Tag: tactics

ShinyHunters escalates tactics in extortion campaign linked to Okta environments

Feb 2, 2026 7:13 PM

Tags: access, extortion, okta, social-engineering, tactics

Researchers are tracking multiple clusters that are using social engineering to gain access to victims. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/shinyhunters-tactics-extortion-okta-environ/811112/
ShinyHunters Leads Surge in Vishing Attacks to Steal SaaS Data

Feb 2, 2026 6:13 PM

Tags: access, attack, cloud, credentials, data, extortion, group, mandiant, mfa, saas, tactics, threat

Several threat clusters are using vishing in extortion campaigns that include tactics that are consistent with those used by high-profile threat group ShinyHunters. They are stealing SSO and MFA credentials to access companies’ environments and steal data from cloud applications, according to Mandiant researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/shinyhunters-leads-surge-in-vishing-attacks-to-steal-saas-data/
Google Uncovers Major Expansion in ShinyHunters Threat Activity Using New Tactics

Feb 2, 2026 11:13 AM

Tags: authentication, corporate, credentials, cyber, cybercrime, extortion, google, identity, mfa, phishing, service, software, tactics, threat

A substantial expansion in cybercrime operations using tactics consistent with ShinyHunters-branded extortion campaigns. These sophisticated operations employ advanced voice phishing (vishing) and victim-branded credential harvesting websites to compromise corporate environments by stealing single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. While the methodology of targeting identity providers and Software-as-a-Service (SaaS) platforms remains consistent with…
A Head Start on Emerging Vulnerabilities with The Pentest Tool You Need!

Jan 30, 2026 5:22 PM

Tags: ai, cybersecurity, detection, malicious, penetration-testing, tactics, tool, vulnerability

The world of cybersecurity is undergoing a seismic shift. In 2026, AI-driven pentest tools are set to redefine how we approach vulnerability detection and exploitation. The conventional pentesting methods, which have served as the backbone of security assessments for decades, cannot be replaced, but given the hi-tech tactics of the malicious contemporaries, these tools simply……
Helpdesk Impersonation: A High-Risk Social Engineering Attack

Jan 30, 2026 11:28 AM

Tags: attack, risk, social-engineering, tactics, threat, unauthorized

With organizations becoming more digitally interconnected, threat actors are placing greater emphasis on manipulating people instead of breaching systems directly. One of the most deceptive and damaging tactics is helpdesk impersonation, a form of social engineering in which attackers pose as legitimate users or trusted personnel to manipulate support staff into granting unauthorized access…. First…
ShinyHunters ramp up new vishing campaign with 100s in crosshairs

Jan 30, 2026 5:21 AM

Tags: advisory, attack, authentication, breach, communications, control, credentials, cybercrime, cybersecurity, data, data-breach, finance, google, group, hacker, hacking, infrastructure, intelligence, login, mfa, microsoft, mobile, okta, phishing, phone, saas, security-incident, social-engineering, tactics, theft, tool, unauthorized

<img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?w=1024" alt="ShinyHunters data dump" class="wp-image-4124689" srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?quality=50&strip=all 2260w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=300%2C182&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=768%2C466&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1024%2C621&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1536%2C931&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=2048%2C1241&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1150%2C697&quality=50&strip=all 1150w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=277%2C168&quality=50&strip=all 277w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=139%2C84&quality=50&strip=all 139w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=792%2C480&quality=50&strip=all 792w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=594%2C360&quality=50&strip=all 594w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=412%2C250&quality=50&strip=all 412w” width=”1024″ height=”621″ sizes=”auto, (max-width: 1024px) 100vw, 1024px” /> CSOIn operation since 2020, ShinyHunters, also tracked as UNC6040, has stolen data from many well-known…
ShinyHunters ramp up new vishing campaign with 100s in crosshairs

Jan 30, 2026 5:21 AM

Tags: advisory, attack, authentication, breach, communications, control, credentials, cybercrime, cybersecurity, data, data-breach, finance, google, group, hacker, hacking, infrastructure, intelligence, login, mfa, microsoft, mobile, okta, phishing, phone, saas, security-incident, social-engineering, tactics, theft, tool, unauthorized

<img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?w=1024" alt="ShinyHunters data dump" class="wp-image-4124689" srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?quality=50&strip=all 2260w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=300%2C182&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=768%2C466&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1024%2C621&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1536%2C931&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=2048%2C1241&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1150%2C697&quality=50&strip=all 1150w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=277%2C168&quality=50&strip=all 277w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=139%2C84&quality=50&strip=all 139w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=792%2C480&quality=50&strip=all 792w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=594%2C360&quality=50&strip=all 594w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=412%2C250&quality=50&strip=all 412w” width=”1024″ height=”621″ sizes=”auto, (max-width: 1024px) 100vw, 1024px” /> CSOIn operation since 2020, ShinyHunters, also tracked as UNC6040, has stolen data from many well-known…
ICE Pretends It’s a Military Force. Its Tactics Would Get Real Soldiers Killed

