Tag: threat
-
Protests Don’t Impede Iranian Spying on Expats, Syrians, Israelis
Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iran-spies-expats-syrians-israelis
-
Threat Actors Exploiting NGINX Servers to Redirect Web Traffic to Malicious Sites
A new cyber campaign where attackers are hijacking web servers to redirect visitors to malicious websites . The campaign targets NGINX, a popular web server software, and specifically focuses on servers using the Baota (BT) management panel. The attackers, linked to previous >>React2Shell<< activity, modify the server's configuration files to secretly intercept traffic . How…
-
Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure.Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX First seen…
-
Hackers Exploit React2Shell to Hijack Web Traffic via Compromised NGINX Servers
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure.Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX First seen…
-
Admin-Zugriff in nur 8 Minuten: KI-gestützte Cyberangriffe auf AWS
Das Sysdig Threat Research Team (TRT) hat Ende November 2025 einen besonders schnellen und komplexen Angriff auf eine AWS-Umgebung aufgedeckt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ki-gestuetzte-cyberangriffe-auf-aws
-
Microsoft to Integrate Sysmon Threat Detection Natively into Windows 11
Microsoft has officially begun rolling out native System Monitor (Sysmon) functionality to Windows 11, marking a significant shift for threat hunters and security operations centers (SOCs). Released via the Windows 11 Insider Preview Build 26300.7733 (Dev Channel) on February 3, 2026, this update embeds the popular Sysinternals tool directly into the operating system’s optional features.…
-
Hackers compromise NGINX servers to redirect user traffic
A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker’s backend infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-compromise-nginx-servers-to-redirect-user-traffic/
-
When Documents Become the Attack Vector: Inside APT28’s Latest Microsoft Office Exploit
Email attachments remain one of the most trusted entry points into enterprise environments. Despite years of awareness training and secure email gateways, attackers continue to rely on documents because they blend seamlessly into everyday workflows. New reporting from The Hacker News details how APT28, a Russia-linked threat actor, is actively exploiting a newly disclosed Microsoft…
-
ACFW firewall test prologue still failing at the basics
The results of our soon-to-be-published Advanced Cloud Firewall (ACFW) test are hard to ignore. Some vendors are failing badly at the basics like SQL injection, command injection, Server-Side Request Forgery (SSRF) and API abuse with block percentages under 20%, sometimes way under. Those are just the application-based threats, never mind the vulnerability-based attacks. While it’s……
-
Managed SaaS Threat Detection – AppOmni Scout
AppOmni Scout Managed Threat Detection Service Expertise to detect SaaS and AI threats and protect your critical data SaaS and AI threat detection led by threat experts Security teams don’t have the resources for timely detection to protect critical data and employees from threats. Monitoring SaaS and AI is complex, time-intensive, and results in… First…
-
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of “disciplined tradecraft and clever abuse of legitimate system features” to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT.”The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory First…
-
React2Shell exploitation undergoes significant change in threat activity
Researchers see a sudden consolidation of source IPs since late January. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/react2shell-exploitation-threat-activity/811359/
-
AI-Driven Attack Gains AWS Admin Privileges in Under 10 Minutes
Threat actors get AWS Admin access in under 10 minutes. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ai-driven-attack-gains-aws-admin-privileges-in-under-10-minutes/
-
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud On-Prem)
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways Two novel vulnerabilities: Tenable Research discovered a remote code execution (RCE) chain via…
-
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025.Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia, First…
-
Research: Predator spyware can turn off Apple indicators showing when microphone, camera are in use
The new research from Jamf Threat Labs demonstrates how Predator spyware can stay hidden on targeted phones by “intercepting sensor activity” to hide the indicators. First seen on therecord.media Jump to article: therecord.media/predator-spyware-iphone-camera-microphone-indicators
-
OT attacks surge as threat actors embrace cloud and AI, warns Forescout
Cyberattacks targeting operational technology (OT) environments rose sharply in 2025, according to new research from Forescout, highlighting growing risks to critical infrastructure as attackers adapt to cloud services, AI platforms and increasingly distributed attack infrastructure. Forescout’s 2025 Threat Roundup Report, produced by its research arm Vedere Labs, analysed more than 900 million cyberattacks observed globally…
-
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
