Tag: tactics

What are zero-day attacks and why do they work?

Dec 1, 2025 6:49 PM

Tags: access, antivirus, attack, breach, bug-bounty, cyber, cybersecurity, data, detection, edr, email, endpoint, espionage, exploit, government, group, hacker, infrastructure, intelligence, malicious, mobile, network, phishing, risk, service, software, spear-phishing, strategy, supply-chain, tactics, threat, tool, unauthorized, update, vulnerability, vulnerability-management, zero-day, zero-trust

No available patch: These exploits are unknown to both vendors and defenders, meaning they have not been identified and patched yet, leaving the door open for attackers.High-value targets: These attacks are often used in cyber espionage, ransomware campaigns, and advanced persistent threats (APTs) to target high-value assets with sensitive data.Difficult to detect: These exploits often are missed by traditional detection tools, especially…
Hackers Shift to ‘Living Off the Land’ Tactics to Evade EDR on Windows Systems

Dec 1, 2025 3:49 PM

Tags: cyber, cyberattack, edr, hacker, tactics, tool, windows

Security researchers have discovered that modern attackers are abandoning traditional offensive tools and instead weaponizing legitimate Windows utilities to conduct cyberattacks without triggering security alarms. This shift in tactics, known as >>Living Off the Land,
Hackers Launch 2,000+ Fake Holiday Shops in Massive Payment Theft Scheme

Dec 1, 2025 3:49 PM

Tags: cyber, cybersecurity, finance, hacker, infrastructure, network, phishing, tactics, theft, unauthorized

Cybersecurity researchers have uncovered a massive network of over 2,000 fraudulent online storefronts deliberately activated during the Black Friday and Cyber Monday shopping season to harvest consumer payment information and execute unauthorized financial transactions. The discovery reveals two distinct but potentially coordinated phishing clusters that leverage shared infrastructure, automated templates, and brand impersonation tactics to…
Hackers Launch 2,000+ Fake Holiday Shops in Massive Payment Theft Scheme

Dec 1, 2025 3:49 PM

Tags: cyber, cybersecurity, finance, hacker, infrastructure, network, phishing, tactics, theft, unauthorized

Cybersecurity researchers have uncovered a massive network of over 2,000 fraudulent online storefronts deliberately activated during the Black Friday and Cyber Monday shopping season to harvest consumer payment information and execute unauthorized financial transactions. The discovery reveals two distinct but potentially coordinated phishing clusters that leverage shared infrastructure, automated templates, and brand impersonation tactics to…
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

Dec 1, 2025 7:49 AM

Tags: access, attack, government, russia, service, tactics, threat

The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools.”These attacks highlight a notable shift in Tomiris’s tactics, namely the increased use of implants that leverage public services (e.g., Telegram and Discord) as…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
Hackers Trick macOS Users into Running Terminal Commands to Install FlexibleFerret Malware

Nov 26, 2025 12:49 PM

Tags: cyber, hacker, jobs, macOS, malicious, malware, north-korea, social-engineering, tactics, threat

North Korean-aligned threat actors are leveraging convincing fake job recruitment websites to deceive macOS users into executing malicious Terminal commands that deliver the FlexibleFerret malware, according to recent analysis from Jamf Threat Labs. The campaign, attributed to the Contagious Interview operation, represents a refined iteration of social engineering tactics designed to bypass macOS security protections,…
Hackers Trick macOS Users into Running Terminal Commands to Install FlexibleFerret Malware

Nov 26, 2025 12:49 PM

Tags: cyber, hacker, jobs, macOS, malicious, malware, north-korea, social-engineering, tactics, threat

North Korean-aligned threat actors are leveraging convincing fake job recruitment websites to deceive macOS users into executing malicious Terminal commands that deliver the FlexibleFerret malware, according to recent analysis from Jamf Threat Labs. The campaign, attributed to the Contagious Interview operation, represents a refined iteration of social engineering tactics designed to bypass macOS security protections,…
New Malware-as-a-Service ‘Olymp Loader’ Emerges on Hacker Forums With Advanced Anti-Analysis Features

Nov 26, 2025 12:49 PM

Tags: cyber, cybercrime, hacker, malware, service, tactics, threat

Olymp Loader has emerged as a sophisticated Malware-as-a-Service (MaaS) platform since its public debut in June 2025, quickly establishing itself as a notable threat across underground cybercriminal forums and Telegram channels. Marketed under the alias >>OLYMPO,
Alliances between ransomware groups tied to recent surge in cybercrime

Nov 26, 2025 8:49 AM

Tags: access, attack, awareness, backup, business, cloud, cybercrime, cybersecurity, data, encryption, exploit, extortion, group, healthcare, incident response, intelligence, law, leak, monitoring, ransom, ransomware, saas, service, software, tactics, theft, threat, vpn, vulnerability, zero-day

Ransomware groups change tactics to evade law enforcement: The latest quarterly study from Rapid7 also found that newly forged alliances are leading to a spike in ransomware activity while adding that tactical innovations, from refined extortion to double extortion and use of zero day, are also playing a part in increased malfeasance.The quarter also saw…
New ClickFix attacks use fake Windows Update screens to fool employees

Nov 26, 2025 5:49 AM

Tags: access, attack, awareness, captcha, computer, control, data, defense, detection, edr, email, endpoint, exploit, group, infection, intelligence, malicious, malware, monitoring, network, okta, phishing, powershell, russia, tactics, threat, tool, training, update, windows

Run dialog box, Windows Terminal, or Windows PowerShell. This leads to the downloading of scripts that launch malware.Two new tactics are used in the latest ClickFix campaign, says Huntress:the use since early October of a fake blue Windows Update splash page in full-screen, displaying realistic “Working on updates” animations that eventually conclude by prompting the user to…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
DPRK’s FlexibleFerret Tightens macOS Grip

