Tag: tactics

China-Aligned UTA0388 Uses AI Tools in Global Phishing Campaigns

Nov 10, 2025 5:20 PM

Tags: ai, china, LLM, phishing, spear-phishing, tactics, tool

Volexity has linked spear phishing operations to China-aligned UTA0388 in new campaigns using advanced tactics and LLMs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-aligned-uta0388-ai-tools/
Saturday Security: Three Breaches, Three Lessons and How Attackers Keep Adapting

Nov 8, 2025 8:19 PM

Tags: backup, breach, cloud, data, data-breach, espionage, service, social-engineering, tactics, theft

This week, three very different data breaches proved one thing: no sector is safe. From nation-state espionage to data theft to social engineering, the tactics vary, but the results are the same: exposed data, shaken trust, and hard lessons. Here’s what happened: ðŸ, ’ SonicWall, A nation-state actor breached its cloud backup service, stealing… First…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
ClickFix Attack Evolves: Weaponized Videos Trigger Self-Infection Tactics

Nov 7, 2025 2:20 PM

Tags: attack, awareness, cyber, defense, infection, malicious, phishing, social-engineering, tactics, threat, tool

ClickFix attacks have surged dramatically over the past year, cementing their position as pivotal tools in the modern attacker’s arsenal. These sophisticated social engineering campaigns coerce users into executing malicious code on their own devices, bypassing traditional awareness defenses that focus on preventing suspicious clicks, dodgy downloads, and phishing websites. During a recent threat briefing…
Business continuity and cybersecurity: Two sides of the same coin

Nov 7, 2025 2:20 PM

Tags: access, ai, attack, backup, breach, business, cloud, control, corporate, credentials, cyber, cybercrime, cybersecurity, data, data-breach, detection, email, finance, framework, google, incident response, infrastructure, intelligence, Internet, network, nist, ransomware, RedTeam, resilience, risk, sans, service, strategy, tactics, threat, tool, training, veeam, vulnerability, zero-trust

Why traditional business continuity plans fail against modern threats: I’ve implemented change management processes in environments requiring 99.99% uptime and I can tell you that most business continuity plans were designed for a different era. They assume that your backup systems, communication channels and recovery procedures will be available when you need them. Today’s threat…
Business continuity and cybersecurity: Two sides of the same coin

Nov 7, 2025 2:20 PM

Tags: access, ai, attack, backup, breach, business, cloud, control, corporate, credentials, cyber, cybercrime, cybersecurity, data, data-breach, detection, email, finance, framework, google, incident response, infrastructure, intelligence, Internet, network, nist, ransomware, RedTeam, resilience, risk, sans, service, strategy, tactics, threat, tool, training, veeam, vulnerability, zero-trust

Why traditional business continuity plans fail against modern threats: I’ve implemented change management processes in environments requiring 99.99% uptime and I can tell you that most business continuity plans were designed for a different era. They assume that your backup systems, communication channels and recovery procedures will be available when you need them. Today’s threat…
ClickFix Attack Evolves: Weaponized Videos Trigger Self-Infection Tactics

Nov 7, 2025 2:20 PM

Tags: attack, awareness, cyber, defense, infection, malicious, phishing, social-engineering, tactics, threat, tool

ClickFix attacks have surged dramatically over the past year, cementing their position as pivotal tools in the modern attacker’s arsenal. These sophisticated social engineering campaigns coerce users into executing malicious code on their own devices, bypassing traditional awareness defenses that focus on preventing suspicious clicks, dodgy downloads, and phishing websites. During a recent threat briefing…
ClickFix Attack Evolves: Weaponized Videos Trigger Self-Infection Tactics

Nov 7, 2025 2:20 PM

Tags: attack, awareness, cyber, defense, infection, malicious, phishing, social-engineering, tactics, threat, tool

ClickFix attacks have surged dramatically over the past year, cementing their position as pivotal tools in the modern attacker’s arsenal. These sophisticated social engineering campaigns coerce users into executing malicious code on their own devices, bypassing traditional awareness defenses that focus on preventing suspicious clicks, dodgy downloads, and phishing websites. During a recent threat briefing…
New Android Malware ‘Fantasy Hub’ Spies on Users’ Calls, Contacts, and Messages

Nov 7, 2025 1:19 PM

Tags: access, android, cyber, malware, mobile, russia, service, social-engineering, spyware, tactics, threat

