Tag: tactics

GenDigital Research Exposes AuraStealer Infostealer Tactics

Jan 8, 2026 9:01 PM

Tags: data, tactics, windows

GenDigital researchers reveal how AuraStealer uses advanced evasion and a MaaS model to steal data from Windows systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/gendigital-research-exposes-aurastealer-infostealer-tactics/
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
How CIOs can brace for AI-fueled cyberthreats

Jan 8, 2026 6:03 PM

Tags: ai, cio, cyber, tactics

Executives are carefully tracking the rise in AI use for cyberthreats, bolstering basic preparedness tactics and increasing cyber spend in response. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/how-cios-can-brace-for-ai-fueled-cyberthreats/809093/
Top cyber threats to your AI systems and infrastructure

Jan 8, 2026 9:01 AM

Tags: ai, api, attack, best-practice, business, chatgpt, ciso, cloud, cyber, cybersecurity, data, defense, detection, exploit, framework, governance, hacker, infrastructure, injection, intelligence, LLM, malicious, mitre, monitoring, open-source, RedTeam, risk, sans, service, skills, software, strategy, supply-chain, tactics, theft, threat, tool, training, unauthorized, usa, vulnerability

Data poisoning Data poisoning is a type of attack in which bad actorsmanipulate, tamper with, and pollute the data used to develop or train AI systems, including machine learning models. By corrupting the data or introducing faulty data, attackers can alter, bias, or otherwise render inaccurate a model’s performance.Imagine an attack that tells a model…
CrazyHunter Ransomware Targets Healthcare Sector Using Sophisticated Evasion Tactics

Jan 7, 2026 10:02 PM

Tags: cyber, cybercrime, healthcare, malware, network, ransomware, tactics, threat

A sophisticated new ransomware variant, CrazyHunter, has emerged as a critical threat to the healthcare sector, employing advanced anti-malware evasion techniques and rapid network propagation that have security researchers deeply concerned. Trellix, which has been actively tracking this threat since its initial appearance, reports that the ransomware represents a significant evolution in cybercriminal tactics targeting…
Chinese Hackers Use NFC-Enabled Android Malware to Steal Payment Information

Jan 7, 2026 10:02 PM

Tags: android, china, cyber, data, group, hacker, malicious, malware, nfc, social-engineering, tactics, threat

Chinese threat actors are conducting an aggressive campaign that distributes NFC-enabled Android malware capable of intercepting and remotely relaying payment card data via Telegram. Identified as >>Ghost Tap<< and linked to threat groups including TX-NFC and NFU Pay, the malicious applications employ social engineering tactics to deceive users into installing APKs and unknowingly facilitating fraudulent…
Hackers Create Fake DocuSign Login Page to Steal User Credentials

Jan 7, 2026 9:52 AM

Tags: attack, credentials, crime, cyber, cybercrime, detection, hacker, Internet, login, phishing, social-engineering, tactics, threat

Phishing attacks continue to dominate the cybercrime landscape as threat actors refine their social engineering tactics to evade detection systems. The FBI’s Internet Crime Complaint Center (IC3) recorded 193,407 phishing and spoofing complaints in 2024, making it the year’s top cybercrime category and contributing to a staggering $16.6 billion in rep. Phishing attacks continue to…
8 things CISOs can’t afford to get wrong in 2026

Jan 7, 2026 8:52 AM

Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust

“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
Is GenAI Leaving Two-Thirds of Security Teams Behind?

Jan 6, 2026 5:52 PM

Tags: ai, network, tactics, threat

Security teams have a singular goal: detect and stop threats from disrupting business. Attackers change tactics and networks evolve constantly, but defenders are the ones who will always bear the burden. Businesses are heavily adopting AI to become more efficient, scale, and augment the human workforce, yet defenders must figure out how to secure any..…
Why governments need to treat fraud like cyberwarfare, not customer service

Jan 6, 2026 1:52 PM

Tags: business, finance, fraud, government, service, tactics

For too long, fraud an illicit economy rivaling the GDP of G20 nations has been seen as a cost of doing business, a nuisance to be absorbed by banks and consumers. That perception is a dangerous relic. Modern fraud blends geopolitics with advanced technical tactics, carried out through criminal proxies to target businesses […] First…
How Protesters Became Content for the Cops

