Tag: threat
-
China-Linked groups target Southeast Asian government with advanced malware in 2025
China-linked groups hit a Southeast Asian government in 2025, deploying multiple malware families in a sophisticated cyber campaign. In 2025, three China-linked threat clusters targeted a Southeast Asian government in a complex, well-funded cyber operation. Threat actors deployed numerous malware types, including HIUPAN, PUBLOAD, EggStremeFuel/Loader, MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, and FluffyGh0st, showing…
-
RSAC 2026: Fraud Becomes a CISO-Level Security Threat
I sat down with the CEO of Bolster AI at RSAC 2026 to talk about the changing fraud landscape. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/rsac-2026-fraud-becomes-a-ciso-level-security-threat/
-
Forrester Threat Intelligence Landscape: Key Takeaways for Security Leaders
Forrester recently published The External Threat Intelligence Service Providers Landscape, Q1 2026, an overview of 34 vendors in the external threat intelligence market, defining market maturity and outlining key dynamics and use cases. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/forrester-threat-intelligence-landscape-key-takeaways-for-security-leaders/
-
TeamPCP’s attack spree slows, but threat escalates with ransomware pivot
TeamPCP’s destructive run of supply chain breaches has stopped, for now: it has been three days since the group published malicious versions of Telnyx’s SDK on PyPI, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/teampcp-supply-chain-attacks-ransomware/
-
3 SOC Process Fixes That Unlock Tier 1 Productivity
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary…
-
Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M
A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.’ First seen on hackread.com Jump to article: hackread.com/dark-web-market-375tb-lockheed-martin-data/
-
7 tabletop exercise scenarios every cybersecurity team should practice in 2026
Overview As cybersecurity threats continue to evolve and become more sophisticated, the need for comprehensive preparedness has never been more critical. Tabletop exercises are essential for testing and refining incident response plans, enhancing coordination between departments, and staying ahead of malicious actors. In this article, we outline seven tabletop exercise scenarios that cybersecurity teams should…The…
-
30th March Threat Intelligence Report
Iranian state-affiliated threat group Handala Hack has breached FBI director’s Patel’s personal Gmail account and leaked many personal photos and documents. This follows the FBI’s seizure of domains related to Handala Hack’s […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/30th-march-threat-intelligence-report/
-
North Korean IT Worker Used Stolen Identity, AI-Generated Resume in Job Scam
Tags: ai, breach, cyber, data-breach, fraud, identity, intelligence, jobs, north-korea, scam, threatA recent investigation as exposed how a suspected North Korean IT worker allegedly used a stolen identity, AI-generated resume content, and scripted interview answers to try to secure a senior remote role at U.S.-based threat intelligence firm Nisos. The case highlights how DPRK IT employment schemes are evolving by combining traditional fraud with modern AI…
-
CrySome RAT: Stealthy .NET Malware Adds AV Killer, HVNC Features
CrySome RAT is a newly observed, advanced .NET remote access trojan that combines full”‘featured post”‘exploitation tooling with unusually hardened persistence, AV-killing, and anti”‘removal logic, making it a serious long”‘term threat to Windows environments. The client component (Crysome.Client.exe) communicates with a TCP”‘based C2 operated by CrySome.Server.exe, with debug logging falling back to a Crysome_debug.log path if…
-
AI-Fueled Cyberattacks Surge in UAE Amid Rising Regional Tensions
The United Arab Emirates (UAE) is experiencing an unprecedented surge in cyberattacks, with recent regional tensions coinciding with a rise in digital threats powered by artificial intelligence. The country’s Cyber Security Council has highlighted the scale and complexity of UAE cyberattacks. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/uae-cyberattacks-surge-as-cyber-threats-fuels/
-
Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution
Attackers are exploiting a critical Fortinet FortiClient EMS flaw (CVE-2026-21643) that allows remote code execution via SQL injection. A critical Fortinet FortiClient EMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1), is now being actively exploited. Defused researchers warn that threat actors are exploiting the vulnerability in Fortinet’s FortiClient EMS platform. >>Fortinet Forticlient EMS CVE-2026-21643…
-
Why Kubernetes controllers are the perfect backdoor
Tags: access, api, automation, backdoor, compliance, container, control, kubernetes, malicious, mitre, service, threatFigure 1: Anatomy of a controller-based attack. The malicious webhook intercepts legitimate pod creation requests and injects a backdoor sidecar before the object is persisted to etcd. Niranjan Kumar Sharma As illustrated in Figure 1, this webhook acts as a controller. Every time a legitimate pod is created (e.g., a payment service), the API server sends…