Tags: attack, china, cyberespionage, espionage, exploit, flaw, government, group, law, threat, vulnerabilityA new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-amaranth-dragon-cyberespionage-group-exploits-winrar-flaw/
-
New AI-Powered Threat Allows Hackers to Gain AWS Admin Access in Minutes
A highly sophisticated offensive cloud operation targeting an AWS environment.The attack was notable for its extreme speed taking less than 10 minutes to go from initial entry to full administrative control and its heavy reliance on AI automation. The threat actor initiated the attack by discovering valid credentials left exposed in public Simple Storage Service…
-
PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users
A new threat called PhantomVAI, a custom >>loader<>RunPE<<. This loader […] The post PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/phantomvai-custom-loader/
-
KI-gestützte Cloud-Attacke verschafft Admin-Zugang in Rekordzeit
Am 28. November 2025 beobachtete das Sysdig Threat Research Team (TRT) eine offensive Cloud-Operation, die auf eine AWS-Umgebung abzielte und bei der die Angreifer in weniger als zehn Minuten vom ersten Zugriff zu Administratorrechten gelangten. Der Angriff zeichnete sich nicht nur durch seine Geschwindigkeit aus, sondern auch durch mehrere Indikatoren, die darauf hindeuten, dass die…
-
Hackers Exfiltrate NTDS.dit File, Gain Full Control of Active Directory Environments
Active Directory serves as the central repository for an organization’s authentication infrastructure, making it a prime target for sophisticated threat actors. The NTDS.dit database, which stores encrypted password hashes and critical domain configuration data, is the crown jewel of enterprise security. Successful acquisition of this file can lead to complete organizational compromise, enabling attackers to…
-
Threat Actors Conduct Widespread Scanning for Exposed Citrix NetScaler Login Pages
A coordinated reconnaissance campaign targeting Citrix ADC (NetScaler) Gateway infrastructure worldwide. The operation used over 63,000 residential proxy IPs and AWS cloud infrastructure to map login panels and enumerate software versions, a clear indicator of pre-exploitation preparation. The scanning activity generated 111,834 sessions from more than 63,000 unique IP addresses, with 79% of traffic specifically…
-
ValleyRAT Masquerades as LINE Installer to Target Users and Harvest Login Credentials
A malware campaign where cybercriminals distribute a fake LINE messenger installer that secretly deploys the ValleyRAT malware to steal credentials and evade detection. Since early 2025, threat actors have increasingly used fraudulent software installers to deliver malware. This campaign shares techniques with previously discovered LetsVPN-themed attacks, including task-scheduler persistence, PowerShell-based evasion, and C2 communications via Hong Kong servers. Cybereason GSOC performed…
-
Microsoft and Google Platforms Abused in New Enterprise Cyberattacks
A dangerous shift in phishing tactics, with threat actors increasingly hosting malicious infrastructure on trusted cloud platforms like Microsoft Azure, Google Firebase, and AWS CloudFront. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks leverage legitimate cloud services to bypass security defenses and target enterprise users globally. When malicious content is…
-
Navigating the AI Revolution in Cybersecurity: Risks, Rewards, and Evolving Roles
In the rapidly changing landscape of cybersecurity, AI agents present both opportunities and challenges. This article examines the findings from Darktrace’s 2026 State of AI Cybersecurity Report, highlighting the benefits of AI in enhancing security measures while addressing concerns regarding AI-driven threats and the need for responsible governance. First seen on securityboulevard.com Jump to article:…
-
Global Threat Map: Open-source real-time situational awareness platform
Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/04/global-threat-map-open-source-osint/
-
How Secure by Design helps developers build secure software
Security isn’t just a feature, it’s a foundation. As cyber threats grow more sophisticated and regulations tighten, developers are being asked to do more than just write clean … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/04/cis-secure-software-design-guide/
-
Shadow DNS Operation Abuses Compromised Routers to Manipulate Internet Traffic
A sophisticated shadow DNS network that hijacks internet traffic by compromising home and business routers. The operation, active since mid-2022, manipulates DNS resolution through malicious resolvers hosted by Aeza International (AS210644), a bulletproof hosting provider sanctioned by the U.S. Treasury Department in July 2025. The threat campaign targets older router models, modifying their DNS configuration…
-
Hackers Actively Exploit React Native Metro Server to Target Software Developers
Threat actors are exploiting a critical remote code execution vulnerability in React Native’s Metro development server to deploy sophisticated malware payloads targeting software developers worldwide. The vulnerability, tracked as CVE-2025-11953 and nicknamed >>Metro4Shell,<< allows unauthenticated attackers to execute arbitrary operating system commands on developer machines through a simple crafted HTTP request. Vulnerability Overview CVE-2025-11953 carries a critical…