Tagged: threat intelligence
The research group Deep Specter Research has uncovered a multilayered scheme of phishing and brand impersonation that quietly operated for years on Google Cloud and Cloudflare infrastructure. According to their findings, attackers systematically acquired...
Between June and July 2025, researchers recorded hundreds of thousands of password brute-force attempts targeting SSL VPN and RDP services. The source of the attacks was traced to the Ukrainian autonomous system FDN3 (AS211736),...
GreyNoise has observed a sharp and highly atypical surge in reconnaissance activity targeting Microsoft Remote Desktop Web Access and the RDP Web Client: 1,971 unique IP addresses were active simultaneously, whereas the company typically...
Microsoft has issued a warning over the growing surge of large-scale ClickFix phishing attacks and has recommended that system administrators restrict the use of command-line tools and disable the Run dialog in Windows. This...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The list includes two flaws in Citrix Session Recording and one in Git, all...
Researchers at Zscaler ThreatLabz have released a new report on the evolution of the banking trojan Anatsa (also known as TeaBot), first discovered in 2020. This malware targets Android devices and is designed to...
A few days ago, the website DDoSecrets published a data dump allegedly originating from the workstation of an operator involved in a campaign against organizations in South Korea and Taiwan. The author of the...
Researchers from Ctrl-Alt-Int3l have published a detailed analysis of a large-scale operation targeting Vietnamese universities. Their investigation was made possible thanks to open directories where attackers, through a critical oversight, had left behind a...
A new campaign has been observed within the malware-as-a-service (MaaS) ecosystem, where attackers employ a multi-stage delivery chain using PowerShell scripts hosted on external web servers. This technique conceals the final executables, delays investigations,...
APT36, also known as Transparent Tribe, has launched a new espionage campaign targeting government and defense institutions in India. This Pakistan-linked group, active since at least 2013, has long relied on phishing campaigns and...
Researchers at CrowdStrike have identified a new macOS infection campaign deploying a malware strain known as Shamos. This trojan is a variant of Atomic macOS Stealer (AMOS), a notorious Mac infostealer, and is being...
In recent days, Telegram channels and news outlets have been actively circulating reports of an alleged Europol bounty of $50,000 for information leading to the capture of two leaders of the notorious ransomware group...