114 articles
Microsoft tracks Storm-2755 'Payroll Pirate' using poisoned search results and AiTM phishing to hijack Canadian employee direct deposits. HR systems compromised.
US, UK, and Canadian law enforcement froze $12 million in stolen crypto and identified 20,000 victims of approval phishing scams in week-long crackdown.
FBI-led Operation Masquerade dismantled Russia's GRU-linked FrostArmada, which compromised 18,000+ routers to steal Microsoft 365 credentials via DNS hijacking.
Joint advisory AA26-097A details Iranian APT targeting Rockwell Allen-Bradley controllers across critical infrastructure. Attacks caused operational disruptions since March 2026.
Check Point tracks an Iran-nexus campaign targeting Microsoft 365 accounts across 300+ Israeli organizations and 25+ UAE entities. Attackers use Tor exit nodes and Israeli VPNs to evade detection.
Microsoft links China-based Storm-1175 to high-velocity Medusa ransomware attacks exploiting zero-day vulnerabilities. Healthcare, education, and finance sectors hit across Australia, UK, and US.
Unit 42 exposes Phantom Taurus, a Chinese APT targeting embassies and foreign ministries with fileless NET-STAR malware. The group resurfaces within hours after discovery.
FortiGuard Labs exposes DPRK campaign using LNK files and GitHub repositories for command-and-control against South Korean targets. 22 evasion techniques identified.
New research maps the infostealer lifecycle from infection to dark web sale. Microsoft Entra ID appears in 79% of 2.05 million credential logs analyzed in 2026.
Threat actor UAC-0255 sent 1 million phishing emails posing as CERT-UA to distribute the AGEWHEEZE remote access trojan targeting Ukrainian organizations.
Operation TrueChaos exploited CVE-2026-3502 in TrueConf video conferencing to deploy Havoc malware across Southeast Asian government networks.
China-linked APT embeds kernel-level backdoors in telecom infrastructure across Middle East and Asia. Rapid7 finds stealthy implants evading detection for years.
Bearlyfy has hit 70+ Russian companies since January 2025, now deploying custom GenieLocker ransomware. The group blends financial extortion with politically motivated sabotage.
EvilTokens phishing platform targets Microsoft 365 identities across US, Canada, Australia, New Zealand, and Germany. OAuth abuse bypasses MFA to steal access tokens.
Unit 42 uncovers phishing campaign distributing trojanized Israeli civil defense app. Malicious APK harvests location data, contacts, and messages from Android devices amid regional tensions.
FBI and CISA alert reveals Russian intelligence operatives have hijacked thousands of Signal and WhatsApp accounts belonging to US officials, military, and journalists through phishing attacks.
Pakistan-linked APT36 uses LLM coding tools to mass-produce malware variants in Nim, Zig, and Crystal, targeting Indian government and embassies.
New JavaScript backdoor targets Ukrainian entities using Microsoft Edge's debugging features for stealth. S2 Grupo links campaign to Laundry Bear threat group.
North Korean threat group Konni weaponizes KakaoTalk messaging app after compromising victims via spear-phishing. EndRAT, RftRAT deployed in multi-stage campaign.
Camaro Dragon weaponized missile strike lure documents to deploy PlugX backdoor against Qatari targets, exploiting Operation Epic Fury tensions for access.
North Korean APT37's Ruby Jumper campaign uses RESTLEAF, THUMBSBD, and FOOTWINE malware to exfiltrate data from isolated systems via USB drives.
Contagious Interview campaign weaponizes fake job interviews to deploy OtterCookie and FlexibleFerret malware. Targets crypto and AI developers for credentials.
Microsoft exposes Storm-2561 campaign using SEO manipulation to distribute fake Cisco, Fortinet, and Ivanti VPN clients that steal enterprise credentials.
China-linked UAT-9244 deploys TernDoor backdoor and peer-to-peer implants against telecom infrastructure across South America, North America, and Europe.
