Tag: threat
-
Threat Actors Intensify Targeting of IP Cameras Across the Middle East Amid Ongoing Conflict
Cyber operations have once again become an integral component of the ongoing conflict across the Middle East, with researchers identifying a wave of attacks against Internet-connected IP cameras beginning on February 28, 2026. According to CPR, the observed campaigns appear to pursue operational surveillance objectives rather than monetary gain. Analysts assess that the Iranian operators may…
-
Tycoon 2FA Phishing Operation Dismantled in Joint Raid by Microsoft and Europol
Microsoft, Europol, and industry partners have successfully dismantled the Tycoon 2FA Phishing-as-a-Service (PhaaS) platform. Operating since August 2023, this immense adversary-in-the-middle (AiTM) operation allowed cybercriminals to bypass multi-factor authentication (MFA) and infiltrate over 96,000 distinct victims globally. This coordinated disruption marks a significant blow to the cybercriminal impersonation economy. Anatomy of the Tycoon 2FA Threat…
-
Threat Report 2026: KI und Botnetze treiben die Industrialisierung von Cyberangriffen
Die erste Version des Cloudflare Threat Reports 2026 basiert auf Telemetriedaten aus einem Netzwerk, das rund 20 Prozent des weltweiten Internet-Traffics verarbeitet eine der größten verfügbaren Datenquellen zur globalen Bedrohungslage [1]. Er beschreibt eine zunehmend industrialisierte Cyberbedrohungslandschaft, in der Effizienz und Skalierbarkeit wichtiger sind als technische Raffinesse. Anstelle komplexer Einzelangriffe setzen Akteure immer mehr… First…
-
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
-
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
-
‘Hundreds’ of Iranian hacking attempts have hit surveillance cameras since the missile strikes
Attack infrastructure attributed to ‘several Iran-nexus threat actors’ First seen on theregister.com Jump to article: www.theregister.com/2026/03/04/iranian_hacking_attempts_ip_cameras/
-
‘Hundreds’ of Iranian hacking attempts have hit surveillance cameras since the missile strikes
Attack infrastructure attributed to ‘several Iran-nexus threat actors’ First seen on theregister.com Jump to article: www.theregister.com/2026/03/04/iranian_hacking_attempts_ip_cameras/
-
How does NHI management empower proactive security measures
What Does NHI Management Mean for Your Enterprise’s Security? How do organizations ensure their digital assets remain secure amidst evolving threats? The key lies in the management of Non-Human Identities (NHIs). When organizations increasingly adopt cloud environments, there is a pressing need for robust NHI management to bridge the gap between security and research &……
-
Is investing in advanced AI cybersecurity justified
Are You Safeguarding Your Business With Non-Human Identities? Have you ever wondered how secure your organization’s systems are against non-human threats? Where the interaction between machines and systems is increasing, Non-Human Identities (NHIs) have become a critical focus for cybersecurity. These machine identities are pivotal in managing cybersecurity risks, especially where companies increasingly operate in……
-
Fig Security Raises $30M to Modernize SOC Infrastructure
Series A Funding Aims to Give Security Teams Visibility Into Complex SecOps Stacks. Fig Security has raised $30 million in Series A funding to help organizations modernize their SOC infrastructure. The startup said CISOs lack visibility into complex SecOps pipelines spanning SIEMs, data lakes and automation tools, which can lead to silent failures that undermine…
-
Why AI, Zero Trust, and modern security require deep visibility
Tags: ai, cyber, cybersecurity, data, detection, incident response, intelligence, soc, strategy, threat, tool, zero-trust72% of organizations say NAV is essential for proactive threat hunting and reactive incident response69% say a NAV solution is vital to their threat detection and incident response processThis isn’t about adding more gadgets to the SOC. It’s about strengthening the foundation that the SOC stands on.When visibility is weak, every advanced capability becomes unstable:AI…
-
Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
A previously undocumented set of 23 iOS exploits named “Coruna” has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/spyware-grade-coruna-ios-exploit-kit-now-used-in-crypto-theft-attacks/
-
Hacker mass-mails HungerRush extortion emails to restaurant patrons
Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/
-
How Threat Actors Turned OpenClaw Into a Scraping Botnet
How did OpenClaw become botnet infrastructure so quickly? DataDome analyzes the hijacked AI agents scraping sites at scale and how we detect them. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/how-threat-actors-turned-openclaw-into-a-scraping-botnet/
-
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion.”The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, driving nearly 70% of all attack activity between February 28 and March 2,” Radware said…
-
Iranian-U.S./Israeli Hostilities Lead to Increased Threat Landscape
Tags: attack, credentials, cyber, data-breach, disinformation, espionage, exploit, intelligence, iran, phishing, risk, theft, threatOverview Iranian”‘aligned cyber actors pose an elevated near”‘term risk due to their history of espionage, credential theft, disruptive attacks, and high”‘visibility “hacktivist” and disinformation operations, often targeting U.S. and allied interests through phishing, exploitation of exposed systems, and social manipulation. Given the current active hostilities between Iran and the U.S./Israeli-led coalition, threat intelligence indicates activity”¦…
