Tag: threat
-
Telegram Channels Fuel Sale of Verified Bank Mule Accounts
Cybercriminal groups are increasingly using Telegram channels and encrypted platforms to sell verified bank and fintech mule accounts, signaling a major shift in how illicit funds are laundered at scale. According to recent threat intelligence findings, money mule operations have evolved into structured Mule-as-a-Service (MaaS) ecosystems, allowing attackers to outsource financial laundering just as easily…
-
Hackers Exploit Azure RBAC to Steal Key Vault Secrets
Hackers are increasingly exploiting cloud identity and access management systems, and a methodical, sophisticated, and multi-layered attack, where a threat actor we track as Storm-2949 launched a relentless campaign with a singular focus: to exfiltrate as much sensitive data from a target organization’s high-value assets as possible. The attack, attributed to a threat actor tracked…
-
Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans
From fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details how First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/how-fraudsters-target-f1-fans/
-
Iranian APT Uses SEO Poisoning to Spread Fake SQL Developer Malware
A newly observed cyber campaign linked to the Iranian IRGC-affiliated threat group Nimbus Manticore (also tracked as UNC1549) highlights an evolution in both delivery tactics and malware sophistication. The activity, uncovered during the ongoing geopolitical conflict tied to Operation Epic Fury launched on February 28, 2026, shows the group adopting SEO poisoning malware for the…
-
Kazuar Malware Becomes Modular Spyware for Secret Blizzard Ops
A major evolution in the Kazuar malware family, a long-standing cyber espionage tool linked to the Russian state-sponsored threat group Secret Blizzard, also known as Turla and Venomous Bear. Kazuar historically supported espionage campaigns targeting government, diplomatic, and defense sectors. Its latest iteration introduces a modular architecture composed of three key components: Kernel, Bridge, and…
-
MiniUpdate RAT Abuses Azure C2 for Targeted Espionage
A sophisticated espionage campaign by the Iran-nexus advanced persistent threat group known as Screening Serpens also tracked as UNC1549 and Smoke Sandstorm deploying a newly identified remote access Trojan (RAT) family called MiniUpdate against targets in the United States, Israel, and the United Arab Emirates. Screening Serpens has been active since at least 2022, but…
-
Angriffe mit künstlicher Intelligenz sind nicht mehr nur experimentell
Der ‘Threat Landscape Digest März bis April 2026″ der Sicherheitsforscher von Check Point Research dokumentiert mehrere Sicherheitsvorfälle, die insgesamt bestätigen, was die Branche bereits seit langem erwartet hat: Angriffe mittels künstlicher Intelligenz haben die experimentelle Phase hinter sich gelassen und werden nun routinemäßig von Kriminellen eingesetzt. KI-gesteuerte Angriffe haben sich vom experimentellen, staatlich geförderten Einsatz…
-
Linux-Kernel-Schwachstelle ermöglicht Zugriff auf sensible Root-Daten
Die Sicherheitsforscher der Threat Research Unit (TRU) von Qualys haben mit CVE-2026-46333 eine Schwachstelle im Linux-Kernel identifiziert, die unter bestimmten Bedingungen die Offenlegung sensibler Informationen privilegierter Prozesse ermöglicht. Die Sicherheitslücke befindet sich im sogenannten ptrace-Zugriffspfad des Kernels und kann von lokal angemeldeten Benutzern ohne administrative Rechte ausgenutzt werden. Nach Erkenntnissen der Forscher handelt es sich um eine Race-Condition…
-
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers
Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection…
-
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers
Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection…
-
7 Questions CISOs Must Answer on AI Threats, Supply Chain Risk and Cyber Resilience
First seen on scworld.com Jump to article: www.scworld.com/native/7-questions-cisos-must-answer-on-ai-threats-supply-chain-risk-and-cyber-resilience
-
Stamus Expands Clear NDR for AI-Driven Threat Investigation
First seen on scworld.com Jump to article: www.scworld.com/brief/stamus-expands-clear-ndr-for-ai-driven-threat-investigation
-
Water, the Soft Underbelly of Critical Infrastructure
Tags: cyber, cybersecurity, governance, government, infrastructure, service, threat, usa, vulnerabilityFragmented Governance and Scarce Resources Make America’s Water Sector Vulnerable. America’s water utilities are the nation’s most cyber-vulnerable critical service sector, but their cybersecurity is overseen and supported by an ill-fitting patchwork of government agencies and most lack the resources to meet the threat they face. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/water-soft-underbelly-critical-infrastructure-a-31758
-
