Collecting Cyber-News from over 60 sources

Tag: tactics

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

Apr 24, 2026 12:39 PM

Tags: malware, microsoft, social-engineering, tactics, threat

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.”As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT help desk employees, convincing their victim to accept a Microsoft Teams chat invitation from…
China-Linked Cyber Actors Turn to Massive Covert Botnets to Evade Detection

Apr 24, 2026 10:38 AM

Tags: advisory, botnet, china, cyber, cybersecurity, detection, international, malicious, network, tactics, threat

A newly issued cybersecurity advisory highlights an evolution in the tactics, techniques and procedures (TTPs) employed by China-Nexus threat actors. The report, released with support from the UK Cyber League and coordinated by the National Cyber Security Centre (NCSC-UK) alongside international partners, sheds light on how Chinese threat actors are relying on large-scale covert networks of compromised…
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

Apr 23, 2026 9:39 PM

Tags: malware, microsoft, social-engineering, tactics, threat

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.”As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an…
North Korean Fake IT Workers Infiltrate Firms to Dodge Sanctions

Apr 23, 2026 11:39 AM

Tags: crypto, cyber, infrastructure, international, north-korea, tactics, threat

North Korean threat actors are once again leveraging deceptive remote work schemes to infiltrate global organizations, using fake IT worker personas to generate revenue and bypass international sanctions. A recent investigation, triggered by cryptocurrency security researcher ZachXBT, sheds light on the infrastructure and tactics behind this evolving campaign. ZachXBT identified the domain luckyguys[.]site as being…
Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

Apr 23, 2026 5:39 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, detection, github, infection, intelligence, korea, login, malicious, malware, military, monitoring, network, open-source, service, tactics, threat, tool, windows

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample uncovered a campaign leveraging a multi-stage attack chain where a trojanized SumatraPDF reader deploys an AdaptixC2 Beacon agent, ultimately leading to the download and abuse of Visual Studio (VS) Code tunnels for…
Malicious pgserve, automagik developer tools found in npm registry

Apr 23, 2026 5:39 AM

Tags: access, attack, breach, cloud, control, corporate, credentials, crypto, data, firewall, github, infrastructure, least-privilege, malicious, malware, network, open-source, password, radius, risk, service, software, tactics, theft, threat, tool, worm

Advice to victimized developers: Developers who have downloaded the malicious versions of pgserver and automagik need to act fast, says Tanya Janca, head of Canadian secure coding consultancy SheHacksPurple.”Rotate every credential you can think of, right now, before you do anything else,” she said. “Then harden your CI/CD network egress controls so your build runners…
Google expands Gemini AI use to fight malicious ads on its platform

Apr 17, 2026 12:48 AM

Tags: ai, google, malicious, scam, tactics, threat

Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-expands-gemini-ai-use-to-fight-malicious-ads-on-its-platform/
China-linked cloud credential heist runs on typos and SMTP

Apr 14, 2026 3:52 PM

Tags: access, china, cloud, credentials, detection, espionage, infrastructure, linux, malicious, malware, mitre, monitoring, network, service, tactics, tool

Typosquatting for cloud-native espionage: The campaign relies heavily on deception, the researchers pointed out, using C2 domains closely resembling legitimate Alibaba Cloud services. The typosquatting approach allows malicious traffic to blend into routine cloud operations, specifically in environments where outbound filtering is absent.The implant used is an obfuscated ELF binary, with an executable designed for…
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses

Apr 14, 2026 2:51 PM

Tags: access, ai, api, attack, automation, cloud, credentials, crypto, data, github, guide, intelligence, kubernetes, linux, macOS, malicious, malware, open-source, pypi, risk, software, supply-chain, tactics, theft, tool, update, windows, worm

<div cla TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most activity focused on credential theft, host reconnaissance, and staged payload delivery. The quarter’s defining pattern was trust abuse: attackers succeeded by…
EDR Killers Broaden Ransomware Tactics, ESET Warns

Apr 13, 2026 8:52 AM

Tags: cyber, edr, ransomware, tactics, tool, vulnerability

Ransomware gangs are rapidly expanding their use of EDR killers, moving beyond vulnerable drivers to a broader mix of scripts, anti”‘rootkits, and driverless techniques. The company’s latest telemetry-backed study tracks almost 90 distinct EDR killers actively used in the wild. It warns that these tools have become a predictable, standard stage in modern ransomware operations. In…
Microsoft’s Copilot strategy is just more user abuse from Redmond, says Mozilla

Apr 12, 2026 1:52 PM

Tags: ai, browser, microsoft, strategy, tactics

Firefox maker warns old web tactics are now shaping AI at the expense of user choice First seen on theregister.com Jump to article: www.theregister.com/2026/04/10/mozilla_microsofts_copilot_strategy/
STX RAT Targets Finance Sector With Advanced Stealth Tactics

Apr 9, 2026 6:53 PM

Tags: access, finance, rat, tactics

STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/stx-rat-targets-finance-sector/
Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

