Tag: threat
-
Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
A previously undocumented set of 23 iOS exploits named “Coruna” has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/spyware-grade-coruna-ios-exploit-kit-now-used-in-crypto-theft-attacks/
-
Hacker mass-mails HungerRush extortion emails to restaurant patrons
Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/
-
How Threat Actors Turned OpenClaw Into a Scraping Botnet
How did OpenClaw become botnet infrastructure so quickly? DataDome analyzes the hijacked AI agents scraping sites at scale and how we detect them. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/how-threat-actors-turned-openclaw-into-a-scraping-botnet/
-
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion.”The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, driving nearly 70% of all attack activity between February 28 and March 2,” Radware said…
-
Iranian-U.S./Israeli Hostilities Lead to Increased Threat Landscape
Tags: attack, credentials, cyber, data-breach, disinformation, espionage, exploit, intelligence, iran, phishing, risk, theft, threatOverview Iranian”‘aligned cyber actors pose an elevated near”‘term risk due to their history of espionage, credential theft, disruptive attacks, and high”‘visibility “hacktivist” and disinformation operations, often targeting U.S. and allied interests through phishing, exploitation of exposed systems, and social manipulation. Given the current active hostilities between Iran and the U.S./Israeli-led coalition, threat intelligence indicates activity”¦…
-
Iran-nexus hackers target flaws in surveillance cameras
The threat activity echoes prior exploitation during the Israeli war with Hamas, a precursor to attacks against critical sectors in the U.S. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-hackers-target-flaws-ip-cameras/813795/
-
Wenn Phishing zur ‘PlugPlay”-Dienstleistung wird: Das Kratos-Kit im Blick
Die KnowBe4 Threat Labs haben Anfang 2026 ein Phishing-as-a-Service-Kit namens Kratos aufgespürt. Eine Plattform, die selbst technisch weniger versierten Angreifern ermöglicht, hochkomplexe, internationale Phishing-Kampagnen aufzusetzen schnell, skalierbar und erschreckend professionell. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-phishing-zur-plug-and-play-dienstleistung-wird-das-kratos-kit-im-blick/a43945/
-
Wenn Phishing zur ‘PlugPlay”-Dienstleistung wird: Das Kratos-Kit im Blick
Die KnowBe4 Threat Labs haben Anfang 2026 ein Phishing-as-a-Service-Kit namens Kratos aufgespürt. Eine Plattform, die selbst technisch weniger versierten Angreifern ermöglicht, hochkomplexe, internationale Phishing-Kampagnen aufzusetzen schnell, skalierbar und erschreckend professionell. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-phishing-zur-plug-and-play-dienstleistung-wird-das-kratos-kit-im-blick/a43945/
-
Crowdstrike 2026 Global Threat Report: 3 Key Learnings for Identity Security
First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/crowdstrike-2026-global-threat-report-3-key-learnings-for-identity-security/
-
Iranian cyberattacks fail to materialize but threat remains acute
Tags: ai, application-security, attack, ceo, control, country, cyber, cyberattack, cybercrime, cybersecurity, defense, endpoint, finance, government, group, healthcare, infrastructure, intelligence, Internet, iran, malware, mfa, monitoring, phishing, risk, service, supply-chain, technology, threat, tool, update, vpnTargeting and response: According to Adrian Cheek, a senior cybercrime researcher at Canadian threat intelligence company Flare, the most at-risk sectors are critical infrastructure, including the defense and government supply chain, financial services, energy, and healthcare.”Water, energy, and healthcare sectors are currently the most exposed. These sectors combine high targeting priority with weak baseline security,…
-
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 1317.2.1
Google said it identified a “new and powerful” exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1.The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. It’s not effective against the latest version of iOS. The…
-
Indian APT ‘Sloppy Lemming’ Targets Defense, Critical Infrastructure
India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/india-apt-sloppy-lemming-defense-critical-infrastructure
-
New Threat Report: AI Accelerates High-Velocity Cyber Attacks
Cyberattacks are shifting from “breaking in” to simply “logging in,” with AI now automating high-speed operations that overwhelm human defenders. Cloudforce One describes MOE as a cold ratio of effort to operational outcome, and modern threat actors are optimizing every stage of their campaigns around it. Instead of burning expensive zero-days, attackers prefer cheap, scalable…
-
Shadow AI vs Managed AI: What’s the Difference? FireTail Blog
