Tag: tactics

Remus Infostealer Debuts With Stealthy New Credential-Theft Tactics

Apr 8, 2026 10:51 AM

Tags: credentials, cyber, data, hacker, password, tactics, theft

Hackers are rolling out a new 64″‘bit infostealer dubbed Remus. The code strongly suggests it is a direct successor to the notorious Lumma Stealer, arriving just months after law”‘enforcement disruption and public doxxing of Lumma’s core operators in 2025. Remus is a 64″‘bit information stealer that mirrors Lumma’s core playbook: harvesting browser passwords, cookies, autofill data,…
Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware

Apr 8, 2026 9:51 AM

Tags: crypto, cyber, cybercrime, hacker, malicious, malware, microsoft, open-source, phishing, tactics

Hackers are increasingly using fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL says it has blocked 164 malicious domains tied to this operation using MetaMask’s eth-phishing-detect system. The campaign primarily targets cryptocurrency professionals, Web3 developers, and investors, but its tactics are now expanding toward open-source communities.…
Iranian hackers are targeting American critical infrastructure, US agencies warn

Apr 7, 2026 10:54 PM

Tags: advisory, cisa, hacker, infrastructure, iran, tactics

A joint FBI, NSA, and CISA advisory warns that Iranian hackers have ‘escalated’ their tactics in response to the ongoing U.S.-Israel war with Iran. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/07/iranian-hackers-are-targeting-american-critical-infrastructure-u-s-agencies-warn/
5 ways to strengthen identity security and improve attack resilience

Apr 7, 2026 9:54 PM

Tags: access, ai, api, attack, authentication, automation, cloud, control, corporate, credentials, data, detection, endpoint, identity, infrastructure, least-privilege, login, mfa, microsoft, monitoring, msp, network, password, phishing, ransomware, resilience, risk, service, soc, tactics, threat, unauthorized, update, vulnerability, zero-trust

Admin accountsMSP technician accountsCloud infrastructure accountsExternal-facing applicationsRemote access toolsAny MFA deployment is better than none, but phishing-resistant methods offer the strongest protection. Once privileged accounts are enforced, expand MFA to all users over the next 30 days. Doing so reduces the likelihood that compromised credentials lead directly to unauthorized access. 2. Implement privileged access management…
5 ways to strengthen identity security and improve attack resilience

Apr 7, 2026 9:54 PM

Tags: access, ai, api, attack, authentication, automation, cloud, control, corporate, credentials, data, detection, endpoint, identity, infrastructure, least-privilege, login, mfa, microsoft, monitoring, msp, network, password, phishing, ransomware, resilience, risk, service, soc, tactics, threat, unauthorized, update, vulnerability, zero-trust

Admin accountsMSP technician accountsCloud infrastructure accountsExternal-facing applicationsRemote access toolsAny MFA deployment is better than none, but phishing-resistant methods offer the strongest protection. Once privileged accounts are enforced, expand MFA to all users over the next 30 days. Doing so reduces the likelihood that compromised credentials lead directly to unauthorized access. 2. Implement privileged access management…
Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware

Apr 7, 2026 8:52 PM

Tags: detection, hacker, malware, tactics

REF1695 hackers spread Monero mining malware via fake non-profit installers, using stealth tactics to evade detection and hijack systems for profit. First seen on hackread.com Jump to article: hackread.com/hackers-non-profit-developers-monero-mining-malware/
BPFDoor Variants Hide with Stateless C2 and ICMP Relay Tactics

Apr 7, 2026 3:52 PM

Tags: backdoor, cyber, linux, tactics

Seven new BPFDoor variants that push Linux backdoor tradecraft deep into the kernel, making them harder to spot in large telecom networks. These implants use Berkeley Packet Filters (BPF) to quietly inspect traffic inside the operating system kernel, waiting for a “magic packet” that activates a hidden shell. Once triggered, the backdoor blends into normal…
Censys Raises $70M to Advance AI-Driven Threat Intelligence

Apr 7, 2026 1:51 AM

Tags: ai, attack, ceo, cybersecurity, data, defense, intelligence, Internet, tactics, threat

Internet Intelligence Platform Targets Real-Time Cybethreat Defense. Censys raised $70 million to expand its AI-driven cybersecurity platform, focusing on real-time visibility into internet infrastructure. Co-founder and CEO Zakir Durumeric said faster attacks and evolving tactics require automated defenses powered by high-quality data and global intelligence. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/censys-raises-70m-to-advance-ai-driven-threat-intelligence-a-31349
MITRE ATTCK v19 Drops April 28: How to Prepare Your SOC for the Defense Evasion Split

