Tag: threat
-
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions
Tags: apt, backdoor, china, cisa, cyber, cybersecurity, data-breach, espionage, infrastructure, threatCISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed technical details on BRICKSTORM, a backdoor used by China state-sponsored threat actors to gain and maintain long-term persistence on compromised systems, highlighting ongoing PRC cyber-espionage activity. >>The Cybersecurity…
-
React2Shell critical flaw actively exploited in China-linked attacks
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/react2shell-critical-flaw-actively-exploited-in-china-linked-attacks/
-
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems.”BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said. “…
-
15 years in, zero trust remains elusive, with AI rising to complicate the challenge
Legacy systems that weren’t designed for zero trust principles,Fragmented identity and access tools that make unified enforcement difficult, andCultural and organizational resistance to changing long-standing trust models.Kyle Wickert, field CTO at AlgoSec, says zero trust remains one of the most misunderstood transformations in cybersecurity.”Many organizations still hesitate to pursue it because they associate zero trust…
-
New Stealthy Linux Malware Merges Mirai-based DDoS Botnet with Fileless Cryptominer
Cybersecurity researchers uncover a sophisticated Linux campaign that blends legacy botnet capabilities with modern evasion techniques. A newly discovered Linux malware campaign is demonstrating the evolving sophistication of threat actors by combining Mirai-derived distributed denial-of-service (DDoS) functionality with a stealthy, fileless cryptocurrency mining operation. According to research from Cyble Research & Intelligence Labs (CRIL), the…
-
Suspicious traffic could be testing CDN evasion, says expert
“Cf-Warp-Tag-Id,” which is associated with Cloudflare’s Warp VPN service;”X-Fastly-Request-Id,”, which is associated with the Fastly CDN;”X-Akamai-Transformed,” a header added by Akamai;and a puzzler: “X-T0Ken-Inf0.” Ullrich thinks it might contain a form of authentication token, but isn’t sure.In an interview, he said one explanation is that a threat actor is trying to get around a CDN’s…
-
Suspicious traffic could be testing CDN evasion, says expert
“Cf-Warp-Tag-Id,” which is associated with Cloudflare’s Warp VPN service;”X-Fastly-Request-Id,”, which is associated with the Fastly CDN;”X-Akamai-Transformed,” a header added by Akamai;and a puzzler: “X-T0Ken-Inf0.” Ullrich thinks it might contain a form of authentication token, but isn’t sure.In an interview, he said one explanation is that a threat actor is trying to get around a CDN’s…
-
SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware
Austin, TX, USA, December 4th, 2025, CyberNewsWire Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures. SpyCloud, the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users. The company tracked a 400% year-over-year increase in successfully phished identities, with…
-
SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware
Austin, TX, USA, December 4th, 2025, CyberNewsWire Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures. SpyCloud, the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users. The company tracked a 400% year-over-year increase in successfully phished identities, with…
-
New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate with alarming sophistication. Intellexa, a prominent mercenary spyware provider known for its >>Predator
-
Evilginx Attack Campaigns: Session Cookie Theft and MFA Bypass Tactics
Security researchers are issuing urgent warnings about a rising wave of cyberattacks leveraging Evilginx, an attacker-in-the-middle phishing toolkit that intercepts login flows to steal session cookies and circumvent multi-factor authentication (MFA) protections. The threat is particularly acute within educational institutions, where attackers are demonstrating alarming success rates. Evilginx operates with surgical precision by positioning itself…
-
Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-ag-vpn-flaw-to-plant-webshells/
-
How Agentic AI Can Boost Cyber Defense
Transurban head of cyber defense Muhammad Ali Paracha shares how his team is automating the triaging and scoring of security threats as part of the Black Hat Middle East conference. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-analytics/how-agentic-ai-can-boost-cyber-defense
-
Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware
The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that’s just what’s been uncovered in the last four months. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-brickstorm-malware-cyber-espionage-campaign-cisa-dhs-alert/
-
Why the record-breaking 30 Tbps DDoS attack should concern every business
