Tag: tactics

From Cipher to Fear: The psychology behind modern ransomware extortion

Jan 27, 2026 5:23 PM

Tags: breach, data, encryption, exploit, extortion, group, psychology, ransomware, tactics

Modern ransomware has shifted from encryption to psychological extortion that exploits fear, liability, and exposure. Flare shows how today’s ransomware groups weaponize stolen data and pressure tactics to force payment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/from-cipher-to-fear-the-psychology-behind-modern-ransomware-extortion/
ShinyHunters Group Targets Over 100 Enterprises, Including Canva, Atlassian, and Epic Games

Jan 27, 2026 4:21 PM

Tags: cyber, group, identity, infrastructure, okta, phishing, tactics, theft, threat

A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered Spider, LAPSUS$, and ShinyHunters. A sophisticated identity-theft campaign has emerged, targeting Single Sign-On (SSO) platforms particularly Okta across more than 100 high-value enterprises. Unlike automated phishing campaigns, this operation is human-led. It relies on voice…
CISA Urges Public to Stay Alert Against Rising Natural Disaster Scams

Jan 27, 2026 4:21 PM

Tags: advisory, cisa, cyber, cybersecurity, infrastructure, malicious, risk, scam, social-engineering, tactics, threat, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster victims. As natural disasters strike communities, threat actors capitalize on the chaos and emotional vulnerability of affected populations by deploying sophisticated social engineering tactics disguised as legitimate relief efforts. According to…
Malicious PyPI Package Impersonates sympy-dev, Targeting Millions of Users

Jan 22, 2026 11:30 AM

Tags: attack, cyber, malicious, malware, pypi, supply-chain, tactics

A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating SymPy, one of the world’s most widely used symbolic mathematics libraries. The fraudulent package employs sophisticated typosquatting tactics and multi-stage execution to deliver cryptomining malware while avoiding detection. The malicious sympy-dev package directly copies SymPy’s official project…
NDSS 2025 Dissecting Payload-Based Transaction Phishing On Ethereum

Jan 21, 2026 9:14 PM

Tags: conference, data, detection, Internet, malicious, network, phishing, scam, tactics, threat

Authors, Creators & Presenters: Zhuo Chen (Zhejiang University), Yufeng Hu (Zhejiang University), Bowen He (Zhejiang University), Dong Luo (Zhejiang University), Lei Wu (Zhejiang University), Yajin Zhou (Zhejiang University) PAPER Dissecting Payload-Based Transaction Phishing On Ethereum In recent years, a more advanced form of phishing has arisen on Ethereum, surpassing early-stage, simple transaction phishing. This new…
China-linked APT UAT-8837 targets North American critical infrastructure

Jan 17, 2026 6:14 PM

Tags: apt, china, cisco, group, infrastructure, tactics, threat, usa

Cisco Talos says a China-linked group, tracked as UAT-8837, has targeted North American critical infrastructure since last year. Cisco Talos reports that threat group UAT-8837, likely linked to China, has targeted critical infrastructure in North America since at least last year. The activity shows tactics overlapping with known China-linked clusters. >>Cisco Talos is closely tracking…
‘Dual-channel’ attacks are the new face of BEC in 2026

Jan 13, 2026 8:02 PM

Tags: attack, business, cyber, email, tactics, threat

Business email compromise remains a significant threat as cyber fraudsters deploy a more diverse range of tactics against their potential victims, according to a report. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637242/Dual-channel-attacks-are-the-new-face-of-BEC-in-2026
AI-Powered Crypto Scams Drive Record $17B Losses in 2025

Jan 13, 2026 5:02 PM

Tags: ai, crypto, scam, tactics

Research by Chainalysis reveals that AI-powered impersonation tactics have exploded by an unprecedented 1,400% year-over-year. The post AI-Powered Crypto Scams Drive Record $17B Losses in 2025 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-2025-crypto-scam-losses/
Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials

Jan 9, 2026 7:02 PM

Tags: access, attack, credentials, cyber, encryption, exploit, incident response, ransomware, tactics, tool, vpn, vulnerability

Arctic Wolf Labs has uncovered a new ransomware variant dubbed >>Fog<< striking US organizations, primarily in education and recreation, through hijacked VPN access. First spotted on May 2, 2024, the attacks highlight vulnerabilities in remote access tools and the rapid encryption tactics used to exploit them."‹ Arctic Wolf's Incident Response team investigated multiple cases starting…
Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials

Jan 9, 2026 7:02 PM

Tags: access, attack, credentials, cyber, encryption, exploit, incident response, ransomware, tactics, tool, vpn, vulnerability

Arctic Wolf Labs has uncovered a new ransomware variant dubbed >>Fog<< striking US organizations, primarily in education and recreation, through hijacked VPN access. First spotted on May 2, 2024, the attacks highlight vulnerabilities in remote access tools and the rapid encryption tactics used to exploit them."‹ Arctic Wolf's Incident Response team investigated multiple cases starting…
PeekBoo! ðŸ«£ Emoji Smuggling and Modern LLMs FireTail Blog

Jan 9, 2026 3:01 PM

Tags: ai, computer, control, cybersecurity, data, exploit, injection, LLM, malicious, monitoring, risk, social-engineering, tactics, threat, tool, vulnerability

Jan 09, 2026 – Viktor Markopoulos – We often trust what we see. In cybersecurity, we are trained to look for suspicious links, strange file extensions, or garbled code. But what if the threat looked exactly like a smiling face sent by a colleague?Based on research by Paul Butler and building on FireTail’s previous disclosures…
PeekBoo! ðŸ«£ Emoji Smuggling and Modern LLMs FireTail Blog

Jan 9, 2026 3:01 PM

Tags: ai, computer, control, cybersecurity, data, exploit, injection, LLM, malicious, monitoring, risk, social-engineering, tactics, threat, tool, vulnerability

Jan 09, 2026 – Viktor Markopoulos – We often trust what we see. In cybersecurity, we are trained to look for suspicious links, strange file extensions, or garbled code. But what if the threat looked exactly like a smiling face sent by a colleague?Based on research by Paul Butler and building on FireTail’s previous disclosures…
GenDigital Research Exposes AuraStealer Infostealer Tactics

Jan 8, 2026 9:01 PM

Tags: data, tactics, windows

GenDigital researchers reveal how AuraStealer uses advanced evasion and a MaaS model to steal data from Windows systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/gendigital-research-exposes-aurastealer-infostealer-tactics/
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
How CIOs can brace for AI-fueled cyberthreats

Jan 8, 2026 6:03 PM

Tags: ai, cio, cyber, tactics

Executives are carefully tracking the rise in AI use for cyberthreats, bolstering basic preparedness tactics and increasing cyber spend in response. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/how-cios-can-brace-for-ai-fueled-cyberthreats/809093/
Top cyber threats to your AI systems and infrastructure

Jan 8, 2026 9:01 AM

Tags: ai, api, attack, best-practice, business, chatgpt, ciso, cloud, cyber, cybersecurity, data, defense, detection, exploit, framework, governance, hacker, infrastructure, injection, intelligence, LLM, malicious, mitre, monitoring, open-source, RedTeam, risk, sans, service, skills, software, strategy, supply-chain, tactics, theft, threat, tool, training, unauthorized, usa, vulnerability

Data poisoning Data poisoning is a type of attack in which bad actorsmanipulate, tamper with, and pollute the data used to develop or train AI systems, including machine learning models. By corrupting the data or introducing faulty data, attackers can alter, bias, or otherwise render inaccurate a model’s performance.Imagine an attack that tells a model…
Chinese Hackers Use NFC-Enabled Android Malware to Steal Payment Information

Jan 7, 2026 10:02 PM

Tags: android, china, cyber, data, group, hacker, malicious, malware, nfc, social-engineering, tactics, threat

Chinese threat actors are conducting an aggressive campaign that distributes NFC-enabled Android malware capable of intercepting and remotely relaying payment card data via Telegram. Identified as >>Ghost Tap<< and linked to threat groups including TX-NFC and NFU Pay, the malicious applications employ social engineering tactics to deceive users into installing APKs and unknowingly facilitating fraudulent…
CrazyHunter Ransomware Targets Healthcare Sector Using Sophisticated Evasion Tactics

Jan 7, 2026 10:02 PM

Tags: cyber, cybercrime, healthcare, malware, network, ransomware, tactics, threat

A sophisticated new ransomware variant, CrazyHunter, has emerged as a critical threat to the healthcare sector, employing advanced anti-malware evasion techniques and rapid network propagation that have security researchers deeply concerned. Trellix, which has been actively tracking this threat since its initial appearance, reports that the ransomware represents a significant evolution in cybercriminal tactics targeting…
Hackers Create Fake DocuSign Login Page to Steal User Credentials

