Tag: threat
-
FBI, Google Take Down NetNut Proxy Network Used by Cyber Threat Actors
The NetNut proxy network and the ‘Popa’ botnet are known to have infected devices with variants of Mirai DDoS botnets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-google-take-down-netnut-proxy/
-
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data.The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability…
-
Geopolitical cyber threats are turning HR into a security front line
In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/07/03/geopolitical-cyber-threats-video/
-
CitrixBleed Vulnerability Exploitation Within 24 Hours of Disclosure
Citrix NetScaler appliances are currently facing significant threats due to the rapid exploitation of a newly disclosed memory disclosure vulnerability, CVE-2026-8451, which is part of the evolving “CitrixBleed” class. This high-severity flaw (CVSS 8.8), disclosed on June 30, 2026, in Citrix advisory CTX696604, was observed being exploited in the wild within just 24 hours of…
-
Hackers Compromise GitHub Maintainer Accounts to Publish PolinRider-Infected Package Versions
A widescale escalation in the PolinRider supply”‘chain campaign: threat actors have compromised GitHub maintainer accounts to publish infected package versions across multiple ecosystems. The investigation identified 162 malicious release artifacts across 108 unique packages and extensions in npm, Packagist, Go modules, and a Chrome extension, linking this activity to the broader North Korean Contagious Interview…
-
EU-US Data Privacy Framework Under Threat After Supreme Court Ruling
EU-US Data Privacy Framework First seen on thecyberexpress.com Jump to article: thecyberexpress.com/eu-us-data-privacy-framework/
-
Geopolitical cyber threats are turning HR into a security front line
In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/07/03/geopolitical-cyber-threats-video/
-
Organizations struggle to prioritize known cyber risks
Organizations collect more cyber risk data than ever, with many still struggling to build a unified view of their exposure. The latest State of Threat Management report from … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/07/03/cyber-risk-exposure-report/
-
Google Disrupts NetNut Residential Proxy Botnet Used for Malware C2 and Password Spray Attacks
Google has disrupted the NetNut residential proxy botnet, a large-scale infrastructure widely exploited for malware command-and-control (C2) operations and password spray attacks. This coordinated effort involved the FBI, Lumen, and various industry partners. It was announced by Google’s Threat Intelligence Group (GTIG) on July 3, 2026. This action is part of an ongoing campaign to…
-
How Dragos Acquisition Expands Accenture’s OT Security Reach
Joint Accenture-Dragos Platform Adds OT, Threat Intelligence and Incident Response. Accenture says its acquisition of Dragos combines managed security services with leading OT threat intelligence, asset discovery and incident response capabilities, helping industrial organizations strengthen defenses as AI adoption and IT-OT convergence increase cyber risk. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/how-dragos-acquisition-expands-accentures-ot-security-reach-a-32148
-
AI-Driven Threats, Global Breaches, and Compliance Shifts Define the Week in Cybersecurity for July 2026
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ai-driven-threats-global-breaches-and-compliance-shifts-define-the-week-in-cybersecurity-for-july-2026/
-
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people’s traffic.Working with the FBI, Lumen, and others, Google’s Threat Intelligence Group (GTIG) said this week it had reduced the network’s pool of usable devices by millions.Google identifies NetNut, also tracked as Popa, as a network…
-
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Tags: access, citrix, credentials, exploit, group, monitoring, ransomware, supply-chain, tactics, threat, vulnerabilityThreat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access.”Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral First seen on thehackernews.com Jump to…
-
Catan and Mouse
What do board games and cybersecurity have in common? Pattern recognition. Strategy. Adaptation. In this week’s Threat Source Bill explores why curiosity may be a defender’s most valuable skill. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/catan-and-mouse/
-
This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate
Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and his team at Team Cymru to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspects, the recovery of more than $3 million, and the decryption of six malware variants. Here’s his story. First seen on darkreading.com Jump to article:…
-
Safe Events Start With Threat Intel & Digital Security
Planning ahead to defend against cyber threats is the work that keeps events uneventful. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/safe-events-threat-intel-digital-security
-