Apr 8, 2026 11:52 PM

Tags: espionage, group, infrastructure, malware, phishing, russia, spear-phishing, tactics, ukraine

APT28 targets Ukraine and allies with PRISMEX malware, using stealthy techniques for espionage and command-and-control. Russia-linked group APT28 (aka UAC-0001, akaFancy Bear,Pawn Storm,Sofacy Group,Sednit,BlueDelta, andSTRONTIUM) is running a spear-phishing campaign against Ukraine and its allies, deploying a new malware suite called PRISMEX. Active since September 2025, the campaign uses advanced stealth techniques like steganography and…
Arelion employs NETSCOUT Arbor DDoS protection products

Apr 8, 2026 9:52 PM

Tags: ai, attack, automation, business, cyber, cyberattack, cybersecurity, ddos, defense, detection, government, infrastructure, intelligence, Internet, mitigation, monitoring, network, risk, router, service, strategy, tactics, technology, threat

“As a Tier-1 Internet carrier supporting the majority of global Internet traffic, this continued collaboration reflects our ongoing investment in best-of-breed network security solutions to protect the technology ecosystem. Our partnership combines Arelion’s global network performance and NETSCOUT’s leading Arbor DDoS attack protection solutions to provide world-class experiences for our customers.” Scott Nichols, Chief Commercial…
How botnet-driven DDoS attacks evolved in 2H 2025

Apr 8, 2026 8:52 PM

Tags: ai, attack, botnet, dark-web, ddos, defense, dns, finance, government, group, infrastructure, intelligence, international, Internet, iot, jobs, law, LLM, mitigation, network, resilience, risk, service, strategy, tactics, threat, tool, usa, vulnerability

Massive attack capacity: Demonstration attacks peaked at 30Tbps and 4 gigapackets per second, primarily launched by Internet of Things (IoT) botnets such as Aisuru and TurboMirai variants.AI integration: The use of AI, including dark-web large language models (LLMs), moved from emerging trend to operational reality, making sophisticated attacks accessible to a wider range of threat actors.Persistent threat…
The zero-day timeline just collapsed. Here’s what security leaders do next

Apr 8, 2026 12:52 PM

Tags: access, ai, api, attack, authentication, breach, cio, ciso, control, cyber, cybersecurity, data, data-breach, defense, endpoint, exploit, google, Internet, Intruder, leak, least-privilege, open-source, penetration-testing, resilience, service, strategy, tactics, update, vulnerability, zero-day

Scaling vulnerability discovery to machine speed: Agentic AI is AI that can act, not just advise. Give it an objective, and it will plan steps, run them, learn from what happens and adjust until it succeeds or hits a hard stop. In cybersecurity, that looks like an automated operator. It can probe an application, test…
Remus Infostealer Debuts With Stealthy New Credential-Theft Tactics

Apr 8, 2026 10:51 AM

Tags: credentials, cyber, data, hacker, password, tactics, theft

Hackers are rolling out a new 64″‘bit infostealer dubbed Remus. The code strongly suggests it is a direct successor to the notorious Lumma Stealer, arriving just months after law”‘enforcement disruption and public doxxing of Lumma’s core operators in 2025. Remus is a 64″‘bit information stealer that mirrors Lumma’s core playbook: harvesting browser passwords, cookies, autofill data,…
Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware

Apr 8, 2026 9:51 AM

Tags: crypto, cyber, cybercrime, hacker, malicious, malware, microsoft, open-source, phishing, tactics

Hackers are increasingly using fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL says it has blocked 164 malicious domains tied to this operation using MetaMask’s eth-phishing-detect system. The campaign primarily targets cryptocurrency professionals, Web3 developers, and investors, but its tactics are now expanding toward open-source communities.…
Iranian hackers are targeting American critical infrastructure, US agencies warn

Apr 7, 2026 10:54 PM

Tags: advisory, cisa, hacker, infrastructure, iran, tactics

A joint FBI, NSA, and CISA advisory warns that Iranian hackers have ‘escalated’ their tactics in response to the ongoing U.S.-Israel war with Iran. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/07/iranian-hackers-are-targeting-american-critical-infrastructure-u-s-agencies-warn/
5 ways to strengthen identity security and improve attack resilience

Apr 7, 2026 9:54 PM

Tags: access, ai, api, attack, authentication, automation, cloud, control, corporate, credentials, data, detection, endpoint, identity, infrastructure, least-privilege, login, mfa, microsoft, monitoring, msp, network, password, phishing, ransomware, resilience, risk, service, soc, tactics, threat, unauthorized, update, vulnerability, zero-trust

Admin accountsMSP technician accountsCloud infrastructure accountsExternal-facing applicationsRemote access toolsAny MFA deployment is better than none, but phishing-resistant methods offer the strongest protection. Once privileged accounts are enforced, expand MFA to all users over the next 30 days. Doing so reduces the likelihood that compromised credentials lead directly to unauthorized access. 2. Implement privileged access management…
5 ways to strengthen identity security and improve attack resilience