Jan 7, 2026 9:52 AM

Tags: attack, credentials, crime, cyber, cybercrime, detection, hacker, Internet, login, phishing, social-engineering, tactics, threat

Phishing attacks continue to dominate the cybercrime landscape as threat actors refine their social engineering tactics to evade detection systems. The FBI’s Internet Crime Complaint Center (IC3) recorded 193,407 phishing and spoofing complaints in 2024, making it the year’s top cybercrime category and contributing to a staggering $16.6 billion in rep. Phishing attacks continue to…
8 things CISOs can’t afford to get wrong in 2026

Jan 7, 2026 8:52 AM

Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust

“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
Is GenAI Leaving Two-Thirds of Security Teams Behind?

Jan 6, 2026 5:52 PM

Tags: ai, network, tactics, threat

Security teams have a singular goal: detect and stop threats from disrupting business. Attackers change tactics and networks evolve constantly, but defenders are the ones who will always bear the burden. Businesses are heavily adopting AI to become more efficient, scale, and augment the human workforce, yet defenders must figure out how to secure any..…
Why governments need to treat fraud like cyberwarfare, not customer service

Jan 6, 2026 1:52 PM

Tags: business, finance, fraud, government, service, tactics

For too long, fraud an illicit economy rivaling the GDP of G20 nations has been seen as a cost of doing business, a nuisance to be absorbed by banks and consumers. That perception is a dangerous relic. Modern fraud blends geopolitics with advanced technical tactics, carried out through criminal proxies to target businesses […] First…
How Protesters Became Content for the Cops

Jan 2, 2026 12:51 PM

Tags: tactics

The tactics behind protest policing are changing”, from one of cooperation to intentional antagonism for political marketing purposes. First seen on wired.com Jump to article: www.wired.com/story/expired-tired-wired-protest-surveillance/
Top 10 Cybersecurity Predictions for 2026

Jan 1, 2026 10:52 AM

Tags: access, ai, api, application-security, attack, authentication, automation, awareness, backdoor, backup, best-practice, blockchain, breach, business, ceo, china, ciso, cloud, communications, compliance, computer, computing, conference, control, corporate, crypto, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, email, encryption, espionage, exploit, extortion, finance, fraud, governance, government, group, hacker, hacking, healthcare, identity, incident response, infrastructure, intelligence, Internet, iran, korea, law, linkedin, LLM, malicious, malware, mfa, military, monitoring, msp, mssp, network, nist, north-korea, organized, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, russia, scam, service, skills, soc, social-engineering, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, ukraine, update, vulnerability, vulnerability-management, warfare, windows, zero-day

Top 10 Cybersecurity Predictions for 2026 The year AI changes cybersecurity forever Cybersecurity predictions are an opportunity to look forward instead of back, to be proactive instead of reactive, and to consider how changes in attackers, technology, and the security industry will impact the sustainability of managing cyber risks. Gaining future insights to the threats, targets,…
Security coverage is falling behind the way attackers behave

Dec 31, 2025 6:51 AM

Tags: cybercrime, tactics

Cybercriminals keep tweaking their procedures, trying out new techniques, and shifting tactics across campaigns. Coverage that worked yesterday may miss how those behaviors … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/31/cybercriminals-activity-behavior/
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Dec 22, 2025 1:19 PM

Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorized

Tools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Dec 22, 2025 1:19 PM

Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorized

Tools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
FBI says ‘ongoing’ deepfake impersonation of U.S. gov officials dates back to 2023

Dec 19, 2025 10:19 PM

Tags: deep-fake, tactics, update

The update also includes new details around the specific tactics and talking points impersonators use to ensnare victims. First seen on cyberscoop.com Jump to article: cyberscoop.com/fbi-says-ongoing-deepfake-impersonation-of-us-officials-dates-back-to-2023/
FTC: Instacart to refund $60M over deceptive subscription tactics

Dec 19, 2025 11:19 AM

Tags: finance, service, tactics

Grocery delivery service Instacart will refund $60 million to settle FTC claims that it misled customers with false advertising and unlawfully enrolled them in paid subscriptions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/instacart-to-refund-60m-over-deceptive-subscription-tactics/