Tag: emerging threats
3036 articles
China's Paramilitary Forces Upgrade Riot Control Arsenal
China's paramilitary police are taking riot control to a whole new level with an arsenal of heavy-hitting gear, including 35 mm automatic grenade launchers typically used on the front lines. The PAP First Mobile Corps recently showcased their fire-support platoon equipped with this powerful tech, blurring the lines between crowd management and combat.
GPU mining malware spreads via SEO poisoning and AI chatbot manipulation
Beware of a sneaky malware that's spreading through manipulated AI chatbot responses and search engine poisoning, tricking users into downloading GPU mining malware. Victims unknowingly stumble upon malicious links while searching for popular software or getting recommendations from AI assistants.
Managing Shadow AI Tools Requires a Proactive Security Approach
Employees are now using three to five AI tools daily, outpacing the controls in place to manage them, and creating a growing security gap that's hard to ignore. This surge in shadow AI tools is fueled by three key areas: OAuth connections, browser extensions, and bundled AI.
Cybercriminals Impersonate IT Personnel in Targeted Attacks
Cybercriminals are now masquerading as IT personnel to launch targeted attacks, with the FBI warning that law firms and professional sectors are prime targets. This new tactic allows groups like the Silent Ransom Group to swiftly access and exfiltrate sensitive data, often without encrypting systems.
Executives' Blind Spot: Shadow AI Use Exposes Security Risks
Most organizations have a blind spot when it comes to AI usage, leaving them vulnerable to security risks - and the truth is, you can't protect what you can't see. A recent study by Okta and Apprize360 found that shadow AI use is rampant, exposing companies to potential breaches, data exposures, and system disruptions.
CrowdStrike disrupts Glassworm botnet with global takedown
In a major win for cybersecurity, CrowdStrike has successfully dismantled the notorious Glassworm botnet in a global takedown, cutting off its operators from infected machines worldwide. The infected machines now harmlessly connect to a CrowdStrike-controlled IP address, rendering the botnet useless.
Malicious npm Package Targets Claude AI User Files via GitHub
Disguising itself as a harmless archive deployment sync tool, the malicious npm package mouse5212-super-formatter secretly synced local workspace files to a remote tracking tree, allowing attackers to target user files on GitHub.
Canada Taps Polish Drones to Bolster Defense Ties with EU Backing
Canada is set to boost its defense capabilities with cutting-edge Polish drones, including the advanced Warmate, FlyeEye, and Gladius models, as part of a new agreement with Poland backed by the EU. This deal marks a significant step forward in Canada's defense ties with Poland and the European Union.
Malware Campaigns Target Windows, Android Users in Global Finance Sector
Global finance sector faces a double threat as malware campaigns target Windows and Android users, with attackers using clever tactics like hiding in trusted traffic and selling mobile RATs as turnkey services. Two recent campaigns, one using Grandoreiro malware in Portugal, Spain, and Mexico, and another using a new BTMOB trojan in Brazil, highlight the evolving threat landscape.
CrowdStrike dismantles Glassworm botnet targeting open-source supply chain
In a major win for cybersecurity, CrowdStrike has successfully dismantled the notorious Glassworm botnet, crippling its ability to target the open-source supply chain. By taking down four key servers, CrowdStrike has forced the attackers to regroup and rebuild, buying time for the industry to stay one step ahead.
US Navy Rethinks Risk in Software Development for Edge Operations
The Department of the Navy is shaking up its approach to software development, redefining risk to deliver mission-critical data at breakneck speeds. By recalibrating its tolerance for risk, the Navy aims to accelerate the flow of vital information to where it's needed most, when it's needed most.
OPM Proposes Sweeping NDA Rule for Federal Employees
The Office of Personnel Management wants to shake up the way federal employees handle confidential information, proposing a new nondisclosure agreement rule that would require all employees to sign a pledge protecting internal agency details. If implemented, the rule could have far-reaching implications for whistleblowing and employee accountability.