Russian-based threat actors are actively distributing a sophisticated Android Remote Access Trojan called >>Fantasy Hub
New Android Malware ‘Fantasy Hub’ Spies on Users’ Calls, Contacts, and Messages

Nov 7, 2025 1:19 PM

Tags: access, android, cyber, malware, mobile, russia, service, social-engineering, spyware, tactics, threat

Russian-based threat actors are actively distributing a sophisticated Android Remote Access Trojan called >>Fantasy Hub
Ransom Tales: Volume V, Throwback Edition! Emulating REvil, DarkSide, and BlackMatter Ransomware

Nov 6, 2025 11:19 PM

Tags: attack, control, ransom, ransomware, resilience, tactics

AttackIQ presents the fifth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ revisits historical ransomware operations with…
Critical Bug in Midnight Ransomware Tool Unlocks File Recovery

Nov 6, 2025 3:19 PM

Tags: cyber, ransomware, tactics, threat, tool

In the ever-evolving landscape of cyber threats, a new ransomware strain, Midnight, has emerged, echoing the notorious tactics of its predecessor, Babuk. First detected by Gen researchers, Midnight blends familiar ransomware mechanics with novel cryptographic modifications”, some of which unintentionally open the door to file recovery. This represents a rare opportunity for victims to reclaim…
Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
Critical Bug in Midnight Ransomware Tool Unlocks File Recovery

Nov 6, 2025 3:19 PM

Tags: cyber, ransomware, tactics, threat, tool

In the ever-evolving landscape of cyber threats, a new ransomware strain, Midnight, has emerged, echoing the notorious tactics of its predecessor, Babuk. First detected by Gen researchers, Midnight blends familiar ransomware mechanics with novel cryptographic modifications”, some of which unintentionally open the door to file recovery. This represents a rare opportunity for victims to reclaim…
Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
Hackers Exploit AI Tools to Intensify Ransomware Attacks on European Organizations

Nov 5, 2025 11:19 AM

Tags: ai, attack, breach, crowdstrike, cyber, cybercrime, defense, exploit, hacker, intelligence, leak, ransomware, social-engineering, tactics, threat, tool

European organizations are facing an unprecedented surge in ransomware attacks as cybercriminals increasingly adopt artificial intelligence and sophisticated social engineering tactics to breach defenses and accelerate their operations. According to the latest CrowdStrike 2025 European Threat Landscape Report, big game hunting ransomware adversaries have named approximately 2,100 European-based victims on more than 100 dedicated leak…
Hackers Exploit AI Tools to Intensify Ransomware Attacks on European Organizations

Nov 5, 2025 11:19 AM

Tags: ai, attack, breach, crowdstrike, cyber, cybercrime, defense, exploit, hacker, intelligence, leak, ransomware, social-engineering, tactics, threat, tool

European organizations are facing an unprecedented surge in ransomware attacks as cybercriminals increasingly adopt artificial intelligence and sophisticated social engineering tactics to breach defenses and accelerate their operations. According to the latest CrowdStrike 2025 European Threat Landscape Report, big game hunting ransomware adversaries have named approximately 2,100 European-based victims on more than 100 dedicated leak…
Anatomy of Tycoon 2FA Phishing: Tactics Targeting M365 and Gmail

Nov 4, 2025 12:19 PM

Tags: 2fa, authentication, cyber, malware, mfa, phishing, service, strategy, tactics, threat

The Tycoon 2FA phishing kit represents one of the most sophisticated threats targeting enterprise environments today. This Phishing-as-a-Service (PhaaS) platform, which emerged in August 2023, has become a formidable adversary against organizational security, employing advanced evasion techniques and adversary-in-the-middle (AiTM) strategies to bypass multi-factor authentication protections. According to the Any.run malware trends tracker, Tycoon 2FA…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
SesameOp: Using the OpenAI Assistants API for Covert C2 Communication

Nov 4, 2025 8:19 AM

Tags: api, backdoor, cloud, control, cyber, data-breach, detection, exploit, malicious, malware, microsoft, openai, service, tactics, threat

Microsoft’s Detection and Response Team has exposed a sophisticated backdoor malware that exploits the OpenAI Assistants API as an unconventional command-and-control communication channel. Named SesameOp, this threat demonstrates how adversaries are rapidly adapting to leverage legitimate cloud services for malicious purposes, making detection significantly more challenging for security teams. The discovery highlights the evolving tactics…
OAuth Device Code Phishing: Azure vs. Google Compared