Nov 25, 2025 11:49 PM

Tags: credentials, macOS, scam, social-engineering, tactics

The actor behind the Contagious Interview campaign is continuing to refine its tactics and social engineering scams to wrest credentials from macOS users. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprks-flexibleferret-tightens-macos-grip
Advanced Security Isn’t Stopping Ancient Phishing Tactics

Nov 25, 2025 7:49 PM

Tags: attack, phishing, tactics

New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics
Advanced Security Isn’t Stopping Ancient Phishing Tactics

Nov 25, 2025 7:49 PM

Tags: attack, phishing, tactics

New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics
Advanced Security Isn’t Stopping Ancient Phishing Tactics

Nov 25, 2025 7:49 PM

Tags: attack, phishing, tactics

New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign

Nov 25, 2025 9:49 AM

Tags: attack, cloud, corporate, data, defense, github, intelligence, malicious, malware, radius, risk, risk-analysis, supply-chain, tactics, threat, tool, update

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign

Nov 25, 2025 9:49 AM

Tags: attack, cloud, corporate, data, defense, github, intelligence, malicious, malware, radius, risk, risk-analysis, supply-chain, tactics, threat, tool, update

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
Elephant Group Launches Defense Sector Attacks Using MSBuild-Delivered Python Backdoor

Nov 25, 2025 1:49 AM

Tags: access, attack, backdoor, cyber, cyberattack, defense, detection, group, india, malware, tactics, threat

An India-aligned advanced persistent threat group known as Dropping Elephant has launched sophisticated cyberattacks against Pakistan’s defense sector using a newly developed Python-based backdoor delivered through an MSBuild dropper. The campaign demonstrates significant evolution in the threat actor’s tactics, techniques, and procedures, combining living-off-the-land binaries with custom malware to evade detection and establish persistent access…
APT35 Data Leak Uncovers the Iranian Hacker Group’s Operations and Tactics

Nov 25, 2025 1:49 AM

Tags: attack, breach, cyber, data, data-breach, espionage, group, hacker, intelligence, iran, leak, metric, tactics

In October 2025, a significant breach exposed internal operational documents from APT35, also known as Charming Kitten, revealing that the Iranian state-sponsored group operates as a bureaucratized, quota-driven cyber-espionage unit with hierarchical command structures, performance metrics, and specialized attack teams. The leaked materials provide an unprecedented window into how this Islamic Revolutionary Guard Corps Intelligence…
Chinese APT24 Deploys Custom Malware, New Stealthy Tactics

Nov 22, 2025 12:49 AM

Tags: china, cloud, espionage, google, group, hacking, infrastructure, malware, tactics

3-Year Espionage Campaign Targeted Taiwanese Firms. Chinese nation-state group APT24 targeted multiple Taiwanese companies as part of an espionage operation that went undetected for three years. The hacking group continually updated its malware infrastructure and tactics, enabling it to stay under the radar, Google Cloud said. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-apt24-deploys-custom-malware-new-stealthy-tactics-a-30103
Hack the Hackers: 6 Laws for Staying Ahead of the Attackers

Nov 21, 2025 10:49 PM

Tags: framework, hacker, law, tactics

A new security framework responds to a shift in attackers’ tactics, one that allows them to infiltrate enterprises silently through their own policies. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/hack-hackers-6-laws-staying-ahead-cyberattackers
How to turn threat intel into real security wins

Nov 21, 2025 7:49 PM

Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerability

The CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
How to turn threat intel into real security wins

Nov 21, 2025 7:49 PM

Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerability

The CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
Root causes of security breaches remain elusive, jeopardizing resilience

Nov 21, 2025 7:49 PM

Tags: attack, breach, business, ciso, cyber, cybercrime, cybersecurity, data, detection, framework, governance, incident response, intelligence, lessons-learned, monitoring, resilience, security-incident, service, siem, skills, software, strategy, tactics, technology, threat, tool, training, update, vpn, vulnerability

Tracing an attack path: Preparation is key, so businesses need to have dedicated tools and skills for digital forensics in place before an incident occurs through technologies such as security incident and event management (SIEM).SIEM devices are important because, for example, many gateway and VPN devices have a local storage that overwrites itself within hours.”If…
Sneaky2FA phishing tool adds ability to insert legit-looking URLs

Nov 21, 2025 5:49 AM

Tags: access, ai, attack, awareness, breach, ciso, cloud, data, defense, detection, email, exploit, google, jobs, linkedin, malicious, malware, microsoft, phishing, risk, software, tactics, tool, training

A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
Sneaky2FA phishing tool adds ability to insert legit-looking URLs

Nov 21, 2025 5:49 AM

Tags: access, ai, attack, awareness, breach, ciso, cloud, data, defense, detection, email, exploit, google, jobs, linkedin, malicious, malware, microsoft, phishing, risk, software, tactics, tool, training

A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
The Changing Threat Landscape for Retailers: Why is data security working harder than last year?

Nov 20, 2025 9:49 PM

Tags: access, ai, api, application-security, attack, automation, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, GDPR, hacker, ibm, incident, intelligence, Internet, malicious, malware, monitoring, PCI, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, saas, security-incident, service, social-engineering, software, strategy, supply-chain, tactics, threat, tool, unauthorized, vulnerability

The Changing Threat Landscape for Retailers: Why is data security working harder than last year? madhav Thu, 11/20/2025 – 08:37 It’s the 2025 holiday shopping season, and retailers everywhere are geared up for the rush of online customers. From late November to January, which includes Black Friday, Cyber Monday, Christmas shopping, and end-of-season sales, is…