A new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen. First seen on fortra.com Jump to article: www.fortra.com/blog/why-record-breaking-30-tbps-ddos-attack-concern-business
-
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China.The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos…
-
Amid rising threats, NATO holds its largest-ever cyberdefense exercise
Tags: threatAbout 1,300 participants from around the world dealt with the complicated and multi-faceted threats that have been seen in recent global conflicts. First seen on therecord.media Jump to article: therecord.media/nato-holds-largest-ever-cyberdefense-exercise-estonia
-
From feeds to flows: Using a unified linkage model to operationalize threat intelligence
Tags: access, api, attack, authentication, automation, business, ciso, cloud, compliance, container, control, corporate, credentials, cyber, cybersecurity, data, defense, exploit, finance, firewall, framework, github, government, iam, identity, infrastructure, intelligence, ISO-27001, malicious, metric, mitre, monitoring, network, nist, open-source, phishing, risk, risk-assessment, risk-management, saas, service, siem, soc, software, supply-chain, tactics, threat, tool, update, vulnerability, zero-trustwhat to watch for, but not why it matters or how it moves through your environment.The result is a paradox of abundance: CISOs have more data than ever before, but less operational clarity. Analysts are overwhelmed by indicators disconnected from context or mission relevance.Each feed represents a snapshot of a potential threat, but it does…
-
Cloudflare Blocks Aisuru Botnet Powered Largest Ever 29.7 Tbps DDoS Attack
Cloudflare’s Q3 2025 DDoS Threat Report reveals the Aisuru botnet launched a record 29.7 Tbps attack. Learn which sectors were the most targeted, and the key drivers behind the surge in attacks. First seen on hackread.com Jump to article: hackread.com/cloudflare-aisuru-botnet-ddos-attack/
-
How strong password policies secure OT systems against cyber threats
OT environments rely on aging systems, shared accounts, and remote access, making weak or reused passwords a major attack vector. Specops Software explains how stronger password policies and continuous checks for compromised credentials help secure critical OT infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-strong-password-policies-secure-ot-systems-against-cyber-threats/
-
AWS Adds Bevy of Tools and Capilities to Improve Cloud Security
Amazon Web Services (AWS) this week made an AWS Security Hub for analyzing cybersecurity data in near real time generally available, while at the same time extending the GuardDuty threat detection capabilities it provides to the Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Container Service (Amazon ECS). Announced at the AWS re:Invent 2025..…
-
Spy vs. spy: How GenAI is powering defenders and attackers
Generative AI is rapidly transforming cybersecurity for both defenders and attackers. This blog highlights current uses, emerging threats, and the evolving landscape as capabilities advance. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/spy-vs-spy-how-genai-is-powering-defenders-and-attackers/
-
ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users
A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/shadypandas-years-long-browser-hack-infected-4-3-million-users/
-
ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users
A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/shadypandas-years-long-browser-hack-infected-4-3-million-users/
-
Hackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware Deployment
Tags: access, control, cyber, exploit, hacker, incident response, infrastructure, open-source, ransomware, threat, tool, vulnerabilityThreat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks. Huntress analysts have documented multiple incidents spanning September through November 2025 where attackers exploited critical vulnerabilities to gain initial access before deploying Velociraptor for persistent remote access and lateral movement.…
-
Hackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware Deployment
Tags: access, control, cyber, exploit, hacker, incident response, infrastructure, open-source, ransomware, threat, tool, vulnerabilityThreat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks. Huntress analysts have documented multiple incidents spanning September through November 2025 where attackers exploited critical vulnerabilities to gain initial access before deploying Velociraptor for persistent remote access and lateral movement.…
-
5 Threats That Reshaped Web Security This Year [2025]
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies.Here are the five threats that reshaped web security this year, and…
-
5 Threats That Reshaped Web Security This Year [2025]
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies.Here are the five threats that reshaped web security this year, and…