Jan 2, 2026 12:51 PM

Tags: tactics

The tactics behind protest policing are changing”, from one of cooperation to intentional antagonism for political marketing purposes. First seen on wired.com Jump to article: www.wired.com/story/expired-tired-wired-protest-surveillance/
Top 10 Cybersecurity Predictions for 2026

Jan 1, 2026 10:52 AM

Tags: access, ai, api, application-security, attack, authentication, automation, awareness, backdoor, backup, best-practice, blockchain, breach, business, ceo, china, ciso, cloud, communications, compliance, computer, computing, conference, control, corporate, crypto, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, email, encryption, espionage, exploit, extortion, finance, fraud, governance, government, group, hacker, hacking, healthcare, identity, incident response, infrastructure, intelligence, Internet, iran, korea, law, linkedin, LLM, malicious, malware, mfa, military, monitoring, msp, mssp, network, nist, north-korea, organized, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, russia, scam, service, skills, soc, social-engineering, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, ukraine, update, vulnerability, vulnerability-management, warfare, windows, zero-day

Top 10 Cybersecurity Predictions for 2026 The year AI changes cybersecurity forever Cybersecurity predictions are an opportunity to look forward instead of back, to be proactive instead of reactive, and to consider how changes in attackers, technology, and the security industry will impact the sustainability of managing cyber risks. Gaining future insights to the threats, targets,…
Security coverage is falling behind the way attackers behave

Dec 31, 2025 6:51 AM

Tags: cybercrime, tactics

Cybercriminals keep tweaking their procedures, trying out new techniques, and shifting tactics across campaigns. Coverage that worked yesterday may miss how those behaviors … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/31/cybercriminals-activity-behavior/
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Dec 22, 2025 1:19 PM

Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorized

Tools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Dec 22, 2025 1:19 PM

Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorized

Tools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
FBI says ‘ongoing’ deepfake impersonation of U.S. gov officials dates back to 2023

Dec 19, 2025 10:19 PM

Tags: deep-fake, tactics, update

The update also includes new details around the specific tactics and talking points impersonators use to ensnare victims. First seen on cyberscoop.com Jump to article: cyberscoop.com/fbi-says-ongoing-deepfake-impersonation-of-us-officials-dates-back-to-2023/
FTC: Instacart to refund $60M over deceptive subscription tactics

Dec 19, 2025 11:19 AM

Tags: finance, service, tactics

Grocery delivery service Instacart will refund $60 million to settle FTC claims that it misled customers with false advertising and unlawfully enrolled them in paid subscriptions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/instacart-to-refund-60m-over-deceptive-subscription-tactics/
Targeted Phishing Attack Strikes HubSpot Users

Dec 19, 2025 10:19 AM

Tags: attack, business, credentials, cyber, email, malware, phishing, tactics, threat

Evalian’s Security Operations Centre has uncovered an active, sophisticated phishing campaign targeting HubSpot customers, combining business email compromise (BEC) tactics with website compromise to distribute a credential-stealing malware to unsuspecting users. The multi-layered attack demonstrates how modern threat actors are evolving their techniques to bypass traditional email security controls. The phishing campaign employs a deceptive…
Managing agentic AI risk: Lessons from the OWASP Top 10

Dec 19, 2025 8:19 AM

Tags: access, ai, attack, authentication, automation, ciso, cloud, compliance, container, control, credentials, cybercrime, data, exploit, finance, framework, governance, identity, injection, jobs, malicious, mitigation, risk, service, software, supply-chain, tactics, threat, tool, training, unauthorized, update

Actionable guidance: Agentic AI is the main topic of conversation in discussions among his peers, says Keith Hillis, VP of security engineering at Akamai Technologies.”Most organizations are confronted with the challenge of balancing the promising power of AI while also ensuring the organization is not incurring increased security risk,” he says. So, the biggest value…
Managing agentic AI risk: Lessons from the OWASP Top 10

Dec 19, 2025 8:19 AM

Tags: access, ai, attack, authentication, automation, ciso, cloud, compliance, container, control, credentials, cybercrime, data, exploit, finance, framework, governance, identity, injection, jobs, malicious, mitigation, risk, service, software, supply-chain, tactics, threat, tool, training, unauthorized, update

