Tag: threat
-
State actor targets 155 countries in ‘Shadow Campaigns’ espionage op
A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the “Shadow Campaigns,” where it targeted government infrastructure in 155 countries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/state-actor-targets-155-countries-in-shadow-campaigns-espionage-op/
-
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
Germany’s Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app.”The focus is on high-ranking…
-
Germany warns of Signal account hijacking targeting senior figures
Germany’s domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/germany-warns-of-signal-account-hijacking-targeting-senior-figures/
-
Attackers Used AI to Breach an AWS Environment in 8 Minutes
Threat actors using LLMs needed only eight minutes to move from initial access to full admin privileges in an attack on a company’s AWS cloud environment in the latest example of cybercriminals expanding their use of AI in their operations, Sysdig researchers said. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/attackers-used-ai-to-breach-an-aws-environment-in-8-minutes/
-
AI Threats, Botnets, and Cloud Exploits Define This Week’s Cyber Risks
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/ai-threats-botnets-and-cloud-exploits-define-this-weeks-cyber-risks/
-
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that’s operated by China-nexus threat actors since at least 2019.The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem to First seen…
-
Transparent Tribe Hacker Group Targets India’s Startup Ecosystem in Cyber Attack
A worrying shift in the tactics of >>Transparent Tribe,<< a notorious threat group also known as APT36. Historically focused on Indian government, defense, and educational sectors, the group has now expanded its scope to target India's growing startup ecosystem. This new campaign uses sophisticated lures themed around real startup founders to infect victims with the…
-
CISA gives federal agencies 18 months to purge unsupported edge devices
Tags: authentication, cisa, cyber, data, exploit, firmware, Hardware, infrastructure, monitoring, network, risk, risk-assessment, service, software, technology, threat, updateImplementation hurdles: Sunil Varkey, advisor at Beagle Security, warns of implementation complexities. “The operational reality of removing legacy systems is not straightforward,” Varkey said. “Legacy devices continue to exist not by design, but by necessity.”He pointed to orphaned systems that remain live and embedded in workflows but lack clear ownership, and operational technology environments where…
-
FvncBot Targets Android Users, Exploiting Accessibility Services for Attacks
A previously undocumented Android banking trojan dubbed >>FvncBot.<< First observed in late 2025, this sophisticated malware disguises itself as a security application from mBank, a major Polish financial institution. Unlike many recent threats that recycle code from leaked sources like Ermac or Hook, FvncBot appears to be a completely new creation, demonstrating that threat actors…
-
How Samsung Knox Helps Stop Your Network Security Breach
As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use of mobile devices in business operations necessitates network security measures that are specifically First seen…
-
KI als AWS-Angriffsturbo
Kriminelle Hacker haben ihre Angriffe auf AWS-Umgebungen mit KI beschleunigt.Forscher des Sicherheitsanbieters Sysdig haben einen Angriff aufgedeckt, bei dem kriminelle Angreifer eine AWS-Umgebung in weniger als acht Minuten vollständig kompromittieren konnten. Laut den Threat-Spezialisten nutzten die Bedrohungsakteure dabei eine Cloud-Fehlkonfiguration mit der Hilfe von Large Language Models (LLMs) aus, um den gesamten Angriffs-Lebenszyklus zu komprimieren…
-
APT27 Launches Stealthy Attacks on Corporate Networks, Evades Detection
A new, highly sophisticated cyberattack campaign that reveals how attackers are bypassing modern defenses to infiltrate corporate networks. The investigation points to a stealthy, multi-stage intrusion likely orchestrated by the threat group known as APT-Q-27, or >>GoldenEyeDog<<. The attack began with a common, everyday task: a customer support agent clicking a link in a support…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
Threat Group Running Espionage Operations Against Dozens of Governments
Unit 42 researchers say an Asian threat group behind what they call the Shadow Campaigns has targeted government agencies in 37 countries in a wide-ranging global cyberespionage campaign that has involved phishing attacks and the exploitation of a more than a dozen known vulnerabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/threat-group-running-espionage-operations-against-dozens-of-governments/
