Tag: threat
-
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of “disciplined tradecraft and clever abuse of legitimate system features” to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT.”The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory First…
-
React2Shell exploitation undergoes significant change in threat activity
Researchers see a sudden consolidation of source IPs since late January. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/react2shell-exploitation-threat-activity/811359/
-
AI-Driven Attack Gains AWS Admin Privileges in Under 10 Minutes
Threat actors get AWS Admin access in under 10 minutes. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ai-driven-attack-gains-aws-admin-privileges-in-under-10-minutes/
-
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud On-Prem)
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways Two novel vulnerabilities: Tenable Research discovered a remote code execution (RCE) chain via…
-
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025.Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia, First…
-
Research: Predator spyware can turn off Apple indicators showing when microphone, camera are in use
The new research from Jamf Threat Labs demonstrates how Predator spyware can stay hidden on targeted phones by “intercepting sensor activity” to hide the indicators. First seen on therecord.media Jump to article: therecord.media/predator-spyware-iphone-camera-microphone-indicators
-
OT attacks surge as threat actors embrace cloud and AI, warns Forescout
Cyberattacks targeting operational technology (OT) environments rose sharply in 2025, according to new research from Forescout, highlighting growing risks to critical infrastructure as attackers adapt to cloud services, AI platforms and increasingly distributed attack infrastructure. Forescout’s 2025 Threat Roundup Report, produced by its research arm Vedere Labs, analysed more than 900 million cyberattacks observed globally…
-
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
Tags: attack, china, cyberespionage, espionage, exploit, flaw, government, group, law, threat, vulnerabilityA new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-amaranth-dragon-cyberespionage-group-exploits-winrar-flaw/
-
New AI-Powered Threat Allows Hackers to Gain AWS Admin Access in Minutes
A highly sophisticated offensive cloud operation targeting an AWS environment.The attack was notable for its extreme speed taking less than 10 minutes to go from initial entry to full administrative control and its heavy reliance on AI automation. The threat actor initiated the attack by discovering valid credentials left exposed in public Simple Storage Service…
-
PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users
A new threat called PhantomVAI, a custom >>loader<>RunPE<<. This loader […] The post PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/phantomvai-custom-loader/
-
KI-gestützte Cloud-Attacke verschafft Admin-Zugang in Rekordzeit
Am 28. November 2025 beobachtete das Sysdig Threat Research Team (TRT) eine offensive Cloud-Operation, die auf eine AWS-Umgebung abzielte und bei der die Angreifer in weniger als zehn Minuten vom ersten Zugriff zu Administratorrechten gelangten. Der Angriff zeichnete sich nicht nur durch seine Geschwindigkeit aus, sondern auch durch mehrere Indikatoren, die darauf hindeuten, dass die…
-
Hackers Exfiltrate NTDS.dit File, Gain Full Control of Active Directory Environments
Active Directory serves as the central repository for an organization’s authentication infrastructure, making it a prime target for sophisticated threat actors. The NTDS.dit database, which stores encrypted password hashes and critical domain configuration data, is the crown jewel of enterprise security. Successful acquisition of this file can lead to complete organizational compromise, enabling attackers to…
-
Threat Actors Conduct Widespread Scanning for Exposed Citrix NetScaler Login Pages
A coordinated reconnaissance campaign targeting Citrix ADC (NetScaler) Gateway infrastructure worldwide. The operation used over 63,000 residential proxy IPs and AWS cloud infrastructure to map login panels and enumerate software versions, a clear indicator of pre-exploitation preparation. The scanning activity generated 111,834 sessions from more than 63,000 unique IP addresses, with 79% of traffic specifically…
-
ValleyRAT Masquerades as LINE Installer to Target Users and Harvest Login Credentials
A malware campaign where cybercriminals distribute a fake LINE messenger installer that secretly deploys the ValleyRAT malware to steal credentials and evade detection. Since early 2025, threat actors have increasingly used fraudulent software installers to deliver malware. This campaign shares techniques with previously discovered LetsVPN-themed attacks, including task-scheduler persistence, PowerShell-based evasion, and C2 communications via Hong Kong servers. Cybereason GSOC performed…
-
Navigating the AI Revolution in Cybersecurity: Risks, Rewards, and Evolving Roles