Apr 7, 2026 9:54 PM

Tags: access, ai, api, attack, authentication, automation, cloud, control, corporate, credentials, data, detection, endpoint, identity, infrastructure, least-privilege, login, mfa, microsoft, monitoring, msp, network, password, phishing, ransomware, resilience, risk, service, soc, tactics, threat, unauthorized, update, vulnerability, zero-trust

Admin accountsMSP technician accountsCloud infrastructure accountsExternal-facing applicationsRemote access toolsAny MFA deployment is better than none, but phishing-resistant methods offer the strongest protection. Once privileged accounts are enforced, expand MFA to all users over the next 30 days. Doing so reduces the likelihood that compromised credentials lead directly to unauthorized access. 2. Implement privileged access management…
Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware

Apr 7, 2026 8:52 PM

Tags: detection, hacker, malware, tactics

REF1695 hackers spread Monero mining malware via fake non-profit installers, using stealth tactics to evade detection and hijack systems for profit. First seen on hackread.com Jump to article: hackread.com/hackers-non-profit-developers-monero-mining-malware/
BPFDoor Variants Hide with Stateless C2 and ICMP Relay Tactics

Apr 7, 2026 3:52 PM

Tags: backdoor, cyber, linux, tactics

Seven new BPFDoor variants that push Linux backdoor tradecraft deep into the kernel, making them harder to spot in large telecom networks. These implants use Berkeley Packet Filters (BPF) to quietly inspect traffic inside the operating system kernel, waiting for a “magic packet” that activates a hidden shell. Once triggered, the backdoor blends into normal…
Censys Raises $70M to Advance AI-Driven Threat Intelligence

Apr 7, 2026 1:51 AM

Tags: ai, attack, ceo, cybersecurity, data, defense, intelligence, Internet, tactics, threat

Internet Intelligence Platform Targets Real-Time Cybethreat Defense. Censys raised $70 million to expand its AI-driven cybersecurity platform, focusing on real-time visibility into internet infrastructure. Co-founder and CEO Zakir Durumeric said faster attacks and evolving tactics require automated defenses powered by high-quality data and global intelligence. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/censys-raises-70m-to-advance-ai-driven-threat-intelligence-a-31349
MITRE ATTCK v19 Drops April 28: How to Prepare Your SOC for the Defense Evasion Split

Apr 6, 2026 10:51 PM

Tags: defense, framework, mitre, soc, tactics

MITRE ATT&CK v19: What the Defense Evasion Split Means for Your SOC What’s Changing in ATT&CK v19 MITRE ATT&CK v19 drops April 28, 2026. The biggest change: Defense Evasion (TA0005), the framework’s most bloated tactic, is being split into two new tactics with distinct operational meanings. We covered the rationale and early previews back in……
North Korean Hackers Pose as Trading Firm to Steal $285M from Drift

Apr 6, 2026 1:51 PM

Tags: hacker, north-korea, social-engineering, tactics

North Korean hackers (UNC4736) posed as a trading firm for six months to infiltrate Drift Protocol, using social engineering tactics to steal $285M without suspicion. First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-trading-firm-drift-protocol/
Akira-Style Ransomware Campaign Hits Windows Users Across South America

Apr 2, 2026 3:51 PM

Tags: cyber, dark-web, exploit, infrastructure, ransom, ransomware, tactics, threat, usa, windows

A newly identified ransomware campaign is targeting Windows users across South America, leveraging tactics that closely mimic the notorious Akira ransomware group. According to ESET’s findings, the threat actors behind this campaign are attempting to exploit Akira’s reputation by replicating its branding, ransom notes, and dark web infrastructure references. This includes the use of Tor-based…
Security awareness is not a control: Rethinking human risk in enterprise security

Apr 1, 2026 12:29 PM

Tags: access, attack, authentication, awareness, banking, best-practice, breach, business, control, corporate, credentials, crowdstrike, defense, email, exploit, finance, framework, Hardware, healthcare, identity, infrastructure, malware, mfa, monitoring, passkey, password, phishing, radius, risk, security-incident, social-engineering, strategy, tactics, threat, training, vulnerability

The predictability of human error: Human error is sometimes viewed as an exception in security incident conversations, as if a breach happened because someone made a mistake that should have been prevented. Human error is a constant in complex systems, especially in huge organizations where everyday operations are shaped by scale, pace, and conflicting agendas.…
LeakNet Changes Tactics, But Consistency Gives Defenders an Advantage

Apr 1, 2026 8:30 AM

Tags: exploit, ransomware, tactics

LeakNet may be expanding its reach and scaling up, changing techniques and running campaigns directly, but the ransomware operator’s use of a repeatable post-exploitation sequence gives defenders a leg up. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/leaknet-changes-tactics-but-consistency-gives-defenders-an-advantage/
Iran actors’ claims raise questions about larger cyber threat to US, allies

Mar 31, 2026 7:30 PM

Tags: cyber, data, iran, tactics, threat

Questions are being raised about the veracity and tactics of Iran-linked actors, amid claims that a large trove of Lockheed Martin data is on the market. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-actors-claims-cyber-threat-us-allies/816228/