Jan 29, 2026 8:22 PM

Tags: military, tactics

WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere. First seen on wired.com Jump to article: www.wired.com/story/ice-pretends-its-a-military-force-its-tactics-would-get-real-soldiers-killed/
ICE Pretends It’s a Military Force. Its Tactics Would Get Real Soldiers Killed

Jan 29, 2026 8:22 PM

Tags: military, tactics

WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere. First seen on wired.com Jump to article: www.wired.com/story/ice-pretends-its-a-military-force-its-tactics-would-get-real-soldiers-killed/
ICE Pretends It’s a Military Force. Its Tactics Would Get Real Soldiers Killed

Jan 29, 2026 8:22 PM

Tags: military, tactics

WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere. First seen on wired.com Jump to article: www.wired.com/story/ice-pretends-its-a-military-force-its-tactics-would-get-real-soldiers-killed/
ICE Pretends It’s a Military Force. Its Tactics Would Get Real Soldiers Killed

Jan 29, 2026 8:22 PM

Tags: military, tactics

WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere. First seen on wired.com Jump to article: www.wired.com/story/ice-pretends-its-a-military-force-its-tactics-would-get-real-soldiers-killed/
ICE Pretends It’s a Military Force. Its Tactics Would Get Real Soldiers Killed

Jan 29, 2026 8:22 PM

Tags: military, tactics

WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere. First seen on wired.com Jump to article: www.wired.com/story/ice-pretends-its-a-military-force-its-tactics-would-get-real-soldiers-killed/
A fake romance turns into an Android spyware infection

Jan 29, 2026 5:21 AM

Tags: android, infection, malicious, scam, spyware, tactics

ESET researchers have identified an Android spyware campaign that uses romance scam tactics to target individuals in Pakistan. The operation relies on a malicious app … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/ghostchat-android-romance-spyware/
eSkimming Attacks Surge with Evolving Tactics and Ongoing Recovery Challenges

Jan 28, 2026 4:23 PM

Tags: attack, cyber, tactics, threat

A new longitudinal study of Magecart-style eSkimming attacks overturns the assumption that discovery equals recovery. Instead of being a one-time incident that ends with script removal, eSkimming is emerging as a long-lived, shape”‘shifting threat that lingers on previously compromised sites and often returns in new forms. Over the course of a year, researchers tracked 550…
GoTo Resolve Tool’s Background Activities Compared to Ransomware Tactics

Jan 28, 2026 3:21 PM

Tags: access, ransomware, risk, software, tactics, tool

New research from Point Wild’s Lat61 team reveals how the HEURRemoteAdmin.GoToResolve.gen tool allows silent, unattended access to PCs. Learn why this legitimate remote administration software is being flagged as a security risk and its surprising connection to ransomware tactics. First seen on hackread.com Jump to article: hackread.com/goto-resolve-activities-ransomware-tactics/
Surging Cyberattacks Boost Latin America to Riskiest Region

Jan 28, 2026 3:21 PM

Tags: credentials, cyberattack, data, exploit, extortion, leak, tactics, usa

The region is up against tactics like data-leak extortion, credential-stealing campaigns, edge-device exploitation, and attackers leveraging AI. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/surging-cyberattacks-latin-america-riskiest-region
AI is Now Default Enterprise Accelerator: Takeaways from ThreatLabz 2026 AI Security Report

Jan 27, 2026 10:25 PM

Tags: access, ai, attack, automation, chatgpt, compliance, control, data, detection, finance, google, governance, infrastructure, injection, insurance, intelligence, malicious, malware, microsoft, ml, monitoring, RedTeam, risk, saas, social-engineering, supply-chain, tactics, technology, threat, tool, vulnerability, zero-trust

Artificial intelligence and machine learning (AI/ML) are no longer emerging capabilities inside enterprise environments. In 2025, they became a persistent operating layer for how work gets done. Developers ship faster, marketers generate more content, analysts automate research, and IT teams rely on AI to streamline troubleshooting and operations. The productivity gains are real, but so…
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2

Jan 27, 2026 6:24 PM

Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windows

This is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
From Cipher to Fear: The psychology behind modern ransomware extortion

Jan 27, 2026 5:23 PM

Tags: breach, data, encryption, exploit, extortion, group, psychology, ransomware, tactics

Modern ransomware has shifted from encryption to psychological extortion that exploits fear, liability, and exposure. Flare shows how today’s ransomware groups weaponize stolen data and pressure tactics to force payment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/from-cipher-to-fear-the-psychology-behind-modern-ransomware-extortion/
CISA Urges Public to Stay Alert Against Rising Natural Disaster Scams

Jan 27, 2026 4:21 PM

Tags: advisory, cisa, cyber, cybersecurity, infrastructure, malicious, risk, scam, social-engineering, tactics, threat, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster victims. As natural disasters strike communities, threat actors capitalize on the chaos and emotional vulnerability of affected populations by deploying sophisticated social engineering tactics disguised as legitimate relief efforts. According to…
ShinyHunters Group Targets Over 100 Enterprises, Including Canva, Atlassian, and Epic Games