Apr 6, 2026 10:51 PM

Tags: defense, framework, mitre, soc, tactics

MITRE ATT&CK v19: What the Defense Evasion Split Means for Your SOC What’s Changing in ATT&CK v19 MITRE ATT&CK v19 drops April 28, 2026. The biggest change: Defense Evasion (TA0005), the framework’s most bloated tactic, is being split into two new tactics with distinct operational meanings. We covered the rationale and early previews back in……
North Korean Hackers Pose as Trading Firm to Steal $285M from Drift

Apr 6, 2026 1:51 PM

Tags: hacker, north-korea, social-engineering, tactics

North Korean hackers (UNC4736) posed as a trading firm for six months to infiltrate Drift Protocol, using social engineering tactics to steal $285M without suspicion. First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-trading-firm-drift-protocol/
Akira-Style Ransomware Campaign Hits Windows Users Across South America

Apr 2, 2026 3:51 PM

Tags: cyber, dark-web, exploit, infrastructure, ransom, ransomware, tactics, threat, usa, windows

A newly identified ransomware campaign is targeting Windows users across South America, leveraging tactics that closely mimic the notorious Akira ransomware group. According to ESET’s findings, the threat actors behind this campaign are attempting to exploit Akira’s reputation by replicating its branding, ransom notes, and dark web infrastructure references. This includes the use of Tor-based…
Security awareness is not a control: Rethinking human risk in enterprise security

Apr 1, 2026 12:29 PM

Tags: access, attack, authentication, awareness, banking, best-practice, breach, business, control, corporate, credentials, crowdstrike, defense, email, exploit, finance, framework, Hardware, healthcare, identity, infrastructure, malware, mfa, monitoring, passkey, password, phishing, radius, risk, security-incident, social-engineering, strategy, tactics, threat, training, vulnerability

The predictability of human error: Human error is sometimes viewed as an exception in security incident conversations, as if a breach happened because someone made a mistake that should have been prevented. Human error is a constant in complex systems, especially in huge organizations where everyday operations are shaped by scale, pace, and conflicting agendas.…
LeakNet Changes Tactics, But Consistency Gives Defenders an Advantage

Apr 1, 2026 8:30 AM

Tags: exploit, ransomware, tactics

LeakNet may be expanding its reach and scaling up, changing techniques and running campaigns directly, but the ransomware operator’s use of a repeatable post-exploitation sequence gives defenders a leg up. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/leaknet-changes-tactics-but-consistency-gives-defenders-an-advantage/
Iran actors’ claims raise questions about larger cyber threat to US, allies

Mar 31, 2026 7:30 PM

Tags: cyber, data, iran, tactics, threat

Questions are being raised about the veracity and tactics of Iran-linked actors, amid claims that a large trove of Lockheed Martin data is on the market. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-actors-claims-cyber-threat-us-allies/816228/
Ransomware in 2025: Blending in is the strategy

Mar 31, 2026 12:29 PM

Tags: identity, ransomware, strategy, tactics

A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ransomware-in-2025-blending-in-is-the-strategy/
Global Cybercrime Investigations Gain Ground

Mar 31, 2026 7:32 AM

Tags: attack, crypto, cybercrime, intelligence, law, ransomware, tactics, threat

Stan Duijf of Dutch National Police on Collaborative Law Enforcement. Global law enforcement agencies are shifting tactics to disrupt ransomware earlier in the attack chain. Stan Duijf of the Dutch National Police describes how collaboration, threat intelligence and cryptocurrency seizures are making cybercrime more costly and less effective for criminals. First seen on govinfosecurity.com Jump…
Cybercriminals Exploit Tax Season With New Phishing Tactics

Mar 31, 2026 5:30 AM

Tags: credentials, cybercrime, exploit, malware, phishing, scam, tactics, theft

Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/tax-season-new-phishing-tactics/
New AITM phishing wave hijacks TikTok Business accounts

Mar 27, 2026 10:30 PM

Tags: business, google, malware, phishing, tactics

A new AITM phishing campaign targets TikTok Business accounts to hijack them for malvertising, continuing tactics seen in earlier Google-themed scams. Push Security researchers uncovered a new wave of AITM phishing pages targeting TikTok for Business accounts, aiming to hijack them for malvertising. The campaign includes TikTok and Google-themed fake pages, showing links to previous…
Skyhawk Security Adds Threat Actor Context to Cloud Attack Scenarios, Mapping Simulations to Known Adversaries

