The Iranian threat collective Seedworm maintained a clandestine presence within the infrastructure of a prominent South Korean electronics manufacturer for nearly a week. During this tenure, the adversaries systematically harvested telemetry, purloined credentials, and...
Unidentified adversaries have subverted the Checkmarx plugin for Jenkins, embedding deleterious code designed for credential exfiltration. This incursion represents the latest installment in a persistent series of software supply chain attacks orchestrated by the...
Corporate correspondence has once again emerged as a convenient portal for adversaries. In this nascent campaign, the assailants eschew direct “forced entry,” choosing instead to orchestrate a familiar professional complication for employees and promptly...
The SideWinder threat actor has markedly pivoted its strategic methodology, forsaking traditional infrastructure in favor of a clandestine approach. Rather than leasing dedicated servers, the group has orchestrated an expansive operation leveraging legitimate cloud...
Cybersecurity specialists have chronicled a voluminous, automated campaign for credential harvesting that, within a mere matter of hours, besieged hundreds of servers across the globe. The offensive unfolded with minimal human intervention, preying upon...
ProfileHound is a post-escalation tool to help find and achieve red-teaming objectives by locating domain user profiles on machines. It uses the BloodHound OpenGraph format to build a new edge called HasUserProfile which determines if a...
A singular assault upon a developer instrument escalated within a mere twenty-four hours into a catastrophic chain reaction, enveloping scores of projects. Initially, the malefactors breached the ubiquitous Trivy vulnerability scanner, seamlessly weaving credential-harvesting...
Researchers have documented the inaugural instance of a deleterious Microsoft Outlook extension proliferating through the official Office Add-in Store. The focal point of this incursion is AgreeTo, a legacy scheduling utility. While the original...
The Microsoft Defender threat intelligence team has documented a series of substantiated offensives targeting internet-facing SolarWinds Web Help Desk instances. Adversaries weaponized these vulnerable help desk servers as a primary point of ingress, subsequently...
GhostFrame is a newly emerged phishing tool that, in just three months, has already powered more than one million attacks. It relies on a deceptively simple HTML file and a concealed iframe to swap...
Researchers at Varonis have reported the emergence of a new toolkit named MatrixPDF, which enables attackers to transform ordinary PDF files into interactive phishing lures. These maliciously crafted documents can bypass email security filters...
Over the past several months, researchers at Cyble Research and Intelligence Labs (CRIL) have been closely monitoring a large-scale and technically sophisticated phishing campaign known as Scanception. Its hallmark lies in the use of...
