Tag: threat
-
Blue Teaming Construction Insights from 2025 Threat Landscape Observations
In 2025, AI has evolved from being a tool that merely enhances the efficiency of attacks to becoming an integral component embedded within the execution phase of cyber operations. In the future, AI may even emerge as a pivotal enabler for attack activities. During the initial attack phase, AI technology has significantly reduced the difficulty of…The…
-
Sicherheitslücken exponieren Unternehmen: KI-gesteuerte Angriffe nehmen zu
IBM hat den 2026 X-Force Threat Intelligence Index veröffentlicht, aus dem hervorgeht, dass Cyberkriminelle grundlegende Sicherheitslücken in dramatisch höherem Maße ausnutzen, was nun durch KI-Tools beschleunigt wird, mit denen Angreifer Schwachstellen schneller als je zuvor identifizieren können [1]. IBM X-Force beobachtete einen Anstieg von 44 % bei Angriffen, die mit der Ausnutzung öffentlich zugänglicher Anwendungen……
-
Android RAT SURXRAT Grants Hackers Full Device Control and Data Exfiltration
SURXRAT is an actively developed Android Remote Access Trojan (RAT) sold as a commercial malware-as-a-service (MaaS) on Telegram, giving attackers full device control and powerful data”‘stealing capabilities. It combines large”‘scale affiliate distribution, cloud”‘hosted command”‘and”‘control, and even experimental AI modules, making it a serious and evolving threat for Android users. The Indonesian operator runs a channel…
-
Threat Actors Exploit Apache ActiveMQ Vulnerability to Gain RDP Access, Deploy LockBit Ransomware
Threat actors recently abused a critical Apache ActiveMQ vulnerability to gain deep access to a Windows environment, eventually deploying LockBit ransomware over RDP. The attack shows how failing to patch CVE-2023-46604 can give adversaries repeat access and time to turn an initial foothold into full-domain impact. The exploit loaded a malicious Java Spring bean configuration XML file,…
-
Threat intelligence supply chain is full of weak links, researchers find
And they’re being stressed by geopolitical concerns that threaten to slow important data-sharing efforts First seen on theregister.com Jump to article: www.theregister.com/2026/02/25/threat_intelligence_supply_chain_research/
-
OAuth Vulnerabilities in Entra ID Could Exploit ChatGPT to Breach User Email Accounts
OAuth consent attacks in Microsoft Entra ID are giving threat actors a stealthy path to cloud email, and even trusted apps like ChatGPT can become a vehicle if permissions are abused. In this hypothetical case, a user in an Entra ID tenant adds the legitimate ChatGPT service principal and grants it Microsoft Graph OAuth permissions,…
-
Microsoft Alerts Developers of Malicious Next.js Repositories Used in Ongoing Hacker Attacks
Microsoft has warned that threat actors are weaponizing malicious Next.js repositories to compromise developers through what appear to be legitimate projects and recruiting”‘style technical assessments. The campaign abuses normal workflows in Visual Studio Code and Node.js to reach a staged command”‘and”‘control (C2) backdoor without relying on traditional malware installers. Attackers publish repositories that appear to…
-
Treasury sanctions Russian zero-day broker accused of buying exploits stolen from U.S. defense contractor
The U.S. Treasury announced it was imposing sanctions against a Russian broker of zero-day exploits, its founder and two affiliates, citing a threat to U.S. national security. Another affiliated zero-day broker in the United Arab Emirates was also sanctioned. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/24/treasury-sanctions-russian-zero-day-broker-accused-of-buying-exploits-stolen-from-u-s-defense-contractor/
-
Threat groups move at record speeds, as AI helps scale attacks
A report by CrowdStrike shows cybercrime groups are outpacing security teams and increasingly abusing legitimate tools. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-groups-record-speeds-ai-attacks/812965/
-
Threat groups moving at record speeds, as AI helps scale attacks
A report by CrowdStrike shows cybercrime groups are outpacing security teams and increasingly abusing legitimate tools. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-groups-record-speeds-ai-attacks/812965/
-
Forescout Launches VistaroAI to Help Security Teams Cut Through AI Hype and Act Faster on Real Threats
Forescout Technologies has today introduced Forescout VistaroAI, a new agentic AI capability designed to help security teams prioritize risks, reduce investigation time, and respond faster to cyber threats. Unlike traditional AI assistants that rely on prompts or chatbot interfaces, VistaroAI is built around pre-programmed security skills and role-based workflows. The system continuously analyzes changes across…
-
North Korean Hackers Continue to Target US Healthcare
Tags: attack, extortion, group, hacker, healthcare, intelligence, lazarus, north-korea, ransomware, threatReport: Lazarus Group Pivoting to Medusa Ransomware for Extortion Attacks. North Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report. First seen on govinfosecurity.com…