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine’s National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country.The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government First seen on…
-
AI-Driven Threats, Critical Vulnerabilities, and Supply Chain Breaches Define the Week in May 2026
Weekly summary of Cybersecurity Insider newsletters for May 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/ai-driven-threats-critical-vulnerabilities-and-supply-chain-breaches-define-the-week-in-may-2026/
-
New York regulator calls for additional cyber mitigation amid heightened threat environment
The guidance from the state Department of Financial Services arises from concerns about frontier AI and threats linked to the Iran war and other geopolitical risks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/new-york-regulator-cyber-mitigation-threat-AI-Iran/820979/
-
Fast and Furious Nimbus Manticore Operations During the Iranian Conflict
ey Findings Introduction During the recent geopolitical tensions in the Middle East, wereportedon multiple Iran-nexus threat actors advancing Iran’s strategic objectives through cyber operations. These activities includedtargeting internet-connected cameras, conductingdestructive attacksagainst US and Israeli entities, andexfiltrating datafrom cloud environments to support broader kinetic and intelligence-gathering efforts. Nimbus Manticore (also tracked asUNC1549) is an IRGC-affiliated threat…
-
China’s Webworm Uses Discord, Microsoft Graphs to Hack EU Governments
The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chinas-webworm-discord-microsoft-graphs
-
World Cup Phishing Surge: 203 Malicious IPs Detected
The scale of phishing activity targeting the 2026 FIFA World Cup has expanded dramatically, with new research revealing a far broader and more complex threat landscape than initially reported. What began as a cluster of 79 malicious domains has now evolved into a distributed phishing ecosystem spanning 222 domains mapped to 203 unique IP addresses…
-
Hackers Use Six-Layer Persistence on FreePBX Systems
Hackers are actively exploiting FreePBX systems using a highly resilient six-layer persistence mechanism. The campaign has been attributed with high confidence to the threat actor INJ3CTOR3, known for targeting VoIP infrastructure for financial gain since 2019. The operation deploys a multi-stage Bash dropper that installs a previously undocumented PHP webshell family named JOMANGY, alongside the…
-
Hackers Weaponize NF-e Invoice Lures to Deploy Banana RAT
Hackers are actively using Brazil’s electronic invoice system (NF-e) as a lure to distribute a sophisticated banking trojan known as Banana RAT. The campaign has been attributed to a financially motivated threat cluster tracked as SHADOW-WATER-063 and appears exclusively focused on Brazilian financial institutions. The investigation is notable because analysts obtained visibility into both attacker…
-
Microsoft 365 users targeted by new phishing threat that bypasses MFA
Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/22/kali365-microsoft-365-phishing-fbi-warning/
-
One Telecom Provider Hosted Most of the Middle East ‘s Active C2 Infrastructure
Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity. For years, threat intelligence focused mostly on malware families, phishing domains, and individual indicators. But a new report from Hunt.io shows why defenders may need to pay closer attention to something more boring, hosting…
-
Operation Dragon Whistle Targets Changzhou University with Malicious LNK Files
A recent phishing campaign dubbed “Operation Dragon Whistle” highlights an evolving trend in cyberattacks: threat actors abusing legitimate developer tools and cloud services to maintain stealth and persistence. Although initially linked to targeting academic environments such as Changzhou University, new analysis reveals overlapping tactics used in a broader campaign aimed at government-linked organizations, including Pakistan’s…
-
China’s Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chinas-webworm-discord-microsoft-graphs
-
Hackers Abuse Hugging Face to Deliver npm Malware
A newly uncovered supply chain attack targeting the npm ecosystem has been linked to North Korean (DPRK)-aligned threat actors. The campaign centers around a malicious npm package named terminal-logger-utils, which embeds a sophisticated multi-stage malware capable of keylogging, data exfiltration, and remote system control. The package was distributed through three dependent libraries pretty-logger-utils, ts-logger-pack, and pinno-loggers which automatically…
-
Lawmakers from both parties say CISA cuts have gone too far
Reps. Don Bacon, R-Neb., and James Walkinshaw, D-Va., found rare bipartisan agreement that the agency tasked with defending civilian networks has been diminished at a moment when threats from China and others are growing. First seen on cyberscoop.com Jump to article: cyberscoop.com/lawmakers-bipartisan-cisa-budget-cuts/

