Tag: threat
-
Threat actors are recruiting the people who hold cloud logins
Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/report-cloud-insider-threats/
-
China-Linked JDY Botnet Hijacks 1,500+ IoT Devices for Rapid Exploits
A significant resurgence of the JDY botnet, a covert reconnaissance network tied to China-nexus threat activity. Once a component of the larger KV-botnet ecosystem, JDY has expanded to more than 1,500 compromised small office/home office (SOHO) and Internet of Things (IoT) devices and now functions as a high-performance, centrally controlled scanner that accelerates vulnerability discovery…
-
Hackers Exploit AWS CloudTrail and Google Cloud Logging to Hide Attacks and Steal Logs
Threat actors increasingly abuse Amazon Web Services (AWS) CloudTrail and Google Cloud Logging to evade detection, poison or exfiltrate logs, and in some cases maintain long-term visibility into victim environments. The techniques are simple in concept, powerful in effect, and evade many orgs that assume logs themselves are sacrosanct. At the core of these attacks…
-
Hackers Exploit AWS CloudTrail and Google Cloud Logging to Hide Attacks and Steal Logs
Threat actors increasingly abuse Amazon Web Services (AWS) CloudTrail and Google Cloud Logging to evade detection, poison or exfiltrate logs, and in some cases maintain long-term visibility into victim environments. The techniques are simple in concept, powerful in effect, and evade many orgs that assume logs themselves are sacrosanct. At the core of these attacks…
-
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
North Korea’s gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-korean-threat-groups-asia-pacific-success
-
CISA Rewrites Federal Patching Requirements for AI Threat Era
The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/cisa-rewrites-federal-patching-requirements-ai-threat-era
-
CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats
“Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday. First seen on wired.com Jump to article: www.wired.com/story/cisa-ai-vulnerability-directive/
-
North Koreans behind nearly half of US tech industry hacks, says CrowdStrike
North Korean hackers posing as remote IT workers and recruiters remain a major threat to U.S., European, and Asian companies, accounting for about half of all attacks over the past 12 months. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/10/north-koreans-behind-nearly-half-of-us-tech-industry-hacks-says-crowdstrike/
-
IT sector faces growing threats from IP-hungry China, AI-enabled cybercriminals
Businesses also need to watch out for North Korean remote IT worker schemes, according to a new CrowdStrike report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-cyberattacks-it-sector-crowdstrike-report/822366/
-
TechnologyLandscape-Report 2026: China stiehlt KI-Kompetenzen, die es selbst nicht entwickeln kann
Crowdstrike veröffentlicht den <>, der aufzeigt, dass China-nahe Angreifer ihre Spionageaktivitäten gegen Technologieunternehmen ausweiten, um KI-Kompetenzen und geistiges Eigentum zu stehlen, die sie selbst nicht schnell genug entwickeln können. Da die weltweit wertvollsten KI-Ressourcen in Technologieunternehmen konzentriert sind, ist der Sektor inzwischen die am stärksten ins Visier genommene Branche der Welt. […] First seen on netzpalaver.de…
-
Microsoft Defender Adds Monitoring for RPC Protocol Abuse in Cyberattacks
Tags: credentials, cyber, cyberattack, endpoint, exploit, microsoft, monitoring, threat, update, windowsMicrosoft has introduced enhanced monitoring capabilities in Microsoft Defender for Endpoint to detect and disrupt cyberattacks that abuse the Remote Procedure Call (RPC) protocol, a core Windows communication mechanism that threat actors frequently exploit for lateral movement and credential access. Announced on June 8, 2026, the update provides granular visibility into inbound remote RPC activity,…
-
The Hidden Security Risk in Modern Networks: The Work Between Tools
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort.But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to First…
-
Filigran uses AI agents to make CTEM practical for overstretched security teams
Filigran has unveiled XTM One, an AI-native orchestration layer designed to automate Continuous Threat Exposure Management (CTEM) workflows, as organisations struggle to keep pace with growing volumes of threat intelligence, vulnerabilities and attack data. The launch reflects a broader challenge facing security teams. While many organisations have invested heavily in threat intelligence, attack surface management…
-
Ghost-Sender Flaw Exposes Exchange Online Users to Sender Spoofing Attacks
A newly disclosed “Ghost-Sender” flaw is exposing Microsoft Exchange Online environments to large-scale email spoofing attacks, allowing threat actors to bypass standard email authentication controls and deliver forged messages directly to users’ inboxes. The issue, identified by security researchers Lucas Dodgson, Tobias Oberdörfer, and Robin Hilber, stems from misconfigurations in hybrid or cloud email deployments…
-
Microsoft Entra Agent ID Logs Expose Suspicious Assistive Agent Activity
Microsoft Entra Agent ID logs have exposed a subtle but consequential threat vector: assistive agents using the OAuth On-Behalf-Of (OBO) flow to act with delegated user privileges and perform potentially risky actions, such as sending external emails. In the examined incident an email with subject “Here is your invoice” was recorded in Exchange Purview as…
