Tag: threat
-
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen…
-
Hackers Spied on a Stock Exchange Executive’s Outlook Mailbox for Five Months
Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity.Symantec and Carbon Black’s Threat Hunter Team reported the campaign this week.…
-
Proofpoint: TA4922 Deploys New RAT and Loader Arsenal
A rapidly evolving threat cluster tracked as TA4922, a Chinese-speaking cybercriminal actor deploying a diverse and expanding malware arsenal that now includes Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT. The group is notable for its high operational tempo, shifting tactics, and ability to blend custom malware with legitimate tools and cloud services, complicating detection efforts across…
-
Phishing Attacks Pivot to Infostealer Malware Over Fake Login Pages
Cybercriminal tactics are evolving as phishing campaigns increasingly shift away from fake login pages toward infostealer malware designed to quietly harvest sensitive data from infected systems. While traditional credential-harvesting pages remain in use, threat actors are now prioritizing methods that reduce user interaction and increase data collection efficiency. Infostealers are purpose-built malware families that extract…
-
Malicious ChatGPT Download Website Tricks Users via Sponsored Search Listings
Threat actors are abusing paid search ads to push a fake ChatGPT download site, underscoring how malvertising is increasingly used to target users who trust well-known AI platforms. The campaign relies on a lookalike site and sponsored listings to trick users into downloading malware under the guise of a legitimate ChatGPT installer. Malicious ChatGPT Download…
-
Kali365 PhaaS Expands to Okta, MAX Messenger Attacks
Tags: attack, cyber, infrastructure, intelligence, microsoft, monitoring, okta, phishing, russia, service, theft, threatThe Kali365 phishing-as-a-service (PhaaS) platform has significantly expanded its operational scope, moving beyond Microsoft 365 token theft to target Okta single sign-on (SSO) environments and Russia’s rapidly growing MAX Messenger platform. New threat intelligence reveals a more mature, multi-brand phishing ecosystem with centralized infrastructure, real-time token monitoring, and geographically targeted campaigns. Previously documented for abusing…
-
Payouts King Ransomware Bypasses EDR via Obfuscation and Direct Syscalls
Payouts King ransomware has emerged as a notable post-BlackBasta threat, leveraging advanced obfuscation and direct system calls to evade endpoint detection and response (EDR) solutions. Threat activity observed in early 2026 shows strong overlaps with historical BlackBasta tradecraft, particularly the use of spam bombing combined with phishing and vishing. In these campaigns, attackers overwhelm victims…
-
CrowdStrike Bets on AI Detection and Response Boom
CrowdStrike CEO George Kurtz Says Enterprises Are Seeking Controls for AI Agents. CrowdStrike says enterprise adoption of agentic AI is driving demand for AI Detection and Response, as organizations seek visibility, governance and protection against emerging AI-powered threats, non-human identities and expanding autonomous workloads. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/crowdstrike-bets-on-ai-detection-response-boom-a-31862
-
Cyber espionage campaign targeted stock exchange executive’s Outlook account
Attackers spent five months silently stealing emails from a stock exchange executive’s Outlook account in a suspected espionage operation. A threat actor quietly sat inside a senior executive’s Outlook account at a major global stock exchange for roughly 150 days, from October 2025 to March 2026. Broadcom’s Symantec and Carbon Black threat-hunting team investigated the…
-
Gentlemen Ransomware Exploits Fortinet Flaws, AI, and Custom C2 Tools
A newly analyzed leak tied to The Gentlemen ransomware group reveals how modern ransomware operations are evolving in structure and tooling while relying on the same proven intrusion techniques seen over the past four years. The leak also highlights operator continuity across major ransomware brands. A threat actor known as “Tinker” appears across Conti (2022),…
-
Simplify security management with CIS SecureSuite Platform
New operating systems prioritize usability, a reality which threat actors use to exploit security gaps. Every misconfiguration creates an opportunity for compromise, and lean … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/simplify-security-management-with-cis-securesuite-platform/
-
Simplify security management with CIS SecureSuite Platform
New operating systems prioritize usability, a reality which threat actors use to exploit security gaps. Every misconfiguration creates an opportunity for compromise, and lean … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/simplify-security-management-with-cis-securesuite-platform/
