Tag: tactics

New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux

Jun 2, 2025 1:54 PM

Tags: attack, cyber, linux, malicious, open-source, pypi, supply-chain, tactics, windows

Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion attacks against popular packages. This coordinated supply chain attack demonstrates unprecedented cross-ecosystem tactics and advanced evasion techniques that security researchers warn represent an evolution in open-source threats. Cross-Ecosystem Typo-Squatting…
6 hard truths security pros must learn to live with

Jun 2, 2025 12:54 PM

Tags: ai, attack, breach, business, ciso, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, defense, detection, finance, fraud, gartner, hacker, ibm, insurance, jobs, network, phishing, resilience, risk, risk-management, skills, social-engineering, tactics, technology, threat, training, vulnerability

No matter how good you are, your organization will be victimized: This is a hard one to swallow, but if we take the “five stages of grief” approach to cybersecurity, it’s better to reach the “acceptance” level than to remain in denial because much of what happens is simply out of your control.A global survey…
North Korean IT Workers Exploit Legitimate Software and Network Tactics to Evade EDR

May 30, 2025 10:55 AM

Tags: control, cyber, data-breach, detection, edr, endpoint, exploit, identity, network, north-korea, software, tactics

A North Korean IT worker, operating under a false identity, was uncovered infiltrating a Western organization with a sophisticated remote-control system. This incident, exposed during a U.S. federal raid on a suspected laptop farm, showcases a chilling trend where adversaries leverage legitimate software and low-level network protocols to evade traditional Endpoint Detection and Response (EDR)…
Warning: Threat actors now abusing Google Apps Script in phishing attacks

May 30, 2025 5:55 AM

Tags: access, attack, awareness, cloud, communications, control, credentials, defense, email, google, login, malicious, microsoft, password, phishing, service, tactics, threat, tool, training

script[.]google[.]com. The attacker is betting the user will see and trust the Google brand, and therefore trust the content.”By using a trusted platform to host the phishing page, the threat actor creates a false sense of security, obscuring the underlying threat with the goal of getting the recipient to enter their email and password without…
Webinar | How to Build a Platform-Based Defense Against Evolving Cyber Threats

May 30, 2025 12:55 AM

Tags: ai, cyber, defense, network, tactics, threat

Palo Alto Networks on How to Construct a Defense for Modern Threats. The rapid evolution of cyber threats, amplified by the integration of AI into adversarial tactics, calls for a shift in defensive strategies. Traditional approaches are no longer sufficient to address the sophistication, scale, and speed of modern attacks. First seen on govinfosecurity.com Jump…
PumaBot Targets Linux Devices in Latest Botnet Campaign

May 29, 2025 7:55 PM

Tags: botnet, linux, tactics

While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/pumabot-targets-linux-devices-botnet-campaign
Security for High Velocity Engineering

May 29, 2025 2:55 PM

Tags: software, strategy, tactics

Strategy and Tactics for Protecting and Enabling Modern Software Organizations First seen on tldrsec.com Jump to article: tldrsec.com/p/security-for-high-velocity-engineering
UTG015 Hackers Launch Massive Brute-Force Attacks on Government Web Servers

May 29, 2025 1:55 PM

Tags: attack, cyber, exploit, government, group, hacker, malicious, tactics, vulnerability

The hacker group UTG-Q-015, first identified in December 2024 for mounting attacks on major websites like CSDN, has escalated its malicious activities, targeting government and enterprise web servers with unprecedented aggression. Initially disclosed for their tactics of website manipulation, the group has since pivoted to exploiting 0day and Nday vulnerabilities, launching widespread brute-force scanning and…
6 rising malware trends every security pro should know

May 29, 2025 8:55 AM

Tags: adobe, ai, antivirus, apple, attack, awareness, backdoor, business, captcha, cloud, corporate, cybercrime, data, defense, detection, encryption, endpoint, exploit, extortion, framework, group, hacking, incident response, infrastructure, intelligence, Internet, law, leak, macOS, malicious, malware, network, password, phishing, powershell, programming, pypi, ransom, ransomware, service, social-engineering, software, supply-chain, tactics, theft, threat, tool, update, vulnerability, worm

