Containing Velociraptor Abuse in the Wild
Threat actors recently elevated their tactics by weaponizing Velociraptor, a respected open-source digital forensics and incident response (DFIR) tool typically used by defenders to investigate breaches. In a sophisticated breach, attackers used the Windows msiexec utility to download a malicious Velociraptor installer from a Cloudflare Workers–hosted staging domain. The installed tool was configured to communicate […]
“Salt Typhoon” Cyber-Espionage.
The China-linked Advanced Persistent Threat (APT) group known as Salt Typhoon has waged an expansive espionage campaign against global networks, infiltrating over 600 organizations across 80 countries, including around 200 in the U.S. Key Impact & Tactics: Targeted Sectors: Telecommunications, government, transportation, lodging, and military infrastructure have all been compromised. Initial Access via Known Vulnerabilities: […]
Microsoft Teams is Being Weaponized
In today’s digital workplace, Microsoft Teams has become foundational to collaboration and productivity. Yet, its trusted role is now being exploited by cyber adversaries. Recent campaigns have seen malicious actors impersonate IT support via Teams chats or calls, tricking employees into granting remote access and deploying dangerous malware. Tactics often begin with social engineering and […]
UpCrypter Malware Targets Global Organizations
The cybersecurity landscape continues to evolve as threat actors adopt increasingly sophisticated techniques to breach defenses. A recent phishing campaign exploiting the UpCrypter malware loader has highlighted the urgency for organizations to rethink their security posture. UpCrypter, a malicious loader, has been weaponized to bypass security controls and deploy additional payloads into victim environments. This […]
Proxyware Malware as YouTube Videos
Cybercriminals are getting more creative in spreading malware, and the latest trend involves using proxyware-legitimate software that shares internet bandwidth-as a cover for malicious activities. A new campaign is leveraging YouTube videos to distribute malware disguised as proxyware installers, posing significant risks to both businesses and individual users. How the Attack Works Hackers upload videos […]
Go Module Masquerades as SSH Tool
A recent discovery in the Go developer ecosystem has exposed a malicious module posing as a legitimate SSH brute-force utility, highlighting the growing risks of supply chain attacks. This threat emphasizes how attackers are increasingly targeting developer tools and open-source packages to infiltrate enterprise environments. The malicious Go module, designed to mimic common SSH utilities, […]
Gmail Phishing with Prompt Injection
Cybercriminals are exploiting advanced AI-driven techniques to launch sophisticated Gmail phishing attacks using prompt injection. These campaigns manipulate large language models (LLMs) to craft convincing emails that bypass traditional detection methods. Unlike conventional phishing, this approach leverages GenAI to deliver highly personalized and adaptive messages, significantly increasing the success rate of these attacks. How Prompt […]
Shamos Infostealer Surge
A sophisticated cyber campaign is tricking Mac users into installing a new strain of malware called Shamos Infostealer, highlighting the growing risks to Apple’s ecosystem. The attack is being distributed through deceptive pop-ups and websites offering fake system fixes, luring users into downloading malicious disk image files (.DMG). Once executed, the malware infiltrates the system, […]
APT36 Exploits Linux
A recent campaign by the threat group APT36, also known as Transparent Tribe, is targeting Linux systems through malicious desktop entry files. These attackers leverage .desktop files-commonly used for application shortcuts in Linux environments-to install a powerful remote access trojan (RAT) called Poseidon. This sophisticated tactic allows the attackers to bypass basic security checks and […]
Murky Panda Cloud Exploit
In a recent cybersecurity alert, researchers have uncovered a sophisticated supply-chain attack orchestrated by Murky Panda, a nation-state-backed threat group. This campaign targets managed service providers (MSPs) and leverages the inherent trust businesses place in their cloud vendors to infiltrate downstream customers. How the Attack Works Murky Panda employs compromised cloud environments and privileged access […]