-
Threat Actors Exploit Weaponized AI to Seize Full Domain Access in Under 30 Minutes
Threat actors are rapidly weaponizing artificial intelligence to move from initial access to full domain compromise in under half an hour, leaving defenders with almost no room for error or delay. As enterprises adopt AI across development, identity, and cloud workflows, adversaries are abusing the same tools to script lateral movement, automate reconnaissance, and scale…
-
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
Tags: attack, group, healthcare, intelligence, korea, lazarus, middle-east, north-korea, ransomware, threatThe North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team.Broadcom’s threat intelligence division said it also identified the same threat actors mounting an unsuccessful…
-
North Korean Lazarus group linked to Medusa ransomware attacks
North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-group-linked-to-medusa-ransomware-attacks/
-
AI Arms Race Shrinks Breakout Time to 29 Minutes as Adversaries Turn GenAI on the Enterprise
Artificial intelligence is no longer just a defensive tool; it is now a core accelerant for cybercriminals and nation-state actors alike. That is the central message from CrowdStrike’s newly released 2026 Global Threat Report, which paints 2025 as the “year of the evasive adversary”, defined by speed, identity abuse and direct attacks on AI systems…
-
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities.The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week.”The group used several First seen…
-
AI-powered Cyber-Attacks Up Significantly in the Last Year, Warns CrowdStrike
CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-powered-cyberattacks-up/
-
Model Inversion Attacks: Growing AI Business Risk
In an era where artificial intelligence (AI) and machine learning (ML) are driving unprecedented innovation and efficiency, a new class of cyber threats has emerged that puts sensitive data and entire business operations at serious risk. Among these threats, model inversion attacks have become particularly concerning for organizations that rely on machine learning models trained……
-
It’s time to rethink CISO reporting lines
Tags: ai, business, ceo, cio, ciso, control, cyber, data, governance, infrastructure, jobs, risk, threat, vulnerabilityWhat’s in a reporting line?: Aaron Painter, CEO of security vendor Nametag, contends that reporting structures often mean less than the respect the CISO is granted.Painter is “less dogmatic about where the CISO reports and more focused on whether they actually have a seat at the table,” he says.”Org charts matter far less than influence,”…
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Why SOCs are moving toward autonomous security operations in 2026
The modern security operations center faces a crisis of scale that human effort cannot fix. With alert volumes exponentially growing and threat actors automating their … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/socs-autonomous-security-operations-strategies/
-
ClickFix Infostealer Spreads via Fake CAPTCHA Traps, Targeting Unsuspecting Users
A new wave of the ClickFix Infostealer campaign that abuses fake CAPTCHA pages to deliver credential-stealing malware. Initially detected through late-stage Endpoint Detection and Response (EDR) alerts, the campaign shows strong similarities to the ClickFix operation targeting restaurant reservation systems in July 2025, as highlighted in BlueVoyant’s earlier research. Further correlation with recent threat telemetry suggests that this campaign…
-
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerabilityRecommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
-
Can Agentic AI operate independently in managing machine identities
What Is the Role of Agentic AI in Managing Machine Identities? How can organizations enhance their security measures where teeming with sophisticated cybersecurity threats? The answer may be in evolving role of Agentic AI, particularly in managing machine identities. With the rise of cloud technologies and automated systems, machine identities”, often seen as Non-Human Identities…
-
Data Breaches in 2026: What’s old, what’s new?
Data breaches in 2026 explained, new cyber threats, AI driven attacks, common breach causes, and practical security strategies for individuals and businesses First seen on hackread.com Jump to article: hackread.com/data-breaches-2026-whats-old-whats-new/
-
Anthropic accuses Chinese labs of trying to illicitly take Claude’s capabilities
It poses a national security threat, the AI startup said, such as by possibly enabling offensive cyber operations. First seen on cyberscoop.com Jump to article: cyberscoop.com/anthropic-accuses-chinese-labs-ai-distillation-cyber-risk/
-
Iran’s MuddyWater Targets Orgs With Fresh Malware as Tensions Mount
The long-active Iranian threat group debuted various attack strains and payloads in attacks against organizations in the Middle East and Africa. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iran-muddywater-new-malware-tensions-mount