FortiGuard Labs Exposes Sophisticated Phishing Campaign Targeting Windows Users
Beware of a sneaky phishing campaign that's targeting Windows users with a multi-stage attack chain, starting with a seemingly harmless email attachment that unleashes a powerful malware. This stealthy threat uses clever tactics like process hollowing to inject malicious code into trusted Windows processes.
FBI Warns Law Firms of In-Person Extortion Tactics by Silent Ransom Group
The FBI is sounding the alarm for US law firms, warning them of a growing threat from the Silent Ransom Group, which targets the legal industry for its highly sensitive data and uses in-person extortion tactics. This group has been linked to a string of incidents, and the FBI is urging law firms to be vigilant.
Cybersecurity Burnout Spurs Call for Risk-Based Response
Half of all cyber professionals are burning out weekly or daily - it's time for organizations to shift their approach and view burnout as a critical operational risk, rather than just a wellness issue. By reframing burnout in this way, businesses can prioritize effective solutions and safeguard their cyber resilience.
SOCs Shut Down Incident Risks with Proactive Threat Detection
Stay ahead of incident risks with proactive threat detection from ANY.RUN's Threat Intelligence Feeds, which deliver a continuous stream of high-confidence threat data from a vast network of organizations and SOC professionals. By shrinking the time between detection and understanding, modern Security Operations Centers (SOCs) can effectively shut down threats before they cause harm.
CrowdStrike and Google Disrupt Glassworm Botnet Infrastructure
In a major win for cybersecurity, a powerful collaboration between CrowdStrike, Google, and the Shadowserver Foundation successfully dismantled the Glassworm botnet by simultaneously taking down all four of its command-and-control channels. This bold move cut off the botnet's operators from infected devices, preventing further malicious activity.
India's CERT-In Urges 12-Hour Patch Deadline for Exploited Vulnerabilities
CERT-In is urging organizations to act fast - patch, mitigate, or remove exposure to exploited vulnerabilities within 12 hours for internet-facing and high-priority systems. This strict deadline aims to minimize risk and protect critical assets from potential attacks.
Glassworm botnet disrupted by takedown of resilient C2 infrastructure
In a major win for cybersecurity, researchers from CrowdStrike, Google, and The Shadowserver Foundation have successfully disrupted the Glassworm botnet by dismantling its complex command-and-control infrastructure. This takedown cuts off the lifelines of the threat actors, halting their campaigns that had been ongoing since October 2025.
CrowdStrike Disrupts GlassWorm Malware's Global Supply Chain Attack Infrastructure
In a major win for cybersecurity, CrowdStrike teamed up with Google and the Shadowserver Foundation to dismantle the global infrastructure behind the GlassWorm malware attack, crippling its ability to issue commands or deliver new payloads to infected machines. This coordinated operation targeted and neutralized the malware's command-and-control channels, protecting software developers from further exploitation.
Researchers Warn of LLM Guardrail Vulnerability to Multi-Turn Manipulation
Beware: even the toughest-sounding safety guardrails on large language models can be easily bypassed by clever attackers who use multi-turn conversations to manipulate them. Cisco researchers found that none of the models they tested were completely safe from this type of exploitation.
Fraudsters Target World Cup Fans with 4300 Fake FIFA Domains
Scammers are gearing up to target FIFA World Cup fans with a massive network of over 4,300 fake domains, a recent analysis revealed. These fraudulent sites, linked to six distinct scams and four threat actors, are currently dormant but ready to be activated as the 2026 tournament approaches.
Security Researcher Exploits Flaw in Pretalx Conference Tool
A security researcher recently uncovered a vulnerability in pretalx, a popular conference tool, that could let hackers inject malicious code into an organizer's interface, putting sensitive data at risk. This flaw, known as a stored cross-site scripting vulnerability, could be triggered through simple search queries.
FBI Warns of In-Person Data Theft Attacks by Extortion Gang
The FBI has issued a warning about a sneaky new tactic used by the notorious Silent Ransom Group: showing up in person to steal sensitive data, after gaining trust through clever phishing and phone scams. This brazen approach combines remote access tricks with physical presence at victim sites, marking a chilling evolution in their extortion methods.