Actionable guidance: Agentic AI is the main topic of conversation in discussions among his peers, says Keith Hillis, VP of security engineering at Akamai Technologies.”Most organizations are confronted with the challenge of balancing the promising power of AI while also ensuring the organization is not incurring increased security risk,” he says. So, the biggest value…
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware

Dec 18, 2025 10:19 PM

Tags: cyber, malware, network, tactics, threat

Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware

Dec 18, 2025 10:19 PM

Tags: cyber, malware, network, tactics, threat

Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…
GachiLoader Deploys Payloads Using Obfuscated Node.js Malware

Dec 18, 2025 10:19 PM

Tags: cyber, malware, network, tactics, threat

Check Point Research has uncovered a sophisticated malware distribution campaign leveraging the YouTube Ghost Network to deploy GachiLoader, a novel, heavily obfuscated Node.js-based loader designed to deliver the Rhadamanthys infostealer to unsuspecting victims. The campaign, which commenced in December 2024, represents a significant evolution in malware delivery tactics and demonstrates how threat actors continue to…
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

Dec 18, 2025 3:19 PM

Tags: ai, breach, exploit, infrastructure, leak, tactics, threat, tool

This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from.From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape…
ForumTrol Operation Uses Chrome Zero-Day in Fresh Phishing Attacks

Dec 17, 2025 9:19 PM

Tags: apt, attack, browser, chrome, cve, cyber, exploit, google, group, phishing, russia, social-engineering, tactics, vulnerability, zero-day

The ForumTroll APT group has resurfaced with a sophisticated phishing campaign targeting Russian academics, marking a significant escalation in their ongoing operations against entities in Russia and Belarus. While the group initially gained notoriety for exploiting CVE-2025-2783, a zero-day vulnerability in Google Chrome, their latest offensive relies on refined social engineering tactics and commercial red…
BlindEagle Targets Colombian Government Agency with Caminho and DCRAT

Dec 17, 2025 10:19 AM

Tags: access, attack, authentication, cloud, communications, control, cybercrime, defense, detection, dkim, dmarc, dns, email, encryption, flaw, government, group, infrastructure, injection, Internet, malicious, malware, microsoft, open-source, phishing, powershell, rat, service, spear-phishing, startup, tactics, threat, tool, update, usa, windows

IntroductionIn early September 2025, Zscaler ThreatLabz discovered a new spear phishing campaign attributed to BlindEagle, a threat actor who operates in South America and targets users in Spanish-speaking countries, such as Colombia. In this campaign, BlindEagle targeted a government agency under the control of the Ministry of Commerce, Industry and Tourism (MCIT) in Colombia using…
LLM-Driven Automation: A New Catalyst for Ransomware and RaaS Ecosystems

Dec 16, 2025 9:19 PM

Tags: ai, automation, cyber, LLM, ransomware, tactics, threat

SentinelLABS has released a comprehensive assessment regarding the integration of Large Language Models (LLMs) into the ransomware ecosystem, concluding that while AI is not yet driving a fundamental transformation in tactics, it is significantly accelerating the operational lifecycle. The research indicates that measurable gains in speed, volume, and multilingual reach are reshaping the threat landscape,…
Amazon warns that Russia’s Sandworm has shifted its tactics

Dec 16, 2025 5:19 PM

Tags: access, exploit, intelligence, military, network, russia, tactics, vulnerability

Researchers said attackers linked to Russia’s military intelligence agency have moved from vulnerability exploits to focus on poorly configured network edge devices to keep its access to target networks. First seen on cyberscoop.com Jump to article: cyberscoop.com/amazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44/
Report Surfaces Multiple Novel Social Engineering Tactics and Techniques

Dec 11, 2025 5:32 PM

Tags: ai, attack, cybercrime, malware, social-engineering, software, tactics, threat, update

HP’s latest threat report reveals rising use of sophisticated social engineering, SVG-based attacks, fake software updates, and AI-enhanced malware as cybercriminals escalate tactics to evade detection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/report-surfaces-multiple-novel-social-engineering-tactics-and-techniques/