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that’s designed to gain surreptitious access to a victim’s email correspondence via the Google API.”In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs,” Kaspersky said in a detailed report…
-
430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link
FortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks. SOCRadar’s Threat Research Unit has connected FortiBleed, a large-scale campaign that harvested credentials from over 430,000 FortiGate firewalls worldwide, directly to two active ransomware operations: INC Ransom and Lynx. The link isn’t circumstantial. An operator…
-
430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link
FortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks. SOCRadar’s Threat Research Unit has connected FortiBleed, a large-scale campaign that harvested credentials from over 430,000 FortiGate firewalls worldwide, directly to two active ransomware operations: INC Ransom and Lynx. The link isn’t circumstantial. An operator…
-
Hackers Use Geofenced Webpages to Deliver Ousaban Banking Trojan in Spain and Portugal
A targeted phishing campaign delivering the Ousaban banking Trojan to users in Spain and Portugal, notable for its use of geofenced webpages, layered evasion techniques, and a modular delivery chain. The threat actor repurposes a playbook seen previously in Brazil but has refined access controls and server-side checks to ensure malware reaches only the intended…
-
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Tags: ai, attack, credentials, exploit, jobs, network, ransomware, rce, remote-code-execution, threatSecurity firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent.Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a…
-
Japan revises AI strategy amid frontier AI threats
Just six months after releasing its national AI framework, Tokyo is updating its guidelines to address the weaponisation of frontier AI models capable of finding and exploiting unknown vulnerabilities First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366645374/Japan-revises-AI-strategy-amid-frontier-AI-threats
-
ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth
A recent surge in ValleyRAT activity that combines RC4-encrypted payloads, Donut-generated shellcode, and in-memory execution via suspended rundll32 processes to evade detection. First named by Proofpoint in 2023, ValleyRAT continues to evolve: LevelBlue’s telemetry shows a marked increase in successful detections beginning May 2025 and accelerating into 2026. The threat now presents through two primary…
-
Filigran-Studie: Unternehmen kämpfen mit Lücke zwischen Threat Intelligence und operativer Umsetzung
Der ‘State of Threat Management Report” zeigt ein zentrales Problem: Viele Unternehmen kennen ihre Schwachstellen, können aber nicht schnell genug entscheiden sie zu schließen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/filigran-studie-unternehmen-kaempfen-mit-luecke-zwischen-threat-intelligence-und-operativer-umsetzung/a45648/
-
FortiBleed Campaign Linked to INC and Lynx Ransomware Operations
A direct operational link between the large-scale FortiBleed credential-harvesting campaign and two active ransomware-as-a-service (RaaS) groups: INC Ransom and Lynx. This finding provides the first confirmed evidence that mass theft of FortiGate credentials is being integrated into ransomware deployment processes, significantly increasing the threat posed by exposed firewall infrastructure. FortiBleed Campaign Linked to INC and…
-
Healthcare Cybersecurity Threats Persist in 2026
SonicWall found healthcare remains the top cybersecurity target, with rising malware, ransomware, and medical IoT threats. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/healthcare-cybersecurity-threats-persist-in-2026/
-
MeetingTV Sues Palo Alto Networks Over Koi Threat Report
Tags: ai, china, cybercrime, cybersecurity, infrastructure, intelligence, malware, network, threat, toolMeetingTV Says Koi’s AI Analysis Tool Wrongly Tied it to Malware Infrastructure. MeetingTV alleges an AI-assisted threat intelligence report published by Koi Security falsely linked its infrastructure to a Chinese cybercrime operation, while Koi parent Palo Alto Networks argues the report reflects protected cybersecurity analysis rather than actionable false statements. First seen on govinfosecurity.com Jump…
-
Azure Password-Spraying Attack Bypasses MFA Defenses
Threat Actor Uses Deprecated OAuth 2.0 Authentication Flow. Attackers behind a password-spraying campaign targeting Microsoft Office 365 accounts have amassed dozens of victims by abusing a deprecated feature in OAuth 2.0 to generate access tokens, in some cases sidestepping multifactor authentication controls, warn researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/azure-password-spraying-attack-bypasses-mfa-defenses-a-32128
-
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT.Kaspersky said the activity is part of a “massive, multi-domain, multi-language” campaign that distributes malicious installer archives hosted on spoofed websites.These installers masquerade as popular software like OBS Studio, DNS Jumper, DS4Windows, and Bandicam, among others. First seen…

