Tag: threat
-
Investigating a New Click-Fix Variant
Disclaimer: This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content is intended for informational and preparedness purposes only.Read more blogs around threat…
-
Sicherheitsmodul im Linux-Kernel weist neun Sicherheitslücken auf
Die Qualys Threat Research Unit (TRU) hat ‘CrackArmor” entdeckt. Dabei handelt es sich um eine Reihe von neun Schwachstellen in <>, einem weit verbreiteten Sicherheitsmodul im Linux-Kernel. Diese Schwachstellen haben seit 2017 über 12 Millionen Unternehmenssysteme, auf denen Ubuntu-, Debian- und Suse-Distributionen laufen, angreifbar gemacht, sodass lokale Angreifer vollständigen Root-Zugriff erlangen, Container-Ausbrüche ausführen und systemweite…
-
AI-assisted Slopoly malware powers Hive0163’s ransomware campaigns
The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks. IBM X-Force researchers report that the financially motivated group Hive0163 is using AI-assisted malware named Slopoly to maintain persistent access during ransomware attacks, showing how threat actors can quickly build new malware frameworks using AI. Hive0163 is a threat actor…
-
Threat Modeling with AI: A Developer-Driven Boon for Enterprise Security
For companies running a modern, adaptive and defense-centered security program, threat modeling is not a new concept. In fact, it’s one of the core tenets of preventative cybersecurity best practices. Being able to find vulnerabilities within software or a network, map them out and remediate them before an attacker can successfully orchestrate a breach.. First…
-
Storm-2561 Uses SEO Poisoning, Fake Signed VPN Apps to Steal Enterprise Credentials
A financially motivated threat actor tracked as Storm-2561 is running a credential theft campaign that abuses SEO poisoning and fake, signed VPN installers to steal enterprise VPN credentials. Active since May 2025, Storm-2561 continues to exploit user trust in search results, known VPN brands, and code-signing certificates to distribute malware disguised as legitimate remote access…
-
Decoding the White House Cyber Strategy: Why Resilience Matters Now
Tags: ai, cyber, cybersecurity, infrastructure, network, resilience, strategy, threat, usa, zero-trustAmerica’s new National Cyber Strategy sends a very clear message that cybersecurity is now about resilience, not just defense. The strategy emphasizes modernizing federal networks, protecting critical infrastructure, and deploying AI-enabled cybersecurity capabilities to detect and disrupt threats at scale. It also reinforces long-standing priorities such as Zero Trust architecture and secure supply chains. But……
-
How Threat Intelligence Protects Player Experience for Betting and Gaming Customers
Threat intelligence and bot mitigation strategies help gaming and betting platforms stop credential stuffing, scraping and automated fraud. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/how-threat-intelligence-protects-player-experience-for-betting-and-gaming-customers/
-
How Threat Intelligence Protects Player Experience for Betting and Gaming Customers
Threat intelligence and bot mitigation strategies help gaming and betting platforms stop credential stuffing, scraping and automated fraud. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/how-threat-intelligence-protects-player-experience-for-betting-and-gaming-customers/
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Iran War Bait Fuels TA453, TA473 Phishing Campaigns
Tags: cloud, credentials, cyber, espionage, exploit, government, iran, malware, middle-east, phishing, service, theft, threatTA453, TA473, and several emerging threat clusters are exploiting breaking news about the Iran war to run highly targeted phishing campaigns against governments and policy organizations across the Middle East and beyond. These operations blend traditional espionage with opportunistic credential theft and malware delivery, often abusing compromised government accounts and trusted cloud services to increase…
-
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel’s AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees.The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The First seen on thehackernews.com Jump to…
-
Qualys Threat Research Unit entdeckt ‘CrackArmor”
Die Qualys Threat Research Unit (TRU) hat heute ‘CrackArmor” enthüllt eine Sammlung von neun Sicherheitslücken im weit verbreiteten Linux-Sicherheitsmodul AppArmor. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/qualys-threat-research-unit-entdeckt-crackarmor/a44107/
-
Apple Releases Emergency iOS 15.8.7 Update to Block ‘Coruna’ Exploit Kit
Apple has rolled out an emergency security update, iOS 15.8.7 and iPadOS 15.8.7, to protect users of older iPhones and iPads from a sophisticated threat known as the Coruna exploit kit. Released on March 11, 2026, this critical patch backports several major security fixes that were previously issued for newer devices running iOS 16 and…
-
Starbucks discloses data breach affecting hundreds of employees
Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/starbucks-discloses-data-breach-affecting-hundreds-of-employees/
-
PsExec and Renamed Backup Tools Enabled Data Theft Before INC Ransomware Attack
A ransomware intrusion in which attackers used legitimate Windows tools and a renamed backup utility to quietly stage and exfiltrate sensitive data before deploying INC ransomware. The incident highlights how threat actors increasingly rely on “living off the land” techniques to evade detection and operate within compromised environments. Investigators later determined that the threat actor…
-
Six Packagist Packages Linked to Trojanized jQuery Campaign
Six malicious OphimCMS themes on Packagist have been caught shipping trojanized jQuery and other JavaScript, exposing movie”‘streaming sites and their visitors to redirects, URL exfiltration, and aggressive ad schemes tied to sanctioned FUNNULL infrastructure. Socket’s Threat Research Team found that the attacker embedded all malicious logic in bundled JS assets while leaving the PHP code and package…
-
Cryptographic Agility in Model Context Protocol Implementations
Learn how to implement cryptographic agility in Model Context Protocol (MCP) to protect AI infrastructure against quantum threats with PQC and modular security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/cryptographic-agility-in-model-context-protocol-implementations/
-
How smart can Agentic AI become in protecting assets
Can Smart Agentic AI Revolutionize Asset Protection? How can organizations harness the power of Agentic AI to safeguard their most valuable assets? With industries continue to move operations to cloud-based environments, safeguarding digital assets against cyber threats is more crucial than ever. This blog post delves into the role smart Agentic AI plays in Non-Human……
-
AI-generated Slopoly malware used in Interlock ransomware attack
A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-generated-slopoly-malware-used-in-interlock-ransomware-attack/
-
The Prompt Injection Peril and Why AI Agents Are Your Network’s Newest Vulnerability
As enterprises race to embed AI agents into everyday workflows, a new and still poorly understood threat is moving from research papers into production risk: indirect prompt injection. In this conversation, Amit Chita, field CTO at Mend.io, explains why organizations building AI-powered applications need to stop treating prompt security as an edge case and start..…
-
Medical giant Stryker crippled after Iranian hackers remotely wipe computers
Tags: access, attack, authentication, best-practice, ceo, computer, credentials, cyber, cyberattack, data, flaw, group, hacker, identity, infrastructure, intelligence, iran, jobs, mobile, phone, service, software, supply-chain, theft, threat, updateHandala claims credit: The Handala threat group quickly claimed responsibility for the attack. While the group’s involvement is just a claim for now, Stryker employees reportedly saw a version of the Handala logo a cartoon of a Palestinian boy with his back turned and hands crossed behind him on affected devices.Handala’s identity is hard to…
-
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163.”Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used to…
-
The Threat Within: How Intelligent Detection Prevented a Potential Internal Malware Incident
Executive Overview Organizations often focus heavily on defending their perimeter against external attackers. Firewalls, threat intelligence feeds, and intrusion prevention systems are designed to stop threats attempting to break in from outside the network. However, experienced security professionals understand an important reality. Threats that originate from within the network can sometimes be more dangerous than…
-
“Handala Hack” Unveiling Group’s Modus Operandi
ey Findings Introduction Handala Hack, also tracked by Check Point Research as Void Manticore, is an Iranian threat actor that is known for multiple destructive wiping attacks combined with “hack and leak” operations. The threat actor operates several online personas, with the most prominent among them beingHomeland Justice, maintained from mid-2022 specifically for multiple attacks…
-
Why Cybersecurity Can No Longer Be Treated as an IT Problem
Secure Horizons’ Sarah Armstrong-Smith on Building Collective Resilience. Identity has overtaken endpoints as the primary attack vector. Organizations must treat cybersecurity as an enterprise-scale risk, not an IT problem, to build the collective resilience that geopolitical threats now demand, says Sarah Armstrong-Smith, executive director at Secure Horizons. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cybersecurity-no-longer-be-treated-as-problem-a-30996
-
Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules
Cyber officials lamented Wednesday that its a challenge to make the wider population appreciate the gravity of the threat the hacking group presents. First seen on cyberscoop.com Jump to article: cyberscoop.com/salt-typhoon-china-telecom-hack-impact-new-jersey/