Tags: access, ai, api, attack, breach, chatgpt, ciso, cloud, computer, control, credentials, credit-card, data, data-breach, framework, google, injection, intelligence, Internet, law, LLM, malicious, mitre, monitoring, network, password, phishing, phone, risk, software, switch, threat, tool, training, vulnerabilityMar 04, 2026 – – Quick Facts: Shadow AI vs. Managed AIShadow AI is a visibility gap: It refers to any AI tool used by employees that the IT department doesn’t know about. Most companies have 10x more AI tools in use than they realize.Managed AI is a “Paved Path”: It uses approved, secure versions…
-
Iranian APT Groups Intensify Cyberattacks on Critical Infrastructure Amid Rising Geopolitical Tensions
A dramatic escalation in Middle Eastern tensions began last week with Operation Lion’s Roar, a joint U.S.-Israeli military strike on Iranian nuclear and military sites. Iran retaliated with missiles and drones, disrupting energy, air travel, and diplomatic stability across the Gulf. Amid this kinetic conflict, Iranian state-affiliated advanced persistent threats (APTs) have ramped up cyber…
-
AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks
Ransomware operators are increasingly abusing Microsoft’s trusted Azure data transfer utility, AzCopy, to quietly exfiltrate sensitive data before encryption, turning a routine cloud migration tool into a stealthy theft channel. Instead of relying on obviously malicious tools like Rclone or MegaSync, threat actors are pivoting to native, administrator-approved cloud utilities to blend into normal IT…
-
Von Vibe Hacking bis hin zu Flat-Pack-Malware
HP hat seinen aktuellen Threat Insights Report veröffentlicht und zeigt, wie künstliche Intelligenz zunehmend von Angreifern genutzt wird, um Cyberangriffe schneller, kostengünstiger und effizienter durchzuführen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/vibe-hacking-flat-pack-malware
-
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024.”Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments,” Check Point said…
-
LexisNexis Faces Data Breach After 2.04 GB of Data Allegedly Stolen
A threat actor known as FulcrumSec has claimed responsibility for a data breach at LexisNexis Legal & Professional, the legal information division of RELX Group. The actor alleges they have stolen 2.04 GB of structured data from the company’s Amazon Web Services (AWS) cloud infrastructure. The incident highlights significant security flaws, particularly concerning access controls…
-
How to know you’re a real-deal CSO, and whether that job opening truly seeks one
Tags: access, ai, breach, business, communications, compliance, control, cyber, data, data-breach, finance, framework, governance, incident response, infosec, insurance, jobs, metric, privacy, radius, risk, skills, strategy, threat, training, vulnerabilityStriking the right balance of experience and responsibility: Mark G. McCreary, partner and chief AI and IT security officer at Boston-based legal firm Fox Rothschild LLP, has seen both extremes: security being completely sidelined and security professionals given excessive, unjustified authority.In some firms, a newly appointed CSO might be positioned as a gatekeeper without the…
-
Microsoft Alerts Customers to New Phishing Attack Exploiting OAuth in Entra ID to Bypass Detection
Tags: attack, authentication, credentials, cyber, detection, exploit, google, government, microsoft, phishing, software, threat, vulnerabilityMicrosoft recently uncovered sophisticated phishing campaigns that exploit the by-design redirection mechanisms of the OAuth 2.0 protocol. Threat actors are targeting government and public-sector organizations by manipulating legitimate authentication flows in Microsoft Entra ID and Google Workspace. Rather than exploiting traditional software vulnerabilities or stealing credentials directly, this campaign abuses trusted protocol behavior to bypass…
-
Künstliche Intelligenz macht Angreifer schneller und transformiert die Angriffsfläche
KI-gestützte Angriffe stiegen um 89 %. Breakout-Time sinkt auf 29 Minuten. KI-Tools und Entwicklungsplattformen werden aktiv ausgenutzt. Der Global Threat Report 2026 von CrowdStrike zeigt, wie künstliche Intelligenz das Tempo der Angreifer beschleunigt und die Angriffsfläche von Unternehmen vergrößert. Zudem ist die durchschnittliche E-Crime-Breakout-Time also die Zeit, die ein Angreifer benötigt, um sich… First seen…
-
Thousands of iPhones Compromised in Massive Hack via Coruna Exploit Kit with 23 Vulnerabilities
Security researchers from the Google Threat Intelligence Group (GTIG) have uncovered >>Coruna,<< a highly sophisticated iOS exploit kit responsible for compromising thousands of iPhones. Targeting iOS versions 13.0 through 17.2.1, the framework contains five complete exploit chains leveraging a staggering 23 vulnerabilities. What began as a tool for a commercial surveillance vendor in early 2025…
-
Post-Quantum Cryptographic Agility for Distributed AI Inference Architectures
Learn how to implement post-quantum cryptographic agility for distributed AI inference and MCP servers. Protect AI infrastructure from quantum threats with modular security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/post-quantum-cryptographic-agility-for-distributed-ai-inference-architectures/
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…