aka SnipBot). This group, known for blending financially motivated cybercrime with espionage campaigns often aligned with Russian state…
-
TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns
Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader.Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829. The latter is also…
-
New Report Uncovers Major Overlaps in Cybercrime and State-Sponsored Espionage
Proofpoint has identified similarities between the tactics of a pro-Russian cyber espionage group and a cybercriminal gang First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/major-overlaps-cybercrime-espionage/
-
Stealthy WordPress Malware Uses PHP Backdoor to Deliver Windows Trojan
A sophisticated malware campaign targeting WordPress websites has recently been uncovered, showcasing an intricate and stealthy approach to delivering a Windows-based trojan. This attack, which operates beneath the surface of seemingly clean websites, employs a layered infection chain involving PHP-based droppers, obfuscated code, and IP-based evasion tactics to distribute a malicious payload named client32.exe. Hidden…
-
North Korean IT Workers Employ New Tactics to Infiltrate Global Organizations
Tags: ai, china, cyber, intelligence, korea, microsoft, north-korea, russia, tactics, technology, threat, toolMicrosoft Threat Intelligence has uncovered a sophisticated operation by North Korean remote IT workers who are leveraging cutting-edge artificial intelligence (AI) tools to infiltrate organizations worldwide. Since at least 2020, these highly skilled individuals, often based in North Korea, China, and Russia, have been targeting technology-related roles across various industries to generate revenue for the…
-
How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
This article shares initial findings from internal Bitdefender Labs research into Living off the Land (LOTL) techniques. Our team at Bitdefender Labs, comprised of hundreds of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/01/bitdefender-lotl-security-incidents-phasr/
-
Scattered Spider hackers shift focus to aviation, transportation firms
Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/scattered-spider-hackers-shift-focus-to-aviation-transportation-firms/