Jan 27, 2026 4:21 PM

Tags: cyber, group, identity, infrastructure, okta, phishing, tactics, theft, threat

A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered Spider, LAPSUS$, and ShinyHunters. A sophisticated identity-theft campaign has emerged, targeting Single Sign-On (SSO) platforms particularly Okta across more than 100 high-value enterprises. Unlike automated phishing campaigns, this operation is human-led. It relies on voice…
Malicious PyPI Package Impersonates sympy-dev, Targeting Millions of Users

Jan 22, 2026 11:30 AM

Tags: attack, cyber, malicious, malware, pypi, supply-chain, tactics

A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating SymPy, one of the world’s most widely used symbolic mathematics libraries. The fraudulent package employs sophisticated typosquatting tactics and multi-stage execution to deliver cryptomining malware while avoiding detection. The malicious sympy-dev package directly copies SymPy’s official project…
NDSS 2025 Dissecting Payload-Based Transaction Phishing On Ethereum

Jan 21, 2026 9:14 PM

Tags: conference, data, detection, Internet, malicious, network, phishing, scam, tactics, threat

Authors, Creators & Presenters: Zhuo Chen (Zhejiang University), Yufeng Hu (Zhejiang University), Bowen He (Zhejiang University), Dong Luo (Zhejiang University), Lei Wu (Zhejiang University), Yajin Zhou (Zhejiang University) PAPER Dissecting Payload-Based Transaction Phishing On Ethereum In recent years, a more advanced form of phishing has arisen on Ethereum, surpassing early-stage, simple transaction phishing. This new…
China-linked APT UAT-8837 targets North American critical infrastructure

Jan 17, 2026 6:14 PM

Tags: apt, china, cisco, group, infrastructure, tactics, threat, usa

Cisco Talos says a China-linked group, tracked as UAT-8837, has targeted North American critical infrastructure since last year. Cisco Talos reports that threat group UAT-8837, likely linked to China, has targeted critical infrastructure in North America since at least last year. The activity shows tactics overlapping with known China-linked clusters. >>Cisco Talos is closely tracking…
‘Dual-channel’ attacks are the new face of BEC in 2026

Jan 13, 2026 8:02 PM

Tags: attack, business, cyber, email, tactics, threat

Business email compromise remains a significant threat as cyber fraudsters deploy a more diverse range of tactics against their potential victims, according to a report. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637242/Dual-channel-attacks-are-the-new-face-of-BEC-in-2026
AI-Powered Crypto Scams Drive Record $17B Losses in 2025

Jan 13, 2026 5:02 PM

Tags: ai, crypto, scam, tactics

Research by Chainalysis reveals that AI-powered impersonation tactics have exploded by an unprecedented 1,400% year-over-year. The post AI-Powered Crypto Scams Drive Record $17B Losses in 2025 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-2025-crypto-scam-losses/
Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials

Jan 9, 2026 7:02 PM

Tags: access, attack, credentials, cyber, encryption, exploit, incident response, ransomware, tactics, tool, vpn, vulnerability

Arctic Wolf Labs has uncovered a new ransomware variant dubbed >>Fog<< striking US organizations, primarily in education and recreation, through hijacked VPN access. First spotted on May 2, 2024, the attacks highlight vulnerabilities in remote access tools and the rapid encryption tactics used to exploit them."‹ Arctic Wolf's Incident Response team investigated multiple cases starting…
Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials

Jan 9, 2026 7:02 PM

Tags: access, attack, credentials, cyber, encryption, exploit, incident response, ransomware, tactics, tool, vpn, vulnerability

Arctic Wolf Labs has uncovered a new ransomware variant dubbed >>Fog<< striking US organizations, primarily in education and recreation, through hijacked VPN access. First spotted on May 2, 2024, the attacks highlight vulnerabilities in remote access tools and the rapid encryption tactics used to exploit them."‹ Arctic Wolf's Incident Response team investigated multiple cases starting…
PeekBoo! ðŸ«£ Emoji Smuggling and Modern LLMs FireTail Blog

Jan 9, 2026 3:01 PM

Tags: ai, computer, control, cybersecurity, data, exploit, injection, LLM, malicious, monitoring, risk, social-engineering, tactics, threat, tool, vulnerability

Jan 09, 2026 – Viktor Markopoulos – We often trust what we see. In cybersecurity, we are trained to look for suspicious links, strange file extensions, or garbled code. But what if the threat looked exactly like a smiling face sent by a colleague?Based on research by Paul Butler and building on FireTail’s previous disclosures…
PeekBoo! ðŸ«£ Emoji Smuggling and Modern LLMs FireTail Blog

Jan 9, 2026 3:01 PM

Tags: ai, computer, control, cybersecurity, data, exploit, injection, LLM, malicious, monitoring, risk, social-engineering, tactics, threat, tool, vulnerability

Jan 09, 2026 – Viktor Markopoulos – We often trust what we see. In cybersecurity, we are trained to look for suspicious links, strange file extensions, or garbled code. But what if the threat looked exactly like a smiling face sent by a colleague?Based on research by Paul Butler and building on FireTail’s previous disclosures…