-
Kuwait and Oman Sign Cybersecurity Pact to Counter Rising Digital Threats
As digital transformation accelerates across the Gulf region, Kuwait and Oman have taken a significant step toward strengthening their collective cybersecurity capabilities. The two countries recently signed a Memorandum of Understanding (MoU) designed to enhance bilateral cooperation in cybersecurity and improve their ability to address sophisticated digital threats. First seen on thecyberexpress.com Jump to article:…
-
8th June Threat Intelligence Report
DentaQuest, a U.S. dental benefits administrator owned by Sun Life, has suffered a data breach after threat group ShinyHunters leaked exfiltrated data. Analysts assessed that 2.6 million accounts were exposed, including names, emails, […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/8th-june-threat-intelligence-report/
-
Mini-Shai-Hulud zeigt Ohne CyberIntelligence bleibt Supply-Chain-Security blind
In vielen Unternehmen herrscht noch immer die Annahme, dass Cyberangriffe primär auf Firewalls, Server oder Mitarbeiter abzielen. Die Realität sieht inzwischen anders aus. Angreifer attackieren zunehmend die digitale Supply-Chain, also genau die Softwarebausteine, Cloud-Dienste und Entwicklungsprozesse, auf denen moderne Unternehmen täglich aufbauen. Der aktuelle ‘Mini Shai Hulud”-Vorfall rund um kompromittierte npm-Pakete zeigt das sehr deutlich.…
-
UNC3753 Escalates: From Vishing Calls to Physical Office Intrusions at US Legal and Financial Firms
UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Threat Intelligence Group published a detailed report documenting an active extortion campaign carried out by the cybercrime group UNC3753 (aka Luna Moth, Chatty Spider, and…
-
Mini Shai Hulud verdeutlicht wachsende Risiken in Software-Lieferketten und die Rolle von CTI
CTI wird häufig als Spezialdisziplin für Analysten, SOC-Teams oder Threat-Intel-Abteilungen betrachtet. Mini Shai Hulud zeigt jedoch das Gegenteil. CTI ist ein Steuerungsinstrument. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/mini-shai-hulud-verdeutlicht-wachsende-risiken-in-software-lieferketten-und-die-rolle-von-cti/a45402/
-
OWASP Unveils AI Security Report Highlighting New Tools for Security Teams
OWASP has released a new edition of its AI security report, “State of Agentic AI Security and Governance v2.01,” giving security teams a concrete playbook for defending autonomous AI agents and the expanding ecosystem of tools they rely on. Positioned within the OWASP GenAI Security Project, the report shifts AI security conversations from hypothetical threat…
-
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems.The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking…
-
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026.The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753, which is also…
-
Hackers Exploit Claude Code MCP Traffic to Hijack OAuth Authentication Tokens
Threat researchers have uncovered a novel man-in-the-middle (MitM) attack chain targeting Anthropic’s Claude Code ecosystem, where adversaries hijack Model Context Protocol (MCP) traffic to steal OAuth authentication tokens and persist access to enterprise SaaS platforms. The technique, detailed by Mitiga, abuses weak protections around the local Claude Code configuration file (~/.claude.json), effectively turning it into…
-
52% of directIP threats are missing from intelligence feeds
Security tools are good at inspecting websites, domains, URLs, and files, so attackers are moving lower in the stack and communicating directly with IP addresses, where … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/08/palo-alto-networks-securing-ip-connections-report/
-
New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams
Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments. First seen on hackread.com Jump to article: hackread.com/pink-extortion-microsoft-365-cloud-data-vishing-scams/
-
China-Linked Espionage Cluster Deploys Custom ASPX/ASHX Shells on IIS
A previously disclosed China-linked threat cluster, tracked as OP-512, has been observed deploying a purpose-built web shell framework to compromise Internet Information Services (IIS) servers. Identified by ReliaQuest, the espionage operation targeted a Windows Server 2016 environment running an end-of-life .NET Framework 4.0. Telemetry revealed the threat actors established access 75 days prior to the…
-
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, risk, service, threat, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-28318, this flaw allows unauthenticated threat actors to remotely crash the file transfer service. With active exploitation observed in the wild, this development signals a severe risk to enterprise…
-
UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins
Threat cluster UNC3753, widely tracked as Silent Ransom Group or Luna Moth, is actively targeting professional, legal, and financial services in the United States. According to Mandiant’s Google Threat Intelligence Group (GTIG), this financially motivated campaign leverages a highly effective combination of voice phishing, remote monitoring and management abuse, and unprecedented physical office intrusions. Attackers…