Malicious packages targeting developer environments: Threat actors are systematically compromising the software supply chain by embedding malicious code within legitimate development tools, libraries, and frameworks that organizations use to build applications.”These supply chain attacks exploit the trust between developers and package repositories,” Immersive’s McCarthy tells CSO. “Malicious packages often mimic legitimate ones while running harmful…
The latest in phishing scams: stealing your information through fake online forms

May 28, 2025 3:55 PM

Tags: attack, cybercrime, exploit, phishing, scam, tactics, technology, threat
FBI: Silent Ransom Group Adopts Vishing Campaign Against Law Firms

May 27, 2025 7:54 PM

Tags: extortion, group, law, ransom, ransomware, tactics

The non-ransomware extortion group has switched up tactics and victimology in a deliberate and focused campaign similar to those of other attackers focused on stealing sensitive data. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/fbi-silent-ransom-group-vishing-law-firms
Researchers Uncover macOS ‘AppleProcessHub’ Stealer: TTPs and C2 Server Details Revealed

May 27, 2025 12:54 PM

Tags: apple, cyber, detection, macOS, malware, tactics, threat

Researchers have identified a novel information-stealing malware dubbed ‘AppleProcessHub,’ designed to infiltrate Apple systems and exfiltrate sensitive user data. This discovery sheds light on an evolving threat landscape where macOS, often considered a secure platform, is increasingly becoming a target for sophisticated adversaries. The malware employs advanced tactics, techniques, and procedures (TTPs) to evade detection…
How CISOs can defend against Scattered Spider ransomware attacks

May 27, 2025 8:54 AM

Tags: access, antivirus, attack, backup, ciso, control, credentials, data, defense, detection, edr, exploit, google, group, guide, hacker, hacking, identity, infrastructure, Internet, Intruder, law, mandiant, mfa, network, password, phishing, phone, ransom, ransomware, social-engineering, tactics, threat, tool, vmware, vpn, zero-day

Significant shift to social engineering: Over the past two years, many Scattered Spider members have been arrested and even convicted, including one key member known as “King Bob,” who was arrested in early 2024 and later pleaded guilty to the charges against him. Six other significant Scattered Spider members were arrested in late 2024.Due to…
How Google Meet Pages Are Exploited to Deliver PowerShell Malware

May 27, 2025 8:54 AM

Tags: attack, cyber, cyberattack, email, exploit, google, macOS, malicious, malware, phishing, powershell, social-engineering, tactics, windows

A new wave of cyberattacks exploits user trust in Google Meet by deploying meticulously crafted fake meeting pages that trick victims into running malicious PowerShell commands. This campaign, dubbed ClickFix, leverages advanced social engineering tactics, bypassing traditional security measures and targeting Windows and macOS systems. The attack begins with phishing emails containing links that closely…
Feel Relieved by Perfecting Your NHI Tactics

May 27, 2025 5:54 AM

Tags: breach, cybersecurity, data, finance, healthcare, risk, service, soc, strategy, tactics, tool

Is Your Cybersecurity Strategy Ready for Non-Human Identities? Non-Human Identities (NHIs) and Secrets Security Management have emerged as crucial components of a comprehensive cybersecurity strategy. These powerful tools, once adequately managed, can significantly decrease the risk of security breaches and data leaks. Professionals in various sectors, including financial services, healthcare, travel, DevOps, and SOC teams,……
Over 40 Malicious Chrome Extensions Impersonate Popular Brands to Steal Sensitive Data

May 26, 2025 1:54 PM

Tags: browser, chrome, cyber, cybersecurity, data, google, intelligence, malicious, phishing, tactics