-
Malware campaign targeting Minecraft users infects over 116,000 systems
A Malware-as-a-Service (MaaS) operation named WeedHack is targeting Minecraft users and allows threat actors to gain remote access to victims’ screens, webcams, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/weedhack-minecraft-malware-campaign/
-
Cisco Live 2026: New Security Tools Target AI Threats
Cisco unveiled Cloud Control, Live Protect, and Hybrid Mesh Firewall at Cisco Live to help enterprises manage AI-era IT and security operations. The post Cisco Live 2026: New Security Tools Target AI Threats appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-cloud-control-agentic-ai-security/
-
Hackers Leverage AI-Powered Tools to Streamline Active Directory Compromise
A threat campaign in which attackers leveraged AI-powered tools to streamline Active Directory (AD) compromise and accelerate endpoint detection and response (EDR) evasion testing. The activity, observed on June 2, 2026, was triggered by suspicious files originating from the path C:\Users\User\Documents\test. Sophos investigation revealed a collection of malicious components forming a structured post-exploitation framework designed to…
-
Global Stock Exchange Hit by Monthslong Email Campaign
A threat actor got a near-continuous view into an influential finance executive’s email inbox, thanks to clever use of legitimate, native Windows tools. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/global-stock-exchange-hit-monthslong-email-campaign
-
HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications
Tags: attack, cloud, communications, control, cyber, espionage, government, network, service, threatA newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-and-control (C2) channels that are difficult for defenders to detect. The campaign primarily targets government networks in Southeast Asia and represents a growing shift toward cloud-native attack infrastructure. This misconfiguration enables threat actors to…
-
Infosecurity Europe: Execs Must Treat Cyber Threats as Statecraft, ISACA Expert Say
Private firms are being targeted by nation-state groups for reasons beyond finance, argued ISACA’s Bharat Thakrar First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/execs-cisos-must-treat-cyber/
-
Agent Threat Rules: Open detection rule format for AI agent security threats
AI agents run inside coding assistants, MCP servers, and multi-agent frameworks, and the access that makes them useful also opens paths to prompt injection, tool poisoning, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/agent-threat-rules-ai-detection/
-
North Korean APT Targets macOS to Steal Crypto Wallets and SSH Keys
A newly uncovered macOS intrusion campaign attributed to the North Korean state-sponsored threat group Sapphire Sleet, also known as BlueNoroff or UNC1069, is targeting high-value organizations in the financial and cryptocurrency sectors. The operation focuses on venture capital firms, Web3 developers, and crypto platforms, highlighting a continued shift in North Korean cyber operations toward financially…
-
Cyware adds SOCRadar-powered DRP to help MSSPs turn external threat signals into action
First seen on scworld.com Jump to article: www.scworld.com/news/cyware-adds-socradar-powered-drp-to-help-mssps-turn-external-threat-signals-into-action
-
AI-powered threats target 2026 election communications
First seen on scworld.com Jump to article: www.scworld.com/brief/ai-powered-threats-target-2026-election-communications
-
MokN raises $15 million to combat identity-based cyber threats
First seen on scworld.com Jump to article: www.scworld.com/brief/mokn-raises-15-million-to-combat-identity-based-cyber-threats
-
7AI gives security teams new ways to direct AI agents for threat hunting
First seen on scworld.com Jump to article: www.scworld.com/brief/7ai-gives-security-teams-new-ways-to-direct-ai-agents-for-threat-hunting
-
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/
-
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/
-
Kali365 imitiert vermehrt Unternehmen wie Microsoft und Okta
Steven Campbell, Staff Threat Intelligence Researcher bei Arctic Wolf, ordnete kürzlich die FBI-Warnung vor ‘Kali365″, eine Kampagne, die sich mittlerweile vom Phishing-Kit zu einer umfassenderen Phishing-as-a-Service-Plattform entwickelt hat, und aktuelle Entwicklungen rund um moderne Phishing-Angriffe ein. Kali365 war zunächst dadurch aufgefallen, dass sie den OAuth-Device-Authorization-Flow von Microsoft ausnutzte, um Authentifizierungs-Tokens zu stehlen und Multi-Faktor-Authentifizierung zu…
-
Why the browser is now the front line for AI security
AI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat detection and AI governance. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-the-browser-is-now-the-front-line-for-ai-security/