In the rapidly changing landscape of cybersecurity, AI agents present both opportunities and challenges. This article examines the findings from Darktrace’s 2026 State of AI Cybersecurity Report, highlighting the benefits of AI in enhancing security measures while addressing concerns regarding AI-driven threats and the need for responsible governance. First seen on securityboulevard.com Jump to article:…
-
Microsoft and Google Platforms Abused in New Enterprise Cyberattacks
A dangerous shift in phishing tactics, with threat actors increasingly hosting malicious infrastructure on trusted cloud platforms like Microsoft Azure, Google Firebase, and AWS CloudFront. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks leverage legitimate cloud services to bypass security defenses and target enterprise users globally. When malicious content is…
-
Global Threat Map: Open-source real-time situational awareness platform
Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/04/global-threat-map-open-source-osint/
-
How Secure by Design helps developers build secure software
Security isn’t just a feature, it’s a foundation. As cyber threats grow more sophisticated and regulations tighten, developers are being asked to do more than just write clean … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/04/cis-secure-software-design-guide/
-
Shadow DNS Operation Abuses Compromised Routers to Manipulate Internet Traffic
A sophisticated shadow DNS network that hijacks internet traffic by compromising home and business routers. The operation, active since mid-2022, manipulates DNS resolution through malicious resolvers hosted by Aeza International (AS210644), a bulletproof hosting provider sanctioned by the U.S. Treasury Department in July 2025. The threat campaign targets older router models, modifying their DNS configuration…
-
Hackers Actively Exploit React Native Metro Server to Target Software Developers
Threat actors are exploiting a critical remote code execution vulnerability in React Native’s Metro development server to deploy sophisticated malware payloads targeting software developers worldwide. The vulnerability, tracked as CVE-2025-11953 and nicknamed >>Metro4Shell,<< allows unauthenticated attackers to execute arbitrary operating system commands on developer machines through a simple crafted HTTP request. Vulnerability Overview CVE-2025-11953 carries a critical…
-
Are your secrets safe from cyber threats
How Do Non-Human Identities Reinforce Data Protection? How does one ensure that machine identities remain secure from cyber threats? This query emerges as organizations navigate the intricate web of digital systems, grappling with data protection complexities. The management of Non-Human Identities (NHIs) stands at the forefront of cybersecurity strategies, offering a robust method to safeguard……
-
Zero Trust Architecture for Distributed AI Model Contexts
Secure your MCP deployments with zero-trust architecture. Learn about post-quantum encryption, context-aware access, and threat detection for distributed AI. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/zero-trust-architecture-for-distributed-ai-model-contexts/
-
National cyber director solicits industry help in fixing regulations, threat information-sharing
President Donald Trump’s chief cybersecurity adviser said a forthcoming national strategy will kick off ambitious projects. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/sean-cairncross-white-house-cybersecurity-strategy-iti/811255/
-
Ivanti’s EPMM is under active attack, thanks to two critical zero-days
Limited attacks occurred prior to Ivanti’s disclosure, followed by mass exploitation by multiple threat groups. More than 1,400 potentially vulnerable instances remain exposed. First seen on cyberscoop.com Jump to article: cyberscoop.com/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit/
-
Reimagining Security Operations
AttackIQ and Accenture are reimagining security operations through threat-informed defense. By combining adversarial testing, AI-driven validation, and SOC modernization services, organizations gain continuous, evidence-based insight into defensive effectiveness. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/reimagining-security-operations/
-
Frequently Asked Questions About Notepad++ Supply Chain Compromise
Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windowsThreat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
-
Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts
Security researchers warn that the initial threat activity was highly targeted, as a limited number of users were impacted prior to disclosure. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-flaws-ivanti-epmm-exploitation/811228/
-
Dark Patterns Undermine Security One Click at a Time
Tags: threatPeople trust organizations to do the right thing, but websites’ and apps’ dark patterns pose a hidden threat that can lead to inadequate security behaviors. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/dark-patterns-undermine-security-one-click-at-a-time