-
Iran-nexus hackers target flaws in surveillance cameras
The threat activity echoes prior exploitation during the Israeli war with Hamas, a precursor to attacks against critical sectors in the U.S. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-hackers-target-flaws-ip-cameras/813795/
-
Wenn Phishing zur ‘PlugPlay”-Dienstleistung wird: Das Kratos-Kit im Blick
Die KnowBe4 Threat Labs haben Anfang 2026 ein Phishing-as-a-Service-Kit namens Kratos aufgespürt. Eine Plattform, die selbst technisch weniger versierten Angreifern ermöglicht, hochkomplexe, internationale Phishing-Kampagnen aufzusetzen schnell, skalierbar und erschreckend professionell. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-phishing-zur-plug-and-play-dienstleistung-wird-das-kratos-kit-im-blick/a43945/
-
Wenn Phishing zur ‘PlugPlay”-Dienstleistung wird: Das Kratos-Kit im Blick
Die KnowBe4 Threat Labs haben Anfang 2026 ein Phishing-as-a-Service-Kit namens Kratos aufgespürt. Eine Plattform, die selbst technisch weniger versierten Angreifern ermöglicht, hochkomplexe, internationale Phishing-Kampagnen aufzusetzen schnell, skalierbar und erschreckend professionell. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-phishing-zur-plug-and-play-dienstleistung-wird-das-kratos-kit-im-blick/a43945/
-
Crowdstrike 2026 Global Threat Report: 3 Key Learnings for Identity Security
First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/crowdstrike-2026-global-threat-report-3-key-learnings-for-identity-security/
-
Iranian cyberattacks fail to materialize but threat remains acute
Tags: ai, application-security, attack, ceo, control, country, cyber, cyberattack, cybercrime, cybersecurity, defense, endpoint, finance, government, group, healthcare, infrastructure, intelligence, Internet, iran, malware, mfa, monitoring, phishing, risk, service, supply-chain, technology, threat, tool, update, vpnTargeting and response: According to Adrian Cheek, a senior cybercrime researcher at Canadian threat intelligence company Flare, the most at-risk sectors are critical infrastructure, including the defense and government supply chain, financial services, energy, and healthcare.”Water, energy, and healthcare sectors are currently the most exposed. These sectors combine high targeting priority with weak baseline security,…
-
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 1317.2.1
Google said it identified a “new and powerful” exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1.The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. It’s not effective against the latest version of iOS. The…
-
Indian APT ‘Sloppy Lemming’ Targets Defense, Critical Infrastructure
India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/india-apt-sloppy-lemming-defense-critical-infrastructure
-
New Threat Report: AI Accelerates High-Velocity Cyber Attacks
Cyberattacks are shifting from “breaking in” to simply “logging in,” with AI now automating high-speed operations that overwhelm human defenders. Cloudforce One describes MOE as a cold ratio of effort to operational outcome, and modern threat actors are optimizing every stage of their campaigns around it. Instead of burning expensive zero-days, attackers prefer cheap, scalable…
-
Shadow AI vs Managed AI: What’s the Difference? FireTail Blog
Tags: access, ai, api, attack, breach, chatgpt, ciso, cloud, computer, control, credentials, credit-card, data, data-breach, framework, google, injection, intelligence, Internet, law, LLM, malicious, mitre, monitoring, network, password, phishing, phone, risk, software, switch, threat, tool, training, vulnerabilityMar 04, 2026 – – Quick Facts: Shadow AI vs. Managed AIShadow AI is a visibility gap: It refers to any AI tool used by employees that the IT department doesn’t know about. Most companies have 10x more AI tools in use than they realize.Managed AI is a “Paved Path”: It uses approved, secure versions…
-
Iranian APT Groups Intensify Cyberattacks on Critical Infrastructure Amid Rising Geopolitical Tensions
A dramatic escalation in Middle Eastern tensions began last week with Operation Lion’s Roar, a joint U.S.-Israeli military strike on Iranian nuclear and military sites. Iran retaliated with missiles and drones, disrupting energy, air travel, and diplomatic stability across the Gulf. Amid this kinetic conflict, Iranian state-affiliated advanced persistent threats (APTs) have ramped up cyber…
-
AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks
Ransomware operators are increasingly abusing Microsoft’s trusted Azure data transfer utility, AzCopy, to quietly exfiltrate sensitive data before encryption, turning a routine cloud migration tool into a stealthy theft channel. Instead of relying on obviously malicious tools like Rclone or MegaSync, threat actors are pivoting to native, administrator-approved cloud utilities to blend into normal IT…
-
Von Vibe Hacking bis hin zu Flat-Pack-Malware
HP hat seinen aktuellen Threat Insights Report veröffentlicht und zeigt, wie künstliche Intelligenz zunehmend von Angreifern genutzt wird, um Cyberangriffe schneller, kostengünstiger und effizienter durchzuführen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/vibe-hacking-flat-pack-malware
-
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024.”Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments,” Check Point said…