Tag: threat
-
North Korean Hackers Continue to Target US Healthcare
Tags: attack, extortion, group, hacker, healthcare, intelligence, lazarus, north-korea, ransomware, threatReport: Lazarus Group Pivoting to Medusa Ransomware for Extortion Attacks. North Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report. First seen on govinfosecurity.com…
-
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
Tags: attack, group, healthcare, intelligence, korea, lazarus, middle-east, north-korea, ransomware, threatThe North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team.Broadcom’s threat intelligence division said it also identified the same threat actors mounting an unsuccessful…
-
North Korean Lazarus group linked to Medusa ransomware attacks
North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-group-linked-to-medusa-ransomware-attacks/
-
AI Arms Race Shrinks Breakout Time to 29 Minutes as Adversaries Turn GenAI on the Enterprise
Artificial intelligence is no longer just a defensive tool; it is now a core accelerant for cybercriminals and nation-state actors alike. That is the central message from CrowdStrike’s newly released 2026 Global Threat Report, which paints 2025 as the “year of the evasive adversary”, defined by speed, identity abuse and direct attacks on AI systems…
-
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities.The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week.”The group used several First seen…
-
AI-powered Cyber-Attacks Up Significantly in the Last Year, Warns CrowdStrike
CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-powered-cyberattacks-up/
-
Model Inversion Attacks: Growing AI Business Risk
In an era where artificial intelligence (AI) and machine learning (ML) are driving unprecedented innovation and efficiency, a new class of cyber threats has emerged that puts sensitive data and entire business operations at serious risk. Among these threats, model inversion attacks have become particularly concerning for organizations that rely on machine learning models trained……
-
It’s time to rethink CISO reporting lines
Tags: ai, business, ceo, cio, ciso, control, cyber, data, governance, infrastructure, jobs, risk, threat, vulnerabilityWhat’s in a reporting line?: Aaron Painter, CEO of security vendor Nametag, contends that reporting structures often mean less than the respect the CISO is granted.Painter is “less dogmatic about where the CISO reports and more focused on whether they actually have a seat at the table,” he says.”Org charts matter far less than influence,”…
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Why SOCs are moving toward autonomous security operations in 2026
The modern security operations center faces a crisis of scale that human effort cannot fix. With alert volumes exponentially growing and threat actors automating their … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/socs-autonomous-security-operations-strategies/
-
ClickFix Infostealer Spreads via Fake CAPTCHA Traps, Targeting Unsuspecting Users
A new wave of the ClickFix Infostealer campaign that abuses fake CAPTCHA pages to deliver credential-stealing malware. Initially detected through late-stage Endpoint Detection and Response (EDR) alerts, the campaign shows strong similarities to the ClickFix operation targeting restaurant reservation systems in July 2025, as highlighted in BlueVoyant’s earlier research. Further correlation with recent threat telemetry suggests that this campaign…
-
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerabilityRecommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
-
Can Agentic AI operate independently in managing machine identities
What Is the Role of Agentic AI in Managing Machine Identities? How can organizations enhance their security measures where teeming with sophisticated cybersecurity threats? The answer may be in evolving role of Agentic AI, particularly in managing machine identities. With the rise of cloud technologies and automated systems, machine identities”, often seen as Non-Human Identities…
-
Data Breaches in 2026: What’s old, what’s new?
