Tag: tactics
-
Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI
Tags: access, ai, attack, authentication, best-practice, captcha, cloud, control, credentials, crypto, cyber, cybercrime, data, defense, detection, dmarc, email, exploit, finance, google, identity, jobs, login, malicious, malware, mfa, phishing, radius, risk, scam, spam, strategy, tactics, technology, theft, threat, tool, vulnerability, zero-day, zero-trustGone are the days of mass phishing campaigns. Today’s attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation. With flawless lures and tactics designed to outsmart AI defenses, cybercriminals are zeroing in on HR, payroll, and finance teams”, exploiting human vulnerabilities with…
-
Lessons from Ted Lasso for cybersecurity success
In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/lessons-from-ted-lasso-for-cybersecurity-success/
-
Adversarythe-Middle Attacks Persist Strategies to Lessen the Impact
Adversary-in-the-middle fraud (AiTM) represents a significant, ongoing challenge for businesses, with tactics like email hijacking, AI attacks and account takeovers becoming increasingly complex. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/adversary-in-the-middle-attacks-persist-strategies-to-lessen-the-impact/
-
Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities
Google’s Mandiant team has released its M-Trends 2025 report, highlighting the increasing sophistication of threat actors, particularly China-nexus groups. These adversaries are deploying custom malware ecosystems, exploiting zero-day vulnerabilities in security appliances, and utilizing proxy networks resembling botnets to evade detection. Their tactics also include targeting edge devices lacking endpoint detection and response (EDR) capabilities…
-
KeyPlug Malware Server Leak Exposes Fortinet Firewall and VPN Exploitation Tools
Cybersecurity researchers have stumbled upon a treasure trove of operational tools and scripts linked to the KeyPlug malware, associated with the threat group RedGolf, also known as APT41. The server, which was inadvertently exposed for less than 24 hours, provided an unprecedented glimpse into the sophisticated tactics, techniques, and procedures (TTPs) employed by this advanced…
-
Researchers Uncover Stealthy Tactics and Techniques of StrelaStealer Malware
Cybersecurity experts have recently shed light on the sophisticated operations of StrelaStealer, also known by its alias Strela, revealing a suite of stealthy tactics employed in its information theft campaigns. This malware, spotlighted by IBM Security X-Force for its association with the HIVE-0145 threat actor group, targets email credentials from prominent clients like Microsoft Outlook…
-
Defending Against Web API Exploitation With Modern Detection Strategies
In today’s interconnected digital landscape, APIs serve as the critical building blocks of modern web applications, enabling seamless data exchange and functionality. However, as their usage has exploded in recent years, attackers have increasingly adapted their tactics to target these essential components. An API exploit a technique or program that takes advantage of vulnerabilities can…
-
How To Integrate MITRE ATTCK Into Your SOC For Better Threat Visibility
The evolving cybersecurity landscape demands advanced strategies to counter sophisticated threats that outpace traditional security measures. The MITRE ATT&CK framework emerges as a critical tool for Security Operations Centers (SOCs), offering a structured, knowledge-driven approach to understanding adversary behavior. By systematically mapping attacker tactics, techniques, and procedures (TTPs), it empowers organizations to enhance threat detection,…
-
Gamaredon’s PteroLNK Malware: Stealthy Espionage Tactics Uncovered
A recent deep-dive analysis by HarfangLab uncovers new insights into the persistent and ever-evolving operations of Gamaredon, a First seen on securityonline.info Jump to article: securityonline.info/gamaredons-pterolnk-malware-stealthy-espionage-tactics-uncovered/
-
Interlock ransomware evolves tactics with ClickFix, infostealers
First seen on scworld.com Jump to article: www.scworld.com/news/interlock-ransomware-evolves-tactics-with-clickfix-infostealers
-
Emulating the Stealthy StrelaStealer Malware
AttackIQ has released three new attack graphs designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with StrelaStealer observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/emulating-the-stealthy-strelastealer-malware/
-
LummaStealer Exploits Windows Utility to Run Remote Code Disguised as .mp4 File
The Cybereason Global Security Operations Center (GSOC) has shed light on the sophisticated tactics used by the LummaStealer malware to evade detection and execute malicious code. Originally spotted in 2022, this Russian-developed malware-as-a-service (MaaS) has continuously evolved its evasion techniques to target Windows systems. Advanced Evasion with mshta.exe LummaStealer’s operators have introduced a new technique…
-
Gamaredon’s PteroLNK VBScript Malware Infrastructure and TTPs Uncovered by Researchers
Researchers have unearthed details of the Pterodo malware family, notably the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group, which is believed to be associated with Russia’s Federal Security Service (FSB), has been targeting Ukrainian entities, focusing on government, military, and critical infrastructure sectors as part of broader geopolitical conflicts. Tactics, Techniques,…
-
Russia-linked APT29 targets European diplomats with new malware
WINELOADER variant: While the Check Point researchers didn’t manage to obtain the final payload delivered by GRAPELOADER directly, they located a new variant of the WINELOADER backdoor that was uploaded to the VirusTotal scanning service around the same time and which has code and compilation time similarities to both AppvIsvSubsystems64.dll and ppcore.dll. As such, there…
-
Frequently Asked Questions About the MITRE CVE Program Expiration and Renewal