Mar 25, 2026 5:49 PM

Tags: ai, attack, cloud, RedTeam, tactics, threat

Skyhawk Security has added Threat Actor Context to its cloud security platform, giving security teams a way to understand simulated attack scenarios through the lens of known adversary behavior. The enhancement connects Skyhawk’s AI Red Team attack simulations to real-world threat actors, their campaigns, and affiliated CVEs. The capability goes beyond mapping to tactics, techniques,..…
Phishers Pose as Palo Alto Networks’ Recruiters for Months in Job Scam

Mar 25, 2026 4:47 PM

Tags: data, jobs, linkedin, network, phishing, scam, tactics

A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/phishers-pose-palo-alto-networks-recruiters-job-scam
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

Mar 25, 2026 1:47 PM

Tags: access, advisory, api, attack, cloud, container, credentials, data, exploit, extortion, github, group, infrastructure, malicious, malware, open-source, pypi, supply-chain, tactics, tool, vulnerability

An expanding supply-chain campaign: The LiteLLM incident has been confirmed to be a part of the rapidly unfolding TeamPCP supply chain campaign that first compromised Trivy.Trivy, developed by Aqua Security, is a widely used open-source vulnerability scanner designed to identify security issues in container images, file systems, and infrastructure-as-code (IaC) configurations. The ongoing attack, attributed…
Faster attacks and ‘recovery denial’ ransomware reshape threat landscape

Mar 23, 2026 5:48 PM

Tags: access, ai, api, attack, authentication, backup, ciso, cloud, control, credentials, data, defense, detection, email, encryption, espionage, exploit, governance, identity, infection, infrastructure, intelligence, mandiant, mfa, monitoring, network, north-korea, phishing, ransomware, resilience, saas, service, social-engineering, strategy, tactics, theft, threat, tool, update

Social engineering becomes more interactive: While exploits remain the leading initial infection vector at 32%, the report underscores a shift toward more adaptive social engineering. Voice phishing has risen sharply, while email phishing continues to decline, signaling a move away from high-volume campaigns toward real-time interaction.Mandiant’s data shows that email phishing dropped to just 6%…
Cybercriminals are Winning with AI

Mar 20, 2026 1:10 AM

Tags: ai, attack, awareness, best-practice, business, cybercrime, data, deep-fake, defense, detection, exploit, finance, fraud, guide, phishing, resilience, risk, scam, strategy, tactics, threat, tool

AI has become the most powerful tool for financial fraud since the dawn of the Internet. As predicted, criminals are exploiting it faster, more effectively, and at scale. According to the latest Interpol Global Financial Fraud Report, AI-enhanced fraud is now 4.5 times more profitable than traditional schemes. That’s a significant shift and we’re still…
Ransomware Affiliate Exposes Details of ‘The Gentlemen’ Operation

Mar 19, 2026 6:10 PM

Tags: exploit, leak, ransomware, tactics

Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-affiliate-gentlemen/
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures

Mar 17, 2026 11:10 AM

Tags: attack, chatgpt, macOS, malicious, social-engineering, sophos, tactics, windows

ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and…
Poland Suspects Iranian Actors are Behind Attack on Its Nuclear Power Center

Mar 16, 2026 8:09 PM

Tags: attack, country, cyberattack, group, iran, tactics, threat

Poland officials say the cyberattack late last week appears to have been launched by an Iranian threat group, though they noted that bad actors not associated with any country in the war could have been behind it and used tactics associated with Iranian threat groups to cover their own tracks. First seen on securityboulevard.com Jump…
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Mar 13, 2026 11:10 AM

Tags: advisory, authentication, credentials, data, detection, endpoint, exploit, github, google, group, infrastructure, malicious, malware, microsoft, network, password, phishing, scam, software, strategy, tactics, technology, theft, threat, tool, vpn, windows

vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Mar 13, 2026 11:10 AM

Tags: advisory, authentication, credentials, data, detection, endpoint, exploit, github, google, group, infrastructure, malicious, malware, microsoft, network, password, phishing, scam, software, strategy, tactics, technology, theft, threat, tool, vpn, windows

vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
New ClickFix Attacks Target macOS Users with MacSync Infostealer

Mar 12, 2026 1:09 PM

Tags: apple, attack, cyber, exploit, macOS, malicious, social-engineering, software, tactics, threat

A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…
New ClickFix Attacks Target macOS Users with MacSync Infostealer

Mar 12, 2026 1:09 PM

Tags: apple, attack, cyber, exploit, macOS, malicious, social-engineering, software, tactics, threat

A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…