Data breaches in 2026 explained, new cyber threats, AI driven attacks, common breach causes, and practical security strategies for individuals and businesses First seen on hackread.com Jump to article: hackread.com/data-breaches-2026-whats-old-whats-new/
-
Iran’s MuddyWater Targets Orgs With Fresh Malware as Tensions Mount
The long-active Iranian threat group debuted various attack strains and payloads in attacks against organizations in the Middle East and Africa. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iran-muddywater-new-malware-tensions-mount
-
APT28 Targeted European Entities Using Webhook-Based Macro Malware
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe.The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation of…
-
Anthropic accuses Chinese labs of trying to illicitly take Claude’s capabilities
It poses a national security threat, the AI startup said, such as by possibly enabling offensive cyber operations. First seen on cyberscoop.com Jump to article: cyberscoop.com/anthropic-accuses-chinese-labs-ai-distillation-cyber-risk/
-
NDSS 2025 Generating API Specifications For Bug Detection Via Specification Propagation Analysis
Session 13B: API Security Authors, Creators & Presenters: Miaoqian Lin (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi…
-
Forescout Partners with E-ISAC to Bring Threat Intelligence and Research to North American Utilities
Forescout Technologies has joined the Electricity Information Sharing and Analysis Center Vendor Affiliate Program, a move that will expand the sharing of threat intelligence with utilities and government partners working to protect North America’s power grid. The program is run by the Electricity Information Sharing and Analysis Center(E-ISAC), which operates under the North American Electric…
-
AWS Threat Intel Finds 600+ FortiGate Devices Hit
AWS Threat Intel found AI was used to hack 600+ FortiGate devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/aws-threat-intel-finds-600-fortigate-devices-hit/
-
Ad tech firm Optimizely confirms data breach after vishing attack
New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ad-tech-firm-optimizely-confirms-data-breach-after-vishing-attack/
-
Russian-speaking hackers used gen AI tools to compromise 600 firewalls, Amazon says
A Russian-speaking threat actor used commercial generative artificial intelligence tools to help compromise more than 600 FortiGate firewall devices across more than 55 countries earlier this year, researchers have found. First seen on therecord.media Jump to article: therecord.media/gen-ai-fortigate-hackers-russia
-
AI helps novice threat actor compromise FortiGate devices in dozens of countries
Generative AI tools analyzed target networks and wrote exploit code, giving an opportunistic attacker an outsized impact, according to a new Amazon report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-cyberattacks-fortigate-amazon/812830/
-
AI Let ‘Unsophisticated’ Hacker Breach 600 Fortinet Firewalls, AWS Says, As AI Lowers ‘The Barrier’ For Threat Actors
Hackers use AI, GenAI and LLMs to breach Fortinet FortiGate firewalls as cybersecurity and threat actors leverage AI for cyber-attacks, AWS report finds. First seen on crn.com Jump to article: www.crn.com/news/security/2026/ai-let-unsophisticated-hacker-breach-600-fortinet-firewalls-aws-says-as-ai-lowers-the-barrier-for-threat-actors
-
Connected & Compromised: When IoT Devices Turn Into Threats
Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things’ attack surfaces more dangerous. First seen on darkreading.com Jump to article: www.darkreading.com/iot/connected-compromised-iot-devices-turn-threats
-
2025: The Untold Stories of Check Point Research
Tags: threatntroduction Check Point Research (CPR) continuously tracks threats, following the clues that lead to major players and incidents in the threat landscape. Whether it’s high-end financially-motivated campaigns or state-sponsored activity, our focus is to figure out what the threat is, report our findings to the relevant parties, and make sure Check Point customers stay protected.…
-
GrayCharlie Hacks WordPress Sites, Spreads NetSupport RAT and Stealc Malware
GrayCharlie is abusing compromised WordPress sites to silently load malicious JavaScript that pushes NetSupport RAT, often followed by Stealc and SectopRAT, via fake browser updates and ClickFix lures. Insikt Group tracks GrayCharlie as a financially motivated threat actor overlapping with SmartApeSG, active since mid”‘2023, and specializing in turning legitimate WordPress sites into malware-delivery points. The…
-
Phishing-Kampagne umgeht Multi-Faktor-Authentifizierung von Microsoft 365
KnowBe4 Threat Labs hat eine komplexe Phishing-Kampagne entdeckt, die auf US-amerikanische Unternehmen und Fachkräfte abzielt. Die Angriffe kompromittieren Microsoft-365-Konten (Outlook, Teams, Onedrive), indem sie den OAuth-2.0-Geräteautorisierungsfluss missbrauchen und dadurch selbst starke Passwörter und Multi-Faktor-Authentifizierung (MFA) überlisten. Das Opfer wird auf das legitime Microsoft-Portal ‘https://microsoft.com/devicelogin” weitergeleitet, um einen vom Angreifer bereitgestellten Gerätecode einzugeben. Durch die Eingabe…
-
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products
Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is being used to conduct a wide…