Cybersecurity firm LayerX has uncovered over 40 malicious Chrome browser extensions, many of which are still available on the Google Chrome Web Store. These extensions, part of three distinct phishing campaigns, were designed to impersonate well-known and trusted applications and brands. Detailed Analysis Reveals Impersonation Tactics LayerX, building off initial research by the DomainTools Intelligence…
The 7 unwritten rules of leading through crisis

May 26, 2025 9:54 AM

Tags: automation, best-practice, business, ceo, cio, cyber, cybersecurity, incident response, intelligence, radius, risk, security-incident, service, software, strategy, tactics, technology, threat, tool, training

Rule 2: A proactive mindset sets the stage for collective learning: Confusion is contagious. “Providing clarity about what’s known, what matters, and what you’re aiming for, stabilizes people and systems,” says Leila Rao, a workplace and executive coaching consultant. “It sets the tone for proactivity instead of reactivity.”Simply treating symptoms will make the problem worse,…
Cyber threats are changing and here’s what you should watch for

May 26, 2025 6:54 AM

Tags: cyber, cybercrime, intelligence, tactics, threat

In this Help Net Security video, Stefan Tanase, Cyber Intelligence Expert at CSIS, gives an overview of how cybercriminals are changing their tactics, including using … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/26/cyber-threats-2025-video/
Cybersecurity Snapshot: AI Data Security Best Practices Released, While New Framework Seeks To Help IT Pros Gain Cyber Skills

May 23, 2025 11:55 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, cctv, cisa, cloud, computer, control, credentials, crypto, cyber, cybercrime, cybersecurity, data, detection, email, espionage, exploit, finance, framework, germany, group, Hardware, infrastructure, injection, intelligence, iot, kev, law, linux, malware, metric, mfa, military, mitigation, network, nist, open-source, organized, passkey, password, phishing, risk, russia, skills, software, sql, tactics, technology, tool, training, ukraine, unauthorized, update, vpn, vulnerability, wifi, zero-trust

Check out expert recommendations for protecting your AI system data. Plus, boost your IT department’s cybersecurity skills with a new interactive framework. In addition, learn about a malware campaign targeting critical infrastructure orgs. And get the latest on Russian cyber espionage and on a NIST effort to enhance vulnerability prioritization. Dive into five things that…
Researchers Uncover Infrastructure and TTPs Behind ALCATRAZ Malware

May 23, 2025 2:55 PM

Tags: cyber, cybercrime, data-breach, infrastructure, malware, open-source, tactics, tool

Elastic Security Labs has recently exposed a sophisticated new malware family dubbed DOUBLELOADER, observed in conjunction with the RHADAMANTHYS infostealer. This discovery sheds light on the evolving tactics, techniques, and procedures (TTPs) of cybercriminals who leverage advanced obfuscation tools to hinder analysis. Notably, DOUBLELOADER is protected by ALCATRAZ, an open-source obfuscator first released in 2023,…
TAG-110 Hackers Deploy Malicious Word Templates in Targeted Attacks

May 23, 2025 1:55 PM

Tags: attack, cyber, government, group, hacker, malicious, russia, tactics, threat

The Russia-aligned threat actor TAG-110, also linked to UAC-0063 and APT28 (BlueDelta) with medium confidence by CERT-UA, has shifted tactics to target government, educational, and research entities in Tajikistan. According to analysis by Insikt Group from Recorded Future Report, TAG-110 has moved away from its traditional use of HTA-based payloads like HATVIBE, which it has…
Response to CISA Advisory (AA25-141B): Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations

May 23, 2025 6:54 AM

Tags: advisory, cisa, data, malware, tactics, threat

AttackIQ has updated an existing assessment template in response to the CISA Advisory (AA25-141B) published on May 21, 2025, which disseminates Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IOCs), associated with threat actors deploying the LummaC2 information stealer malware, identified through FBI investigations as recent as May 2025. First seen on securityboulevard.com Jump…
10 Proven Growth Strategies for B2B SaaS: Lessons from Business Classics Applications for AI Startups