Nov 3, 2025 5:20 PM

Tags: attack, google, identity, phishing, tactics

Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs’ Live Hack to learn about attack techniques, defensive tactics, and get an Identity Security Assessment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oauth-device-code-phishing-azure-vs-google-compared/
TDL 008 – Defending the Frontline: Ransomware, AI, and Real-World Lessons

Nov 3, 2025 5:19 AM

Tags: access, ai, attack, authentication, awareness, backup, breach, business, ceo, ciso, computer, country, crime, cyber, cybersecurity, data, deep-fake, email, exploit, extortion, finance, firewall, framework, fraud, government, group, guide, healthcare, ibm, incident, incident response, infrastructure, insurance, intelligence, law, mfa, microsoft, penetration-testing, phone, powershell, ransom, ransomware, risk, russia, scam, service, social-engineering, strategy, tactics, technology, theft, threat, tool, training, vpn, vulnerability, zero-day

Summary In this episode of “The Defender’s Log,” host David Redekop interviews Alexander Rau, a cybersecurity partner at KPMG, about the evolving incident response (IR) landscape. Rau notes that the past summer was exceptionally busy for IR, driven largely by zero-day firewall vulnerabilities. He highlights that threat actors are innovating, even using AI chatbots for…
TDL 008 – Defending the Frontline: Ransomware, AI, and Real-World Lessons

Nov 3, 2025 5:19 AM

Tags: access, ai, attack, authentication, awareness, backup, breach, business, ceo, ciso, computer, country, crime, cyber, cybersecurity, data, deep-fake, email, exploit, extortion, finance, firewall, framework, fraud, government, group, guide, healthcare, ibm, incident, incident response, infrastructure, insurance, intelligence, law, mfa, microsoft, penetration-testing, phone, powershell, ransom, ransomware, risk, russia, scam, service, social-engineering, strategy, tactics, technology, theft, threat, tool, training, vpn, vulnerability, zero-day

Summary In this episode of “The Defender’s Log,” host David Redekop interviews Alexander Rau, a cybersecurity partner at KPMG, about the evolving incident response (IR) landscape. Rau notes that the past summer was exceptionally busy for IR, driven largely by zero-day firewall vulnerabilities. He highlights that threat actors are innovating, even using AI chatbots for…
Old threats, new consequences: 90% of cyber claims stem from email and remote access

Oct 30, 2025 4:19 PM

Tags: access, ai, attack, awareness, cisco, ciso, citrix, cloud, communications, control, credentials, cve, cyber, cybersecurity, data, defense, detection, email, encryption, finance, fraud, hacker, insurance, mail, malicious, microsoft, network, phishing, phone, ransomware, risk, sophos, tactics, threat, tool, update, vpn, vulnerability

2025 InsurSec Rankings Report, email and remote access remain the most prominent cyber threat vectors, accounting for 90% of cyber insurance claims in 2024.And, no surprise, larger companies continue to get hit hardest. But, interestingly, the virtual private networks (VPNs) many rely on are anything but secure, despite assumptions to the contrary.”We know from our…
Cyber Pros Needed: Securing the Middle Ground

Oct 30, 2025 4:19 PM

Tags: cyber, defense, ransom, ransomware, tactics, threat

Midsize Businesses Need Skilled Professionals as Threat Actors Shift Their Tactics As large enterprises continue to strengthen their defenses and reduce ransom payouts, ransomware operators are redirecting their attention toward midsize organizations. This shift has increased the urgency for adaptable, well-trained cyber professionals who can tailor enterprise-grade protections. First seen on govinfosecurity.com Jump to article:…
Rapid7: Cyber defences stuck in the 1980s as threats mount

Oct 30, 2025 4:19 PM

Tags: ai, cyber, detection, tactics, threat

The company’s chief product officer notes that many defence tactics are still stuck in the past, urging organisations to adopt AI-driven security platforms to improve threat detection and response First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366633571/Rapid7-Cyber-defences-stuck-in-the-1980s-as-threats-mount
Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

Oct 29, 2025 4:26 PM

Tags: access, apt, data, exploit, hacker, network, russia, tactics, threat, tool, ukraine

Russian actors, likely linked to Sandworm, targeted Ukrainian firms using LotL tactics and dual-use tools to steal data and stay hidden, says Symantec and Carbon Black. Russian threat actors, likely linked to the APT Sandworm, targeted Ukrainian organizations to steal sensitive data and maintain long-term network access, Symantec Threat Hunter Team and Carbon Black report.…