Adversary-in-the-Middle (AiTM) Attacks
In the evolving cyber threat landscape, Adversary-in-the-Middle (AiTM) attacks have emerged as a sophisticated form of credential theft. Unlike traditional phishing campaigns, AiTM goes beyond simple deception by inserting a malicious proxy between the victim and a legitimate service. This enables attackers to steal not only usernames and passwords but also multifactor authentication (MFA) tokens, […]
Fake-ID Marketplace Shutdown
Law enforcement agencies, including the FBI and Dutch National Police, have dismantled VerifTools-a widespread marketplace selling counterfeit identity documents. The shutdown involved seizing both physical and virtual servers in Amsterdam and disabling multiple domains, now redirecting users to an FBI seizure notice. VerifTools made it alarmingly simple to produce fake IDs: users uploaded a photo, […]
Containing Velociraptor Abuse in the Wild
Threat actors recently elevated their tactics by weaponizing Velociraptor, a respected open-source digital forensics and incident response (DFIR) tool typically used by defenders to investigate breaches. In a sophisticated breach, attackers used the Windows msiexec utility to download a malicious Velociraptor installer from a Cloudflare Workers–hosted staging domain. The installed tool was configured to communicate […]
“Salt Typhoon” Cyber-Espionage.
The China-linked Advanced Persistent Threat (APT) group known as Salt Typhoon has waged an expansive espionage campaign against global networks, infiltrating over 600 organizations across 80 countries, including around 200 in the U.S. Key Impact & Tactics: Targeted Sectors: Telecommunications, government, transportation, lodging, and military infrastructure have all been compromised. Initial Access via Known Vulnerabilities: […]
Microsoft Teams is Being Weaponized
In today’s digital workplace, Microsoft Teams has become foundational to collaboration and productivity. Yet, its trusted role is now being exploited by cyber adversaries. Recent campaigns have seen malicious actors impersonate IT support via Teams chats or calls, tricking employees into granting remote access and deploying dangerous malware. Tactics often begin with social engineering and […]
UpCrypter Malware Targets Global Organizations
The cybersecurity landscape continues to evolve as threat actors adopt increasingly sophisticated techniques to breach defenses. A recent phishing campaign exploiting the UpCrypter malware loader has highlighted the urgency for organizations to rethink their security posture. UpCrypter, a malicious loader, has been weaponized to bypass security controls and deploy additional payloads into victim environments. This […]
Proxyware Malware as YouTube Videos
Cybercriminals are getting more creative in spreading malware, and the latest trend involves using proxyware-legitimate software that shares internet bandwidth-as a cover for malicious activities. A new campaign is leveraging YouTube videos to distribute malware disguised as proxyware installers, posing significant risks to both businesses and individual users. How the Attack Works Hackers upload videos […]
Go Module Masquerades as SSH Tool
A recent discovery in the Go developer ecosystem has exposed a malicious module posing as a legitimate SSH brute-force utility, highlighting the growing risks of supply chain attacks. This threat emphasizes how attackers are increasingly targeting developer tools and open-source packages to infiltrate enterprise environments. The malicious Go module, designed to mimic common SSH utilities, […]
Gmail Phishing with Prompt Injection
Cybercriminals are exploiting advanced AI-driven techniques to launch sophisticated Gmail phishing attacks using prompt injection. These campaigns manipulate large language models (LLMs) to craft convincing emails that bypass traditional detection methods. Unlike conventional phishing, this approach leverages GenAI to deliver highly personalized and adaptive messages, significantly increasing the success rate of these attacks. How Prompt […]
Shamos Infostealer Surge
A sophisticated cyber campaign is tricking Mac users into installing a new strain of malware called Shamos Infostealer, highlighting the growing risks to Apple’s ecosystem. The attack is being distributed through deceptive pop-ups and websites offering fake system fixes, luring users into downloading malicious disk image files (.DMG). Once executed, the malware infiltrates the system, […]