May 22, 2025 6:55 PM

Tags: ai, business, framework, saas, startup, strategy, tactics

Transform your B2B SaaS growth trajectory with 10 battle-tested strategies derived from business classics and proven by market leaders. Learn how these frameworks can be specifically adapted for AI startups, with actionable tactics that drive sustainable revenue growth in competitive landscape. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/10-proven-growth-strategies-for-b2b-saas-lessons-from-business-classics-applications-for-ai-startups/
Vidar and StealC Malware Delivered Through Viral TikTok Videos by Hackers

May 22, 2025 6:55 PM

Tags: attack, captcha, cyber, cybercrime, exploit, hacker, malware, social-engineering, tactics

A sophisticated social engineering campaign that leverages the viral power of TikTok to distribute dangerous information-stealing malware, specifically Vidar and StealC. This alarming trend marks a shift in cybercriminal tactics, moving away from traditional methods like fake CAPTCHA pages to exploiting the vast user base and algorithmic reach of social media platforms. Unlike previous attacks…
71 Fake Websites Impersonating German Retailer to Steal Payment Information

May 21, 2025 6:54 PM

Tags: cyber, fraud, intelligence, international, network, scam, tactics, unauthorized

Recorded Future Payment Fraud Intelligence has uncovered a sprawling network of 71 fraudulent e-commerce domains designed to impersonate a prominent German international discount retailer, with lidlorg[.]com identified as the central node of this scam operation. First detected on April 19, 2025, these websites employ advanced brand impersonation tactics, such as typosquatting and the unauthorized use…
IBM Warns: One-Third of Cyber Attacks Use Advanced Tactics to Steal Login Credentials

May 21, 2025 2:54 PM

Tags: attack, breach, credentials, cyber, cybersecurity, exploit, ibm, identity, login, strategy, tactics, threat, tool

IBM X-Force’s 2024 cybersecurity report, nearly one-third of cyber intrusions now rely on identity-based attacks, exploiting valid login credentials to breach systems. This alarming trend, continuing for the second consecutive year, highlights a shift in threat actor strategies, moving away from traditional brute-force methods to stealthier, more persistent tactics. Attackers are increasingly leveraging sophisticated tools,…
LockBit Internal Data Leak Reveals Payload Creation Methods and Ransom Demands

May 21, 2025 12:54 PM

Tags: breach, cyber, data, data-breach, group, infrastructure, Internet, leak, lockbit, ransom, ransomware, service, tactics

The notorious ransomware group LockBit inadvertently suffered a major data breach, exposing the inner workings of their ransomware-as-a-service (RaaS) operations. This leak, which surfaced on the internet after remaining undetected for months, has offered invaluable insights into the group’s internal processes, from ransomware payload creation to negotiation tactics with victims. Glimpse into LockBit’s Infrastructure The…
Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT

May 20, 2025 5:54 PM

Tags: access, apt, attack, cyber, cybersecurity, group, malware, powershell, rat, tactics, threat

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the notorious Kimsuky Advanced Persistent Threat (APT) group, deploying intricately crafted PowerShell payloads to deliver the XWorm Remote Access Trojan (RAT). This operation showcases the group’s advanced tactics, leveraging encoded scripts and multi-stage attack chains to infiltrate systems, bypass traditional security mechanisms, and establish covert…
LockBit Leak Shows Affiliates Use Pressure Tactics, Rarely Get Paid

May 20, 2025 3:54 PM

Tags: breach, data, data-breach, leak, lockbit, ransom, ransomware, tactics

Weeks after LockBit ransomware breach, leaked data reveals how affiliates generate ransomware, set ransom demands, and often walk away unpaid. First seen on hackread.com Jump to article: hackread.com/lockbit-leak-affiliates-pressure-tactics-rarely-paid/
The Crowded Battle: Key Insights from the 2025 State of Pentesting Report

May 20, 2025 1:54 PM

Tags: breach, ciso, cyber, penetration-testing, risk, strategy, tactics, tool

In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have to handle. The findings reveal a complex…