-
Stop Scams steps up to online fraud challenge
After years of putting the building blocks in place, Stop Scams is ready and able to react quickly to fight emerging fraud threats First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366640819/Stop-Scams-steps-up-to-online-fraud-challenge
-
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…
-
Critical Fortinet Forticlient EMS flaw now exploited in attacks
Attackers are now actively exploiting a critical vulnerability in Fortinet’s FortiClient EMS platform, according to threat intelligence company Defused. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-fortinet-forticlient-ems-flaw-now-exploited-in-attacks/
-
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a “complex and well-resourced operation.”The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL First…
-
Critical Grafana Flaws Allow Attackers to Achieve Remote Code Execution
Grafana Labs has rolled out critical security updates to address two severe vulnerabilities impacting its widely used analytics and interactive visualization platform. The most severe flaw could allow threat actors to achieve full Remote Code Execution (RCE) and establish an SSH connection to the host server. Administrators are strongly advised to apply the security patches…
-
Aufdeckung von rund 15.500 bösartigen Domains
Wie aktuelle Analysen von Infoblox Threat Intel und Confiant zeigen, verlagert sich Cyberkriminalität zunehmend in schwer erkennbare Bereiche des Internets. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/aufdeckung-15-500-boesartige-domains
-
Aufdeckung von rund 15.500 bösartigen Domains
Wie aktuelle Analysen von Infoblox Threat Intel und Confiant zeigen, verlagert sich Cyberkriminalität zunehmend in schwer erkennbare Bereiche des Internets. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/aufdeckung-15-500-boesartige-domains
-
Aufdeckung von rund 15.500 bösartigen Domains
Wie aktuelle Analysen von Infoblox Threat Intel und Confiant zeigen, verlagert sich Cyberkriminalität zunehmend in schwer erkennbare Bereiche des Internets. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/aufdeckung-15-500-boesartige-domains
-
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…
-
Hackers Probe Citrix NetScaler Systems Ahead of Suspected CVE-2026-3055 Exploitation
Tags: citrix, cve, cyber, cyberattack, cybersecurity, data-breach, exploit, flaw, hacker, intelligence, threat, vulnerabilityCybersecurity researchers are warning organizations about imminent cyberattacks targeting a newly disclosed critical vulnerability in Citrix NetScaler ADC and Gateway appliances. Threat intelligence firms watchTowr and Defused Cyber have uncovered active reconnaissance campaigns targeting CVE-2026-3055, a severe flaw that allows attackers to steal sensitive data. With hackers actively scanning for exposed systems, organizations are urged…
-
VoidLink Proves AI-Assisted Malware Is No Longer Experimental
VoidLink shows that AI-assisted malware is now a mature, operational tool rather than a lab experiment, compressing what once required a full team into days of work by a single developer. At the same time, threat actors are cautiously testing self-hosted models, abusing agentic AI architectures, and probing enterprise GenAI usage as a fresh attack…
-
CISA Warns of Actively Exploited F5 BIG-IP Vulnerability in Ongoing Attacks
Tags: attack, cisa, cyber, cybersecurity, data-breach, exploit, flaw, infrastructure, kev, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an actively exploited flaw in F5 BIG-IP systems. The vulnerability has been officially added to the Known Exploited Vulnerabilities (KEV) catalog, signaling that threat actors are successfully weaponizing the bug in real-world attacks. Organizations running exposed F5 infrastructure must address this threat…
-
Attribute-Based Access Control for AI Capability Negotiation
Learn how Attribute-Based Access Control (ABAC) secures AI capability negotiation and MCP deployments against quantum threats and tool poisoning. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/attribute-based-access-control-for-ai-capability-negotiation/
-
Are your NHIs fully supported for optimal performance?
The Strategic Imperative of Non-Human Identity Management How secure is your organization when it comes to managing Non-Human Identities (NHIs)? With the increasing prevalence of cyber threats, optimizing NHI performance has become a cornerstone of effective cybersecurity strategies. NHIs, essentially machine identities, are pivotal in maintaining a secure digital, especially in cloud-based environments. Their management……
-
AI Threat Landscape Digest January-February 2026
EY FINDINGS AI-assisted malware development has reached operational maturity.VoidLink framework, which is modular, professionally engineered, and fully functional,was built by a single developer using a commercial AI-powered IDE within a compressedtimeframe. AI-assisted development is no longer experimental but produces deploymentreadyoutput. AI-assisted development is not always obvious from the final product.VoidLink was initially assessed as the…