What is the Interlock ransomware? Interlock is a relatively new strain of ransomware, that first emerged in late 2024. Unlike many other ransomware families it not only targets Windows PCs, but al...

The first quarter of 2025 saw the continued publication of vulnerabilities discovered and fixed in 2024, as some researchers were previously unable to disclose the details. This partially shifted t...

During mid-May 2025, eSentire’s Threat Response Unit (TRU) identified active exploitation of a critical security flaw (CVE-2025-4632) within Samsung MagicINFO 9 Server installations. This vulnerabi...

Last week, the US Department of Justice (DOJ) announced the disruption of the LummaC2 infostealing-malware. This was achieved through sweeping domain seizures in coordination with Microsoft, which ...

Introduction As we’ve explored in numerous articles and Malware of the Day posts, there is no shortage of communication protocols threat actors can utilize for C2 communication. And while there is ...

This time it’s a “Smart Device”, or as previously mentioned on this blog an internet connected “adult only toy”. But also it could just as easily have been via the house “Smart Meter”… Any electric...

“Russian-linked hackers targeted U.K. Defense Ministry staff in an espionage operation while posing as journalists, Sky News reported on May 29, citing the British government. The cyber attack was...

A cyber incident affecting several hospitals in Maine is now under investigation. Covenant Health shared with NEWS CENTER Maine that it became aware of connectivity issues impacting the organizati...

Socket’s Threat Research Team uncovered a supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias cappership. The threat actor embedded a covert key‑s...

Netcraft has observed a resurgence of the Chinese-language Haozi Phishing-as-a-Service (PhaaS) group, which markets itself with a cartoon mouse mascot and a heavy emphasis on ease-of-use and suppor...

Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a financially motivated cybercriminal group active since at least mid-2022. They prim...

This analysis is part of an incident investigation led by the FortiGuard Incident Response Team. We discovered malware that had been running on a compromised machine for several weeks. The threat ...

Cisco Talos has discovered new threats, including the ransomware CyberLock, Lucky_Gh0$t, and a newly-discovered malware we call “Numero,” all of which masquerade as legitimate AI tool installers. ...

Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and cry...

The Entra Access Flaw Hiding in Plain Sight Inviting external guest users is a common and useful practice for collaboration with external partners. These guest accounts are typically assigned limi...

Executive Summary On May 7, 2025, during the active military escalation between Pakistan and India—specifically in the context of India’s military campaign ‘Operation Sindoor’—, EclecticIQ analyst...

University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust have been named as those exposed via a recently discovered exploit. NHS England to...

Google Threat Intelligence Group’s (GTIG) mission is to protect Google’s billions of users and Google’s multitude of products and services. In late October 2024, GTIG discovered an exploited govern...

Introduction Once upon a time, in the land of the CMS honeypot, a curious threat named Mimo crept silently through the digital woods. Unlike your typical fairytale villain, Mimo didn’t leave glass ...

Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, particularly those that generate videos based on user prompts. ...