Iranian APT group breaches US critical infrastructure using novel Dindoor malware built on Deno runtime. Symantec links campaign to MOIS.
Year-long campaign delivers BlackSanta EDR killer through fake job applications. Malware disables endpoint security before deploying final payloads.
Russian GRU-linked APT28 deploys BEARDSHELL and COVENANT implants for long-term surveillance of Ukrainian military personnel. ESET research reveals cloud storage abuse for C2.
APT41-linked threat group deploys GearDoor backdoor via Google Drive for covert command-and-control. Check Point tracks campaigns across Europe and Southeast Asia.
India-linked APT deploys BurrowShell backdoor and Rust-based RAT against Pakistan nuclear agencies, Bangladesh banks, and Sri Lankan government. 112 C2 domains identified.
Zscaler uncovers Dust Specter campaign targeting Iraqi government officials with novel SPLITDROP and GHOSTFORM malware. Evidence suggests AI-assisted development.
The FBI confirms a sophisticated cyberattack targeted its internal wiretap and FISA warrant management system. Investigation ongoing with CISA and NSA involvement.
Government-grade iPhone exploits targeting iOS 13-17.2.1 now wielded by Russian spies and Chinese criminals. Lockdown Mode stops it cold.
Active phishing campaign uses spoofed email chains to trick LastPass users into revealing master passwords. Attackers generate thousands of URL variants leading to fake SSO pages.
Unit 42 threat brief details Iran's cyber response to Operation Epic Fury, with 60+ hacktivist groups claiming 150+ incidents in 72 hours despite severe connectivity loss.
Security researchers tie Russia's APT28 to CVE-2026-21513 exploitation using malicious LNK files. The MSHTML zero-day was weaponized weeks before Microsoft's February patch.
China-linked UNC2814 breached 53 organizations across 42 countries using GRIDTIDE malware that abuses Google Sheets for C2. Google terminates attacker infrastructure.
China-aligned threat group deploys LuciDoor and MarsSnake backdoors against telecom providers in Kyrgyzstan and Tajikistan, expanding from prior Saudi operations.
North Korean APT37 deploys six new malware tools to breach air-gapped systems using USB drives and cloud C2. Zscaler reveals RESTLEAF, THUMBSBD, and FOOTWINE surveillance capabilities.
Scattered Lapsus$ Hunters offers $500-$1,000 to recruit women for IT help desk social engineering attacks. The supergroup combines LAPSUS$, Scattered Spider, and ShinyHunters tactics.
Anthropic alleges DeepSeek, Moonshot AI, and MiniMax used 24,000 fake accounts to extract Claude capabilities through 16 million distillation queries.
Iranian APT MuddyWater launches Operation Olalampo against MENA organizations, deploying four new malware families including GhostFetch and CHAR, a Rust backdoor controlled via Telegram.
New espionage campaign uses protest-themed lures and Chrome DLL side-loading to deploy RAT malware against Iranian diaspora, activists, and journalists.
Amazon threat intelligence exposes Russian-speaking actor using generative AI to breach 600+ FortiGate devices across 55 countries. Attack used ARXON tool with DeepSeek and Claude.
Attackers exploiting CVE-2026-1731 deploy cross-platform backdoors across finance, healthcare, and tech. Over 10,600 instances remain exposed.
Radware's 2026 threat report reveals network-layer DDoS attacks jumped 168% year-over-year. NoName057 claimed 4,693 attacks, setting a new hacktivist record.
Cisco AI Defense research finds OpenAI's safeguard models perform worse than standard versions under sustained attack. Multi-turn jailbreaks spike success rates up to 92%.
Chinese threat group UNC6201 exploited a critical hardcoded credential flaw (CVE-2026-22769) in Dell RecoverPoint for 18 months before disclosure. Patch now.
SANS ISC documents phishing campaign using fabricated incident reports to steal MetaMask wallet credentials. Attackers host phishing pages on AWS S3.