During routine monitoring, the Wiz Research Team observed an exploitation attempt targeting one of our honeypot servers running TeamCity, a popular CI/CD tool. Our investigation determined that the...
A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security r...
Security experts have uncovered a hole in Cl0p’s data exfiltration tool that could potentially leave the cybercrime group vulnerable to attack. The vulnerability in the Python-based software, whic...
Large and widely recognizable organizations around the world may be unknowingly funding North Korea’s cyber operations, and having their Intellectual Property, operational workflows, and general da...
Okta Threat Intelligence has observed threat actors abusing v0, a breakthrough Generative Artificial Intelligence (GenAI) tool created by Vercel, to develop phishing sites that impersonate legitima...
Key Data When Netcraft researchers asked a large language model where to log into various well-known platforms, the results were surprisingly dangerous. Of 131 hostnames provided in response to nat...
The Iranian regime’s fundamental objective is to ensure the survival and security of the Islamic Republic, which was founded in 1979 following the Iranian Revolution. This shapes – directly or indi...
The International Criminal Court has been targeted by a “sophisticated” cyberattack and is taking measures to limit any damage. The ICC said the incident, which happened last week during the NATO ...
In September 2024, ANSSI observed an attack campaign seeking initial access to French entities’ networks through the exploitation of several zero-day vulnerabilities on Ivanti Cloud Service Applian...
A sophisticated transnational scheme was uncovered involving a criminal ring operating from Madrid and Latvia. The fraud campaign was structured and disguised as a legitimate investment platform, l...
A series of critical vulnerabilities have been discovered in MICROSENS NMP Web+, a widely used network management platform for industrial and critical manufacturing environments, putting thousands ...
TL;DR Investigated IDEs: Visual Studio Code (VSCode), Visual Studio, IntelliJ IDEA, and Cursor Flaw: Ability to create files that maintain verified symbols while adding malicious functionality Expl...
Online criminal forums, both on the public internet and on the “dark web” of Tor .onion sites, are a rich resource for threat intelligence researchers. The Sophos Counter Threat Unit (CTU) has a te...
A major Mexican drug cartel insider grassed on his fellow drug-peddlers back in 2018, telling the FBI that a cartel “hacker” was tracking a federal official and using their deep-rooted access to th...
Since 2024, Microsoft Threat Intelligence has observed remote information technology (IT) workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, ...
Key takeaways TA829 conducts a mixture of espionage and cybercriminal operations, which rely on services sourced from the criminal underground, and a regularly updated suite of tools built upon the...
Trustwave SpiderLabs, which has been tracking Proton66 for the last several months, was able to make this connection by pivoting from Proton66-linked assets, which led to the identification of anot...
With the launch of its Cyberspace Force, China has elevated the digital domain to a theatre of war. The Cyberspace Force of the People’s Liberation Army (PLA) is China’s newest military branch, lau...
Last month, we encountered a particularly interesting and complex malware case that stood out from the usual infections we see in compromised WordPress websites. At first glance, the site looked cl...
Regional APT Threat Situation In May 2025, the global threat hunting system of Fuying Lab discovered a total of 44 APT attack activities. These activities are mainly distributed in South Asia, Eas...