Tag: threat
-
Suspected Chinese Threat Group Targets Universities via Vulnerable Roundcube Servers
A suspected Chinese threat cluster is exploiting Roundcube vulnerabilities to compromise university networks in the US and Canada and harvest user credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-aligned-cluster-roundcube/
-
4 Best Email Security Solutions to Keep Employee Inboxes Safe
Compare leading and best email security solutions with AI threat detection, phishing defense, malware blocking, and DLP features for teams. First seen on hackread.com Jump to article: hackread.com/best-email-security-solutions-employee-inboxes-safe/
-
UAT-7810 continues building ORB networks using new malware
Talos’ latest findings on UAT-7810 indicate that the threat actor continues to develop their custom-made malware. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-7810/
-
AI-Generated Malware Powers New Armored Likho APT Campaign
Armored Likho APT uses AI-generated malware, phishing, and BusySnake Stealer to target governments and power grids in Russia, Kazakhstan, and Brazil. Kaspersky’s threat research team has documented a previously unknown APT group they’re calling Armored Likho, also tracked under the name Eagle Werewolf. The group runs two parallel tracks: financially motivated attacks against private individuals…
-
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign.The activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials, First seen…
-
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign.The activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials, First seen…
-
Hackers Exploit Maximum Severity Adobe ColdFusion Flaw
Threat actors are exploiting an Adobe ColdFusion vulnerability which has a CVSS score of 10.0 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/exploit-maximum-severity-adobe/
-
Neuer macOS-Infostealer tarnt sich als Maccy-Anwendung
Sicherheitsforscher von Jamf Threat Labs haben eine neue Schadsoftware für macOS entdeckt, die gezielt auf den Diebstahl sensibler Daten ausgelegt ist. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/macos-infostealer-maccy-anwendung
-
Cavern Manticore Malware Uses Low-Detection .NET Modules for Reconnaissance and Lateral Movement
A newly identified Iran-linked threat group, tracked as Cavern Manticore, is deploying a sophisticated modular command-and-control (C2) framework built on a shared .NET foundation to conduct stealthy reconnaissance and lateral movement against Israeli government and IT organizations. The group’s custom C2 components exhibit extremely low detection rates on public sandboxes, enabling persistent access while evading…
-
The Defender’s Dilemma: AI, MDR, and the Future of Security
Traditional cybersecurity approaches are struggling to keep pace with modern threats, making autonomous AI essential. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/the-defenders-dilemma-ai-mdr-and-the-future-of-security/
-
‘BusySnake’ Infostealer Slithers into Critical Infrastructure Networks
A threat group researchers call Armored Likho has gained access to government agencies and electrical power entities in Russia, Brazil, and Kazakhstan. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/busysnake-infostealer-critical-infrastructure-networks
-
Fake IT support calls on Microsoft Teams push EtherRAT malware
Threat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-it-support-calls-on-microsoft-teams-push-etherrat-malware/
-
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
An Iranian hacking group affiliated with Iran’s Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations.The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point Research First seen…
-
Canadian spy agency says it hacked drug traffickers, extremists, and a ransomware gang last year
The hacking operations disclosed in a Canadian spy agency’s annual report underscores some pressing national security threats facing the country and its top allies. First seen on techcrunch.com Jump to article: techcrunch.com/2026/07/06/canadian-spy-agency-says-it-hacked-drug-traffickers-extremists-and-a-ransomware-gang-last-year/
-
JadePuffer: The First Complete LLM-Driven Ransomware Attack
An agentic threat actor successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/jadepuffer-first-complete-llm-driven-ransomware-attack
-
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig.The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the “X-WEBAUTH-USER” header from any source IP address, effectively allowing an unauthenticated internet client to get elevated…
-
Sysdig clocks first documented case of agentic ransomware
The AI agent didn’t accomplish every step in the late June 2026 attack, but it allowed the threat actor to significantly reduce complexity, speed up the tempo and gain operational advantages. First seen on cyberscoop.com Jump to article: cyberscoop.com/sysdig-judepuffer-ai-agentic-ransomware-attack/
-
Canadian spy agency says it hacked drug traffickers, extremists and a ransomware gang last year
The hacking operations disclosed in a Canadian spy agency’s annual report underscores some pressing national security threats facing the country and its top allies. First seen on techcrunch.com Jump to article: techcrunch.com/2026/07/06/canadian-spy-agency-says-it-hacked-drug-traffickers-extremists-and-a-ransomware-gang-last-year/
-
âš¡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary.Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems…
-
Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts.The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India. First seen on thehackernews.com…
-
SilverFox Campaign Turns ValleyRAT Into Multi-Stage Malware With Rootkit Capabilities
The SilverFox advanced persistent threat (APT) group has escalated its offensive toolkit by transforming ValleyRAT from a conventional remote access trojan into an eight-stage malware chain culminating in a kernel-mode rootkit. This evolution marks a significant shift in post-exploitation persistence, blending user-mode orchestration with deep kernel control to evade detection and maintain long-term access. The…
-
Malicious Agent Skills Can Steal Credentials, Exfiltrate Source Code, and Install Backdoors
Malicious AI agent skills can be packaged to steal credentials, exfiltrate source code, and install backdoors while still bypassing many current skill-auditing systems. The paper finds that static scanners are especially weak against payload-preserving evasions, while runtime behavior auditing is far more resilient. The core threat is simple but serious: an agent skill is not…
-
AI Agent Pulls Off a Ransomware Attack Without Human Help
Researchers Say the Attack Combined AI Decision-Making With Known Software Flaws. An autonomous AI agent has executed what researchers describe as the first agentic ransomware attack, exploiting vulnerabilities, stealing credentials and encrypting a production database without human intervention. Cloud security firm Sysdig attributed it to a threat actor it tracks as Jadepuffer. First seen on…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Hijacked npm Packages Use Novel VSCode Autorun and Blockchain Dead Drops to Deploy a Credential/Crypto Stealer Building a CI/CD pipeline for Sigma rules Inside StegoAd: How a Threat Actor Evolved to Fuel Silent Ad…
-
U.S. Government Agency Paid $1M to Data Extortion Group Kairos
Tags: blockchain, data, data-breach, extortion, government, group, ransom, ransomware, theft, threatA U.S. government agency paid $1M to Kairos, a group focused on data theft and extortion rather than ransomware, Ransom-ISAC reports. A new case study from Ransom-ISAC reconstructs a complete data-extortion incident involving a U.S. government body and a threat actor called Kairos, using a leaked negotiation transcript and blockchain tracing of the ransom payment.…
-
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider.”The campaign remains active, and new malicious packages are likely to continue appearing as threat actors compromise…
-
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft.According to JFrog, the packages “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core” mimic the legitimate “rollup-plugin-polyfill-node” project, down to the description, repository metadata, and First seen on thehackernews.com Jump…
-
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan.”Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations,” Kaspersky said in a technical analysis published today. “ First seen on…
-
JADEPUFFER: First EndEnd AI-Driven Ransomware Operation
Sysdig reports an AI agent ran a full ransomware attack end-to-end, exploiting flaws, stealing creds, moving laterally, and encrypting data without humans. Sysdig’s Threat Research Team has documented what it assesses to be the first ransomware operation driven end-to-end by a large language model. The operator, which Sysdig calls JADEPUFFER, broke into a server, harvested…

