Tag: lateral movement
22 articles

Spirals Ransomware Encrypts Network in Record Time
In a lightning-fast attack, the newly identified Spirals ransomware gang compromised a network and encrypted its entire system in under 24 hours, showcasing an alarming level of speed and sophistication. The attack began with a simple vulnerability - an exposed IIS server - which allowed hackers to upload a web shell and rapidly escalate their privileges.

Securing Agentic AI Workspaces Requires Unified Governance
Nine out of 10 organisations are already harnessing AI assistants, but many are flying blind - unsure if these powerful tools have been compromised. As AI agents assume their own identities and access rights, a misconfigured or compromised agent can quickly become a high-speed pathway for data breaches and credential abuse.

Klue Breach Exposes Cybersecurity Firms to OAuth Token Abuse
A single compromised credential led to a massive security breach at Klue, allowing an unauthorized actor to exploit OAuth tokens and gain access to sensitive customer data on third-party platforms like Salesforce. This incident highlights the growing threat of OAuth token abuse and the need for robust cybersecurity measures.

Hackers Infiltrate Stock Exchange Executive's Outlook Mailbox for Months
Hackers stealthily infiltrated a senior stock exchange executive's Outlook mailbox, maintaining months-long control of their computer by masquerading as legitimate software. The alarming breach, detected as early as October 10, 2025, allowed the intruder to operate with SYSTEM-level privileges, the highest level of Windows access.

AI-Driven Attacks Infiltrate Cloud Environments, Exposing Hidden Risks
New AI-driven threats are rapidly exploiting cloud security gaps, making it vital for teams to adopt a proactive, holistic approach to risk reduction to safeguard critical assets and data. Stay ahead of adversaries by understanding how they're weaponizing cloud vulnerabilities at alarming speed.

Microsoft Teams Targeted in Rising Helpdesk Impersonation Attacks
Microsoft is sounding the alarm on a growing threat: hackers are exploiting Microsoft Teams' external collaboration features to impersonate helpdesk teams and gain access to enterprise networks. They're using the platform's own tools to move undetected, posing a major challenge for defenders.

A single unpatched flaw in a Dell storage appliance became a playground for hackers, allowing months of undetected espionage and the deployment of sneaky new backdoors. A joint investigation by Mandiant and Google Threat Intelligence Group uncovered this alarming zero-day exploit, which has been wreaking havoc since mid-2024.

AI Stunning Threat: Breakout Time Falls to Four Minutes
Breakout time can now fall to about four minutes as AI automates reconnaissance, exploit crafting, and data exfiltration — meaning the cozy breathing room defenders once relied on is gone and its time to rethink detection and response.

Endpoint Security: Exclusive 2025 Lessons, Best 2026 Moves
Endpoint Security got personal in 2025: attackers used smartphones, tablets and unmanaged devices as easy backdoors while AI supercharged phishing and exploit automation. This post distills the must-know lessons for federal IT—clear steps to inventory devices, prioritize patches, and build layered defenses heading into 2026.

CISA Must Fix Stunning Insider Threat Failures
CISA warned the nation about insider threats, yet a senior officials upload of sensitive documents to a public AI chatbot revealed startling insider threat failures within the agency. Fixing this will take more than patches — it demands tighter access controls, stronger governance, and real cultural change.

Kimwolf Botnet Exclusive: Dangerous Local Network Alert
Think your home network is a locked room? Researchers warn the Kimwolf botnet is quietly replacing the lock—compromising routers and IoT devices to build stealthy footholds for DDoS, data theft, or lateral attacks.

n8n flaw Exclusive: Critical bug lets attackers run servers
A critical unauthenticated RCE in n8n lets attackers run arbitrary code and seize control of servers. If you run n8n, patch now to protect your workflows, credentials, and sensitive data across potentially 100,000 installs.

China-Linked Tick Group Exclusive: Critical Lanscope 0-day
Think of it as the patch arriving after someone already walked through the door — a critical CVE‑2025‑61932 (CVSS 9.3) zero‑day in Motex Lanscope has been weaponized in the wild by the China‑linked Tick group. The flaw allows unauthenticated SYSTEM‑level command execution on on‑prem Lanscope servers, so if you run Lanscope, find exposed instances, isolate them from untrusted networks, and apply mitigations or updates immediately.

PHP Servers: Exclusive Critical IoT Attack Alert
Who else has the keys to your server? A sharp rise in attacks using simple PHP web shells is turning unpatched apps, unsecured IoT devices, and misconfigured cloud gateways into cheap, scalable footholds for persistent intruders.

Shaq’s new ride Exclusive: Costly Hijack Exposed
Shaq’s new ride reveals a surprising weak spot: when celebrities rely on niche customization shops for bespoke engineering, those small specialists — holding valuable blueprints and client data — become prime targets for savvy criminals. A breach can mean leaked designs, stolen invoices and lucrative leverage for extortion.

LockBit Exclusive: Critical New Victims Identified
LockBit’s latest iteration is back—and meaner: researchers found a cross-platform strain in September that can encrypt Windows, Linux and VMware ESXi in a single strike, shrinking defenders’ response window and multiplying damage. If you haven’t expanded EDR to Linux and hypervisors or tested immutable backups yet, now’s the time.

LockBit Ransomware Exclusive: Severe Victims Revealed
An updated LockBit variant—faster, stealthier and able to run native payloads on Windows, Linux and VMware ESXi—has been tied to a dozen recent intrusions, dramatically shrinking the window defenders have to detect and stop catastrophic outages.

Lanscope Endpoint Manager Exclusive Critical Bug Alert
If you use Lanscope Endpoint Manager, treat this as urgent—CISA has added CVE-2025-61932 to its Known Exploited Vulnerabilities list and says it’s being actively exploited. Act now: inventory on‑prem Clients, apply patches or mitigations, tighten admin access, and hunt for signs of compromise.

CVE-2025-10035: Stunning Critical Timeline Exposed
Fortra’s timeline reveals CVE-2025-10035 in GoAnywhere MFT was actively exploited from at least Sept. 11, 2025 — a wake-up call to patch immediately, audit transfer logs, and lock down MFT servers before attackers move laterally or steal data.

Vietnam-linked phishing campaign: Dangerous, Stunning Shift
A Vietnam-linked phishing campaign has quietly upgraded from a Python infostealer to PureRAT, turning quick credential grabs into hands-on, persistent intrusions that can enable live data theft and lateral movement. Defenders should shift from signature hunting to behavior-based EDR, network telemetry, and stronger email and access controls to stop these more dangerous, interactive attacks.

lateral movement: Stunning 18-Minute Risky Surge
Attackers now break out in a median of just 18 minutes, not hours, so organizations must embrace zero-trust, strong identity controls, segmentation and automated detection to stop breaches before they can spread.

fileless malware: Deadly Exclusive Stealth Threat
Imagine fighting a ghost that leaves no footprint — attackers are running AsyncRAT entirely in memory, hiding behind trusted Windows tools like PowerShell and rundll32. Luckily, better runtime visibility, behavioral EDR and stronger identity controls can help defenders spot and stop these stealthy, fileless intrusions.