Tag: threat
-
Synthetic Businesses: the New Billion-Dollar Fraud Machine
Weak State Controls and AI-Generated Documents Fuel Surge in Synthetic Entity Fraud. Fraudsters are exploiting weak state controls to create synthetic businesses for less than $150, with potential payouts of more than $100,000 for each fake identity. Synthetic entity fraud has rapidly shifted from a niche threat to a mainstream risk, said Dun & Bradstreet’s…
-
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT.”EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and First seen on thehackernews.com…
-
AI-Powered Security Operations: Governance Considerations for Microsoft Sentinel Enterprise Deployments
The Tech Field Day Exclusive with Microsoft Security (#TFDxMSSec25) spotlighted one of the most aggressive demonstrations of AI-powered security operations to date. Microsoft showcased how Sentinel’s evolving data lake and graph architecture now drive real-time, machine-assisted threat response. The demo of “Attack Disruption” captured the promise”, and the unease”, of a security operations center where…
-
Exploitation Efforts Against Critical React2Shell Flaw Accelerate
The exploitation efforts by China-nexus groups and other bad actors against the critical and easily abused React2Shell flaw in the popular React and Next.js software accelerated over the weekend, with threats ranging from stolen credentials and initial access to downloaders, crypto-mining, and the NoodleRat backdoor being executed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/exploitation-efforts-against-critical-react2shell-flaw-accelerate/
-
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model.The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future’s Insikt Group, which was previously tracking it as TAG-150.…
-
Exploitation Efforts Against Critical React2Shell Flaw Accelerate
The exploitation efforts by China-nexus groups and other bad actors against the critical and easily abused React2Shell flaw in the popular React and Next.js software accelerated over the weekend, with threats ranging from stolen credentials and initial access to downloaders, crypto-mining, and the NoodleRat backdoor being executed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/exploitation-efforts-against-critical-react2shell-flaw-accelerate/
-
Broadside botnet hits TBK DVRs, raising alarms for maritime logistics
Mirai-based Broadside botnet targets vulnerable TBK Vision DVRs, posing a potential threat to the maritime logistics sector, Cydome warns. Cydome researchers have identified a new Mirai botnet variant dubbed Broadside that is targeting the maritime logistics sector by exploiting thecommand injection vulnerabilityCVE-2024-3721 in TBK DVR devices used on vessels. >>Cydome’s Cybersecurity Research Team has identified…
-
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading
The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks.”These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for…
-
KnowBe4 Threat Labs entdeckt hochentwickelte mehrstufige Phishing-Kampagne
Zunächst erhalten die Opfer eine Phishing-E-Mail. Die Nutzlast ein Phishing-Hyperlink ist auf ihr in ‘verschachtelten” PDF-Anhängen versteckt. Wenn ein Opfer den ersten Anhang der Phishing-E-Mail öffnet, sieht es ein gerendertes Dokument mit einem weiteren Hyperlink, auf den es klicken kann. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/knowbe4-threat-labs-entdeckt-hochentwickelte-mehrstufige-phishing-kampagne/a43102/
-
AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
A sophisticated Linux backdoor named GhostPenguin has been discovered by Trend Micro Research, evading detection for over four months after its initial submission to VirusTotal in July 2025. The threat represents a new breed of stealthy malware designed to maintain a low profile while delivering comprehensive remote access and file system manipulation capabilities to threat…
-
AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
A sophisticated Linux backdoor named GhostPenguin has been discovered by Trend Micro Research, evading detection for over four months after its initial submission to VirusTotal in July 2025. The threat represents a new breed of stealthy malware designed to maintain a low profile while delivering comprehensive remote access and file system manipulation capabilities to threat…
-
Hackers Exploit Ivanti Connect Secure Vulnerabilities to Spread MetaRAT Malware
LAC’s Cyber Emergency Center has identified a sophisticated cyberespionage campaign targeting Japanese shipping and transportation companies. The operation, orchestrated by a China-based threat actor in April 2025, leveraged critical vulnerabilities in Ivanti Connect Secure (ICS) to deploy >>MetaRAT,
-
Hackers Exploit Ivanti Connect Secure Vulnerabilities to Spread MetaRAT Malware
LAC’s Cyber Emergency Center has identified a sophisticated cyberespionage campaign targeting Japanese shipping and transportation companies. The operation, orchestrated by a China-based threat actor in April 2025, leveraged critical vulnerabilities in Ivanti Connect Secure (ICS) to deploy >>MetaRAT,
-
How to Streamline Zero Trust Using the Shared Signals Framework
Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture. When products can’t communicate, real-time access decisions break down.The First…
-
Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats
Google on Monday announced a set of new security features in Chrome, following the company’s addition of agentic artificial intelligence (AI) capabilities to the web browser.To that end, the tech giant said it has implemented layered defenses to make it harder for bad actors to exploit indirect prompt injections that arise as a result of…
-
How to Streamline Zero Trust Using the Shared Signals Framework
Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture. When products can’t communicate, real-time access decisions break down.The First…
-
Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats
Google on Monday announced a set of new security features in Chrome, following the company’s addition of agentic artificial intelligence (AI) capabilities to the web browser.To that end, the tech giant said it has implemented layered defenses to make it harder for bad actors to exploit indirect prompt injections that arise as a result of…
-
How to Streamline Zero Trust Using the Shared Signals Framework
Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture. When products can’t communicate, real-time access decisions break down.The First…
-
New BYOVD loader behind DeadLock ransomware attack
Cisco Talos has uncovered a new DeadLock ransomware campaign using a previously unknown BYOVD loader to exploit a Baidu Antivirus driver vulnerability, letting threat actors disable EDR defenses and escalate attacks. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/byovd-loader-deadlock-ransomware/
-
New BYOVD loader behind DeadLock ransomware attack
Cisco Talos has uncovered a new DeadLock ransomware campaign using a previously unknown BYOVD loader to exploit a Baidu Antivirus driver vulnerability, letting threat actors disable EDR defenses and escalate attacks. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/byovd-loader-deadlock-ransomware/
-
STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware
Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565.Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is assessed with high confidence to share overlaps with a hacking group known…
-
Ignoring AI in the threat chain could be a costly mistake, experts warn
Tags: ai, attack, automation, ceo, ciso, cyber, cybersecurity, defense, exploit, government, hacker, skills, sophos, technology, threat, toolHow CISOs could cut through the confusion: The conflicting narratives around AI threats leave many CISOs struggling to reconcile hype with operational reality.Given the emergence of AI-enabled cyber threats amid pushback from some cyber experts who contend these threats are not real, Sophos CEO Joe Levy tells CSO that AI is becoming a “Rorschach test,…
-
Manufacturing fares better against ransomware, with room for improvement
Skilled labor shortages and inadequate protection facilitate attacks More than four in 10 manufacturing companies (43%) cited a lack of expertise as the reason for the cyber incident. Unknown security vulnerabilities were mentioned by 42%, and a lack of protective measures by 41%.Furthermore, the results show that ransomware attacks continue to place a heavy burden…
-
Manufacturing fares better against ransomware, with room for improvement
Skilled labor shortages and inadequate protection facilitate attacks More than four in 10 manufacturing companies (43%) cited a lack of expertise as the reason for the cyber incident. Unknown security vulnerabilities were mentioned by 42%, and a lack of protective measures by 41%.Furthermore, the results show that ransomware attacks continue to place a heavy burden…
-
Manufacturing fares better against ransomware, with room for improvement
Skilled labor shortages and inadequate protection facilitate attacks More than four in 10 manufacturing companies (43%) cited a lack of expertise as the reason for the cyber incident. Unknown security vulnerabilities were mentioned by 42%, and a lack of protective measures by 41%.Furthermore, the results show that ransomware attacks continue to place a heavy burden…
-
AI-driven threats are heading straight for the factory floor
In this Help Net Security interview, Natalia Oropeza, Chief Cybersecurity Officer at Siemens, discusses how industrial organizations are adapting to a shift in cyber risk … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/09/natalia-oropeza-siemens-industrial-cyber-capability-shift/
-
AI-driven threats are heading straight for the factory floor
In this Help Net Security interview, Natalia Oropeza, Chief Cybersecurity Officer at Siemens, discusses how industrial organizations are adapting to a shift in cyber risk … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/09/natalia-oropeza-siemens-industrial-cyber-capability-shift/
-
The simple shift that turns threat intel from noise into real insight
In this Help Net Security video, Alankrit Chona, CTO at Simbian, explains how security teams can put threat intelligence to work in a way that supports detection, response, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/09/threat-intelligence-architecture-video/
-
The simple shift that turns threat intel from noise into real insight
In this Help Net Security video, Alankrit Chona, CTO at Simbian, explains how security teams can put threat intelligence to work in a way that supports detection, response, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/09/threat-intelligence-architecture-video/
-
Exploitation Activity Ramps Up Against React2Shell
Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/exploitation-activity-ramps-react2shell