Tag: threat
-
New China-linked threat cluster OP-512 targets Microsoft IIS servers
First seen on scworld.com Jump to article: www.scworld.com/brief/new-china-linked-threat-cluster-op-512-targets-microsoft-iis-servers
-
MSSP Market News: MSSPs can’t trust old threat feeds
First seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-news-ai-in-the-soc-is-getting-real-for-mssps
-
AI tools pose insider threat risks as integration accelerates
First seen on scworld.com Jump to article: www.scworld.com/brief/ai-tools-pose-insider-threat-risks-as-integration-accelerates
-
Ex-Threat Intel Exec Accuses IBM and AT&T of Hiding Hacks
IBM False Claims Act Plaintiff Alleges Years of Hidden Security Failures. A former IBM vice president of threat intelligence alleged IBM and AT&T failed to implement basic security controls and obtained major government contracts despite unresolved cybersecurity deficiencies that potentially exposed sensitive federal data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ex-threat-intel-exec-accuses-ibm-att-hiding-hacks-a-31904
-
Exposed Fuel Tank Gauges Under Attack in the US
Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us
-
AI Threats, Zero-Days, and Data Breaches Define This Week of June 2026 in Cybersecurity
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/ai-threats-zero-days-and-data-breaches-define-this-week-of-june-2026-in-cybersecurity/
-
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively.According to JFrog, the information stealer “scrapes every secret it can find on a developer’s machine, hides behind an eBPF kernel…
-
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
AI worms, or viruses with wings and brains, adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/adaptive-agentic-ai-worms-enterprise-cyber-threat
-
Hackers Weaponize Trusted Tools to Deploy Notorious Malware
Attackers are leaning harder on legitimate, preinstalled, or widely used system tools to deliver and operate notorious malware families, creating a stealthy, high-velocity threat that outpaces many traditional defenses. The operational logic for attackers is straightforward. Native utilities such as PowerShell, Windows Management Instrumentation (WMI), certutil, mshta, and JavaScript execution contexts already enjoy elevated privileges…
-
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework.ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China.”OP-512 was highly likely conducting espionage through a First seen on thehackernews.com…
-
Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords
Threat actors are deploying an updated SHub Stealer variant named Reaper that exploits the native macOS Script Editor to bypass OS-level protections and compromise cryptocurrency assets. First seen on hackread.com Jump to article: hackread.com/reaper-macos-infostealer-script-editor-crypto-passwords/
-
Southeast Asia Scam Compounds Turn AI Into a Cybersecurity Threat
Scam compounds across Southeast Asia are using AI, malware, and automation to scale fraud, forcing APAC security teams to rethink phishing, identity, and mobile-risk controls. The post Southeast Asia Scam Compounds Turn AI Into a Cybersecurity Threat appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ai-scam-compounds-risk-apac-southeast-asia/
-
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework.ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China.”OP-512 was highly likely conducting espionage through a First seen on thehackernews.com…
-
The Cyber Express Weekly Roundup: Cloud Extortion, Long-Term Espionage, Android Zero-Days, and Public Sector Security Reviews
The cybersecurity landscape in this weekly roundup continues to show a clear shift toward identity-driven attacks, long-term persistence operations, and exploitation of trusted cloud environments. Threat actors are increasingly focusing on stealing credentials, abusing administrative access, and leveraging legitimate platforms to scale impact across organizations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-extortion-android-cloud/
-
Attackers obtained encrypted password vaults from some Dashlane user accounts
Dashlane has disclosed new details about a brute-force attack that let a threat actor access some customer accounts and copy encrypted vaults. Dashlane said it found no … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/05/dashlane-brute-force-attack-vaults-customer-accounts/
-
PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network
Researchers uncovered a 230-node cloud-based email relay network after the actor PCPJack accidentally exposed tools, logs, and C2 files online A threat actor tracked as PCPJack compromised 230 cloud servers across Amazon Web Services, Google Cloud, and Microsoft Azure and turned them into a covert email relay network. Hunt.io researchers discovered the operation because PCPJack…
-
Malicious Browser Add-Ons Target Major AI Chatbot Users
Malicious browser add-ons are actively harvesting conversations and personal data from users of major AI platforms including ChatGPT, Claude, Copilot, Gemini, and DeepSeek. The threat leverages ostensibly helpful Chrome extensions VPNs, sidebars, and “AI assistants” to intercept agentic-AI interactions, exfiltrate chat histories, and aggregate sensitive information that users routinely share with generative models. Analysis of…
-
New SHub Stealer Variant Targets Major Browsers and Crypto Wallets
Threat actors have resurfaced with an upgraded SHub stealer for macOS, now branded “Reaper,” and they’re using a stealthy distribution trick that should worry every Mac user. Attackers build fake download pages for popular apps (WeChat, Miro and others) and employ an automated ClickFix technique that opens Apple’s Script Editor preloaded with malicious code. One…
-
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise.The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12.…
-
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise.The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12.…
-
Zero-Click Agentic AI Attack Bypasses Human Oversight
Taxonomy of Failure Modes in Agentic AI Systems v2.0 published in April 2026, the field received more than a classification update: it got operational guidance grounded in a year of real-world red teaming that exposed how quickly agentic AI systems transform classical threat surfaces into new, high-impact attack vectors. The headline finding from those engagements…
-
Let’s Encrypt Introduces Merkle Tree Certificates for Post-Quantum Web Security
Let’s Encrypt has unveiled a new approach to securing the web against future quantum threats: Merkle Tree Certificates (MTCs), a post-quantumready certificate model designed to maintain the speed and reliability of today’s TLS ecosystem. As the industry moves closer to the reality of cryptographically relevant quantum computers (CRQCs), the focus is shifting beyond encryption to…
-
Let’s Encrypt Introduces Merkle Tree Certificates for Post-Quantum Web Security
Let’s Encrypt has unveiled a new approach to securing the web against future quantum threats: Merkle Tree Certificates (MTCs), a post-quantumready certificate model designed to maintain the speed and reliability of today’s TLS ecosystem. As the industry moves closer to the reality of cryptographically relevant quantum computers (CRQCs), the focus is shifting beyond encryption to…
-
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network.”Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified for mail relay capability, and synced to a downstream consumer every…
-
AI Threats Are Outpacing Enterprise Cybersecurity Defenses in 2026
AI-driven threats are exposing major gaps in digital risk management. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ai-threats-are-outpacing-enterprise-cybersecurity-defenses-in-2026/
-
4 Critical Threats Where Attackers Have the Advantage
Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/4-critical-threats-attackers-advantage
-
Hackers Are After the Gaps in Your Vulnerability Program: Here’s Their Playbook
Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-are-after-the-gaps-in-your-vulnerability-program-heres-their-playbook/
-
Winning the cyber marathon with Tony Giandomenico
Tony Giandomenico, Senior Director of Product Management, joins Amy to discuss the Talos Threat Hunting launch what he’s excited about for the future of cybersecurity, and, of course, his Ironman triathlons. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/winning-the-cyber-marathon-with-tony-giandomenico/
-
Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting
Learn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threats operating below automated detection thresholds. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/hypotheses-telemetry-and-human-judgment-inside-cisco-talos-threat-hunting/
-
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen…