-
Attackers Use Legitimate Forensic Driver to Disable Endpoint Security, Huntress Warns
Tags: attack, cybercrime, endpoint, incident response, malicious, software, threat, tool, vulnerabilityCybercriminals are increasingly turning trusted software against defenders, according to new research from Huntress, which has uncovered a real-world attack in which threat actors used a legitimate but vulnerable driver to disable endpoint security tools before deploying further malicious activity. In a detailed incident response analysis, Huntress researchers observed attackers abusing an outdated EnCase forensic…
-
ShadowSyndicate Leverages Server Transition Technique in Latest Ransomware Attacks
ShadowSyndicate, a sophisticated cybercrime cluster first identified in 2023, has evolved its infrastructure management tactics by implementing a previously unreported server transition technique. This method involves rotating SSH fingerprints across multiple servers to obscure operational continuity. However, operational security (OPSEC) errors have allowed researchers to trace these connections.”‹ The threat actor orchestrates large server clusters…
-
Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends
The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of the month.”The threat actor stopped maintaining its…
-
The silent security gap in enterprise AI adoption
Tags: access, ai, api, backup, breach, business, cloud, compliance, computer, computing, control, credentials, cryptography, data, data-breach, encryption, exploit, finance, group, healthcare, infrastructure, malicious, risk, service, technology, threat, toolInfoWorld explains in its analysis of why AI is all about inference now.This shift has happened quickly. In many organizations, AI systems have moved from pilot projects to core infrastructure in less than two years. Yet security architectures have not evolved at the same pace. The result is a widening gap between where sensitive data…
-
LockBit 5.0 Unveils Cross-Platform Threats for Windows, Linux ESXi Systems
The inner workings of LockBit 5.0, a sophisticated ransomware variant targeting Windows, Linux, and VMware ESXi systems simultaneously. This latest version represents a significant evolution in the cyber threat landscape, demonstrating how ransomware operators are refining their tools to maximize damage across diverse enterprise environments. LockBit operates on a >>Ransomware-as-a-Service<< (RaaS) model, where a core…
-
China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025
China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-linked threat actors, tracked as Amaranth-Dragon, carried out cyber-espionage campaigns in 2025 targeting government and law enforcement agencies across Southeast Asia. The activity is linked to the APT41 ecosystem and affected countries including Thailand, Indonesia, Singapore, and…
-
DragonForce Ransomware Targets Critical Businesses to Exfiltrate Sensitive Data
DragonForce is a ransomware group that emerged in late 2023 and has grown into a serious threat to businesses by combining data theft with file encryption. The group uses dual extortion: it steals sensitive data, encrypts systems, and then threatens to publish the stolen information on dark web leak sites if victims do not pay.”‹…
-
Three clues that your LLM may be poisoned with a sleeper-agent back door
It’s a threat straight out of sci-fi, and fiendishly hard to detect First seen on theregister.com Jump to article: www.theregister.com/2026/02/05/llm_poisoned_how_to_tell/
-
Amaranth-Dragon Exploits WinRAR Vulnerability for Persistent Access to Victim Systems
A new cyber-espionage threat group dubbedAmaranth-Dragon. Active throughout 2025, this group has launched highly targeted attacks against government and law enforcement agencies across Southeast Asia. Evidence links Amaranth-Dragon to APT-41, a notorious Chinese state-sponsored hacking group, due to shared tools and operational time zones (UTC+8). The group creates attack campaigns based on local geopolitical events, such…
-
Protests Don’t Impede Iranian Spying on Expats, Syrians, Israelis
Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iran-spies-expats-syrians-israelis
-
Threat Actors Exploiting NGINX Servers to Redirect Web Traffic to Malicious Sites
A new cyber campaign where attackers are hijacking web servers to redirect visitors to malicious websites . The campaign targets NGINX, a popular web server software, and specifically focuses on servers using the Baota (BT) management panel. The attackers, linked to previous >>React2Shell<< activity, modify the server's configuration files to secretly intercept traffic . How…
-
Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure.Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX First seen…