SNOW Malware Ecosystem Uses Teams Phishing, WebSocket Tunnels, and Browser Extensions
Threat actors are increasingly chaining classic phishing with collaboration platforms and covert tunneling to create highly believable intrusion paths. A rec...
20 articles
Threat actors are increasingly chaining classic phishing with collaboration platforms and covert tunneling to create highly believable intrusion paths. A rec...
A targeted campaign in which the ToddyCat (aka APT-style) group leverages a previously observed loader family, Umbrij, to hijack Gmail accounts by abusing Go...
Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential prox...
A company based in Taiwan was leasing out accounts on the popular LINE messaging app to Chinese spies, according to prosecutors, who charged two men in the a...
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new ...
Cisco says the threat actor behind the LapDogs campaign has expanded its SOHO router malware toolkit with LongLeash, DogLeash, and JarLeash backdoors. The po...
Cisco Talos said China-linked APT UAT-7810 is growing its proxy relay network with new malware
Kaspersky details how the newly named Armored Likho APT uses BusySnake Stealer, AI-generated loaders, and phishing to target government and energy organizati...
A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps...
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures.
RedWing: The Android Banking Trojan You Can Rent on Telegram for Less Than a Coffee Subscription Zimperium’s zLabs team has uncovered RedWing, an Android spy...
Cyber threat actors are infecting victims with the Vidar stealer and the XMRig cryptocurrency miner in a new malicious campaign
A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by breaking into intern...
A human-operated Mexican banking fraud campaign tracked as REF6045 has been observed using a bespoke PowerShell toolkit SCMBANKER to turn commodity click-fra...
A sophisticated, long-running operation that converts consumer devices into rentable exit nodes for residential proxy services. The initial signal was a fake...
A targeted phishing campaign impersonating the Indian Income Tax Department has been observed delivering a sophisticated, six-stage infection chain that culm...
Elastic Security Labs tracks REF6045, an active operator-assisted banking fraud operation targeting customers of Mexican banks, fintech, payment processors, ...
A cybercrime campaign combined a loader-as-a-service framework and DLL sideloading via a Go-compiled fake MpClient.dll, a novel evasion layer combination.
Authorities didn’t name the man or file formal charges, but accuse him of participating in attacks linked to Cyber Army of Russia Reborn and NoName. The post...
Palo Alto Networks’ security division, Unit 42, is warning of yet another campaign targeting Microsoft Teams users. The new campaign begins with Teams users ...