Tag: threat
-
Webinar: Why business email compromise attacks keep succeeding
Business email compromise attacks increasingly rely on convincing impersonation rather than malware, making them harder for employees and traditional email defenses to detect. This webinar explores how behavioral AI can help identify sophisticated email threats and automate response workflows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-why-business-email-compromise-attacks-keep-succeeding/
-
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025.Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the…
-
Langflow RCE Vulnerability Exploited to Deploy Monero Cryptominer on Exposed AI Servers
Tags: ai, cve, cyber, data-breach, exploit, Internet, rce, remote-code-execution, tactics, threat, vulnerabilityThreat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution (RCE) vulnerability in Langflow, to compromise internet-exposed AI application servers and silently deploy a customized Monero (XMR) cryptominer. Tracked and documented by Trend Micro researchers Simon Dulude and John Zhang, the campaign marks a significant pivot in commodity cryptominer delivery tactics, from traditional…
-
FBI and CISA Warn Russian Hackers Stealing Verification Codes and Account PINs From Signal Users
U.S. cybersecurity authorities have issued a new warning about Russian intelligence-linked threat actors targeting secure messaging platforms, specifically highlighting the increased risk for Signal users. These threat actors are employing sophisticated phishing campaigns designed to steal verification codes and account PINs. In a joint Public Service Announcement (PSA) published on June 26, 2026, the Cybersecurity…
-
Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts
Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud.The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat…
-
AI-Generated Mythic Agents Challenge Static Signatures and Traditional Implant Detection
The emergence of LLM-driven >>disposable tooling<< is reshaping offensive tradecraft and forcing defenders to rethink detection models that rely on static signatures and known implant behaviors. Recent experiments demonstrating the automated generation of Mythic agents from prompt to deployment reveal a new threat class: ephemeral, single-use implants tailor-made by large language models and orchestration harnesses.…
-
Microsoft 365 Apps RCE Vulnerability Lets Attackers Execute Code via Malicious Excel Files
A newly disclosed remote code execution (RCE) vulnerability in Microsoft 365 Apps is raising concerns in enterprise environments. Attackers can exploit malicious Excel documents to execute arbitrary code on target systems. This vulnerability, tracked as CVE-2025-60727, arises from an out-of-bounds read condition (CWE-125) in Microsoft Excel’s file-parsing mechanism, allowing threat actors to trigger memory corruption…
-
DOJ Seizes Nearly 400 Domains Used for Illegal World Cup Streaming and Malware Threats
The U.S. Department of Justice (DOJ) has announced the seizure of nearly 400 internet domains used to stream FIFA World Cup 2026 matches illegally. This operation represents one of the largest coordinated anti-piracy enforcement actions related to a global sporting event. Conducted under the title “Operation Offsides,” it targeted websites that were distributing real-time broadcasts…
-
DOJ Seizes Nearly 400 Domains Used for Illegal World Cup Streaming and Malware Threats
The U.S. Department of Justice (DOJ) has announced the seizure of nearly 400 internet domains used to stream FIFA World Cup 2026 matches illegally. This operation represents one of the largest coordinated anti-piracy enforcement actions related to a global sporting event. Conducted under the title “Operation Offsides,” it targeted websites that were distributing real-time broadcasts…
-
Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-breach-exposes-up-to-142-million-email-logins-at-six-isps/
-
Hospitality Sector Hit by Phishing Campaign Using Fake Guest Complaint Emails
Microsoft warns of a phishing campaign targeting the hospitality sector with fake guest emails that install TonRAT using resilient persistence. Microsoft Threat Intelligence published a detailed analysis on an ongoing hacking campaign against hospitality organizations that has been running since April 2026. The targets are specific: device names observed across compromised environments include strings like…
-
Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/third-party-breaches-teaches-education-lesson-vendor-risk
-
Chinese APT CL1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware
Chinese-speaking APT CL-STA-1062 targeted Southeast Asian government and energy networks open-source tools, and a new TinyRCT backdoor. Palo Alto Networks Unit 42 researchers published a detailed report on a Chinese-speaking threat actor, tracked as CL-STA-1062, that has been running persistent operations across East Asia since at least March 2022 and shifted focus to Southeast Asian…
-
Cybersecurity firms targeted by fraudulent OpenAI organization invites
Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites/
-
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast Asia.The activity, particularly aimed at state-owned enterprises in the energy and government sectors, has been attributed to a threat actor called CL-STA-1062, which Palo…
-
Turla group adds more malware to Russia’s espionage efforts against Ukraine
Threat intelligence researchers at Google described StockStay, the latest malware developed by the Russian cyber-espionage group known as Turla. First seen on therecord.media Jump to article: therecord.media/russia-turla-espionage-ukraine-stockstay-malware
-
Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant
An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says.The company has not attributed the activity to a known threat actor, and the operators’ end goal is still unclear.The lure…
-
China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT Backdoor
A China-linked threat group has been targeting critical infrastructure in Southeast Asia with a new custom backdoor called TinyRCT First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-hackers-asian-cni-backdoor/
-
The Cyber Express Weekly Roundup: Five Eyes AI Warning, KDDI Data Breach, Garfield AI Legal Milestone, and Iranian Hacker Arrest
Tags: ai, automation, breach, cyber, cybersecurity, data, data-breach, hacker, infrastructure, intelligence, international, iran, risk, service, threatThis week’s weekly roundup of cybersecurity developments highlights a rapid shift in global cyber risk conditions driven by artificial intelligence acceleration, large-scale data breaches, and expanding international enforcement actions. Across infrastructure, enterprise systems, public services, and regulated AI applications, organizations are increasingly exposed to faster-moving threats where traditional security assumptions are being challenged by automation…
-
The Cyber Express Weekly Roundup: Five Eyes AI Warning, KDDI Data Breach, Garfield AI Legal Milestone, and Iranian Hacker Arrest
Tags: ai, automation, breach, cyber, cybersecurity, data, data-breach, hacker, infrastructure, intelligence, international, iran, risk, service, threatThis week’s weekly roundup of cybersecurity developments highlights a rapid shift in global cyber risk conditions driven by artificial intelligence acceleration, large-scale data breaches, and expanding international enforcement actions. Across infrastructure, enterprise systems, public services, and regulated AI applications, organizations are increasingly exposed to faster-moving threats where traditional security assumptions are being challenged by automation…
-
Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy.Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (…
-
Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy.Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (…
-
CVE-2026-20245 Zero-Day Exploited in Cisco Catalyst SD-WAN Manager to Gain Root Access
A newly disclosed zero-day vulnerability, CVE-2026-20245, has been exploited by a threat actor targeting Cisco Catalyst SD-WAN Manager. By exploiting a flaw in the platform’s file to upload functionality, the threat actor escalated privileges from a compromised administrative account to root access and used extensive anti-forensic measures to erase evidence of the attack. First seen on thecyberexpress.com Jump to…
-
KuinaExtractor Stealer Targets Browser Data, Crypto Wallets, Roblox, Steam, and Discord
A previously undocumented Rust-based infostealer they call KuinaExtractor, a family that has evolved from a capable early prototype into a hardened, stealth-focused threat now rebranded as “k0to.” Analysis of dozens of samples and function-level code comparisons reveals a clear single-operator lineage, steady feature expansion, and deliberate moves toward concealment rather than new capabilities. The actor’s…
-
Chinese-Speaking Hackers Deploy TinyRCT Backdoor Against Critical Energy Infrastructure
A Chinese-speaking threat cluster tracked as CL-STA-1062 has deployed a newly discovered .NET backdoor, TinyRCT, in targeted campaigns against government and critical energy infrastructure across Southeast Asia during 2025. The recent campaign combines common open-source tooling with bespoke malware. Operators consistently leverage publicly available utilities SoftEther VPN for tunneling, VNT and yuze for covert command-and-control,…
-
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant.The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges First seen…
-
Introduction to COM usage by Windows threats
Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/introduction-to-com-usage-by-windows-threats/
-
Silent Push 6.0 expands preemptive threat intelligence for security teams
First seen on scworld.com Jump to article: www.scworld.com/brief/silent-push-6-0-expands-preemptive-threat-intelligence-for-security-teams
-
Stay ahead in the SOC: Contain threats with confidence and control
First seen on scworld.com Jump to article: www.scworld.com/resource/stay-ahead-in-the-soc-contain-threats-with-confidence-and-control