Tags: advisory, attack, cisa, computer, cve, cybersecurity, data, exploit, government, incident response, infrastructure, mitre, nvd, open-source, risk, tactics, update, vulnerability, vulnerability-managementConcerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation. Background The Tenable Security Response Team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding changes around the MITRE CVE Program. As…
-
Windows Task Scheduler Vulnerabilities Allow Attackers Gain Admin Account Control
New vulnerabilities in Windows Task Scheduler’s schtasks.exe let attackers bypass UAC, alter metadata, modify event logs, and evade detection. These actions map to MITRE ATT&CK tactics: Persistence, Privilege Escalation, Execution, Lateral Movement, and Defense Evasion. Abuse of schtasks.exe enables stealthy task creation and manipulation without alerting defenders, making it a reliable tool for maintaining access…
-
Server-Side Phishing Attacks Target Employee and Member Portals to Steal Login Credentials
Attackers have been deploying server-side phishing schemes to compromise employee and member login portals across various enterprises. This strategic shift to server-side operations is designed to evade detection and complicate analysis. Evolving Phishing Techniques Recent investigations have highlighted a marked evolution in the tactics employed by phishing campaigns. Traditional methods relied on client-side redirects to…
-
Hacktivist Group Becomes More Sophisticated, Targets Critical Infrastructure to Deploy Ransomware
A recent report by Cyble has shed light on the evolving tactics of hacktivist groups, moving beyond traditional cyber disruptions like DDoS attacks and website defacements to engage in more advanced critical infrastructure attacks and ransomware operations. Advanced Attack Strategies Hacktivism is transforming into a complex tool of hybrid warfare, with groups adopting tactics traditionally…
-
The TraderTraitor Crypto Heist: Nation-State Tactics Meet Financial Cybercrime
The cryptocurrency sector has always been a magnet for cybercriminals, but the TraderTraitor campaign marks a different kind of threat”, one backed by state-sponsored actors with long-term goals and surgical precision. Allegedly linked to North Korea’s Lazarus Group, this campaign wasn’t just about breaking into wallets. It was about exploiting trust, manipulating human behavior, and…
-
ResolverRAT Malware Targets Healthcare, Pharma with Phishing Tactics
First seen on scworld.com Jump to article: www.scworld.com/brief/resolverrat-malware-targets-healthcare-pharma-with-phishing-tactics
-
European Companies Infected With New Chinese-Nexus Backdoor
Threat Actors Deploy Obfuscation Tactics to Targets Windows Machines. Likely Chinese nation-state hackers are targeting European companies using previously unseen malware backdoor variants with advanced network tunneling and evasion capabilities for data theft. Brussels-based security firm Nviso links the campaign to a threat actor tracked as UNC5221. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/european-companies-infected-new-chinese-nexus-backdoor-a-28009
-
Renewed APT29 Phishing Campaign Against European Diplomats
ighlights Introduction Starting in January 2025, Check Point Research (CPR) has been tracking a wave of targeted phishing attacks aimed at European governments and diplomats. The Techniques, Tactics and Procedures (TTPs) observed in this campaign align with the WINELOADER campaigns, which were attributed toAPT29, a Russialinkedthreat group. APT29, also commonly referred to as Midnight Blizzard…
-
Year in Review: The biggest trends in ransomware
This week, our Year in Review spotlight is on ransomware”, where low-profile tactics led to high-impact consequences. Download our 2 page ransomware summary, or watch our 55 second video. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/year-in-review-ransomware/
-
Hackers Use Microsoft Teams Chats to Deliver Malware to Windows PCs
A sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs with malware, according to a recent report by cybersecurity firm ReliaQuest. The attack, which began surfacing in March 2025 and primarily targets the finance and professional services sectors, signals a dramatic evolution in tactics used by threat actors linked to the…
-
Fraud in Your Inbox: Email Is Still the Weakest Link
At-Bay Cyber Insurance Claims Report Finds 83% of Financial Fraud Starts With Email. Financial fraud remains the leading driver of cyberinsurance claims, with 83% of cases traced back to email-based attacks. Common tactics used to deceive employees include wiring funds to fraudulent accounts, generative AI-crafted emails, executive and vendor impersonation and BEC scams. First seen…
-
Slow Pisces Group Targets Developers Using Coding Challenges Laced with Python Malware
A North Korean state-sponsored threat group known as >>Slow Pisces
-
Tycoon2FA phishing kit rolled out significant updates
The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities. The phishing kit now uses advanced evasion tactics such as a custom CAPTCHA via HTML5 canvas, invisible Unicode…
-
GOFFEE APT: New PowerModul Implant and Tactics Target Russian Organizations
The APT group GOFFEE has resurfaced with a revamped arsenal, launching targeted cyberattacks across Russia’s strategic sectors. According First seen on securityonline.info Jump to article: securityonline.info/goffee-apt-new-powermodul-implant-and-tactics-target-russian-organizations/
-
Houthi Influence Campaign: Deceptive Tactics on Facebook Target Israel and Gulf States
In a recent cybersecurity analysis, ClearSky’s team uncovered a persistent influence campaign originating from Yemen/Houthi, targeting Israel and First seen on securityonline.info Jump to article: securityonline.info/houthi-influence-campaign-deceptive-tactics-on-facebook-target-israel-and-gulf-states/
-
Why security culture is crypto’s strongest asset
In this Help Net Security interview, Norah Beers, CISO at Grayscale, discusses key security challenges in managing crypto assets, adversary tactics, private key management, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/11/norah-beers-grayscale-crypto-asset-management/

