Skip to main content

Tag: threat actors

236 articles

Employee looks concerned at laptop screen displaying OpenAI invitation email.

Threat Actors Exploit OpenAI Invitations to Target Cybersecurity Firms

Threat actors are cleverly exploiting OpenAI invitations to scam cybersecurity firms, creating fake tenants that mimic legitimate companies and sending convincing emails that pass authentication checks. These targeted phishing attacks allow scammers to spread malicious content through a trusted channel.

Analyst 207
Small business workstation with computer in foreground and subtle tech hints.

Cyberattacks on SMBs Surge via AI Tool Lures

Small and medium-sized businesses are under siege, with a staggering 33,352 cyberattacks detected in just four months as scammers disguise malware as popular AI tools. This alarming surge highlights how quickly cybercriminals are leveraging the latest tech trends to target vulnerable businesses.

Analyst 207
Dimly lit workspace with laptop screen showing system failure messages, surrounded by clutter and blurred office background.

Gaslight Malware Exposes AI-Assisted Analysis Limits

Meet Gaslight, a sneaky new macOS malware that uses fake system-failure messages to trick AI-powered analysis tools into doubting themselves. Created by North Korea-aligned threat actors, this Rust-based implant is a clever and concerning threat to cybersecurity.

Analyst 207
Person looks concerned while interacting with fake Microsoft update on laptop at office desk.

Malicious Edge Extension Exploits Native Messaging for Malware Deployment

Beware of malicious Edge extensions that can deploy malware through native messaging, with attackers using social engineering tactics on Microsoft Teams to trick victims into installing fake updates. Once infected, victims are presented with a fake Outlook update page offering three options to deploy the Edgecution malware.

Analyst 207
Blurred cityscape with office workstation and blank computer screen.

MuddyWater Exploits Ransomware Disguise for Cyber Espionage

The line between ransomware attacks and nation-state espionage is rapidly blurring, as cyber groups like MuddyWater now disguise their operations as financially motivated ransomware attacks to further their strategic objectives. MuddyWater, linked to Iran's Ministry of Intelligence and Security, has been caught posing as the Chaos ransomware group in a deliberate campaign.

Analyst 207
People work in a modern lab with a futuristic robotic arm in the foreground.

Agentic AI Reshapes Offensive Operations

Meet the "script kiddie as a service" era, where AI has erased the old skill barrier, allowing attackers with just intent and access to capable tools to launch sophisticated, autonomous attacks. Agentic AI has made it possible for previously unskilled actors to plan and execute campaigns without needing to pull the trigger themselves.

Analyst 207
Cramped, dimly lit room with cluttered desk, laptop, and scattered papers, surrounded by old computer equipment.

Threat Actors Monetize Stolen Credentials with Searchable Underground Services

Cybercriminals are cashing in on stolen credentials with a new breed of underground services that allow buyers to search and purchase specific, verified login details. This emerging market acts as a middleman between hackers who steal sensitive info and those who want to use it to take over accounts.

Analyst 207
Laptop screen shows fake Node.js download page on Google Ads against blurred cityscape.

Malicious Google Ads Deliver CastleStealer via New OXLOADER Malware

Beware of malicious Google ads that can deliver CastleStealer via the new OXLOADER malware, which has shown impressive engineering skills and is worth keeping an eye on. Victims are tricked into downloading fake Node.js versions through ads masquerading as legitimate sources.

Analyst 207
Laptop screen on a desk in a brightly-lit indoor setting with blurred smartphones and tablets in the background.

Malware Campaign Exploits Fake Reviews to Spread Crypto Clipper

A single threat actor cleverly mimicked legitimate brands to spread Crypto Clipper Malware, using fake reviews, tutorial videos, and promotions on trusted platforms to manufacture credibility for a malicious crypto tool. They created a convincing illusion of a trusted product, complete with inflated download counts and coordinated five-star reviews.

Analyst 207
School office with computer workstation and papers, blurred cityscape in background.

ShinyHunters Breach Exposes 137,000 Infinite Campus Staff Accounts

A massive data breach at Infinite Campus has exposed the sensitive information of 137,000 staff members, including names, email addresses, phone numbers, and physical addresses, after the ShinyHunters extortion group hacked into the company's Salesforce instance. The stolen data has been published online, putting staff at risk of identity theft and phishing scams.

Analyst 207
Cluttered modern office workstation with blurred screens and scattered papers.

AI Coding Agents Exposed to Agentjacking Attack

Imagine a sneaky new attack that tricks AI coding assistants into doing an attacker's bidding - without ever touching the victim's infrastructure. This clever hack, dubbed Agentjacking, uses a sneaky sequence of steps to get AI tools to execute malicious code on developers' machines.

Analyst 207
Person examines AI study guide materials with a concerned expression at home desk.

Malware Campaign Exploits AI Demand with Fake Guides and Dev Tools

Cyber attackers are now disguising malware as legitimate AI learning guides and developer tools, tricking professionals into opening malicious files that look like trusted educational content. They've been distributing booby-trapped archives labeled as AI study guides and developer tools, such as fake AI-ready PostgreSQL and agentic coding guides.

Analyst 207
Smartphone with social media interface on screen surrounded by fake software packaging in a dimly lit room.

TikTok Tutorials Spread Vidar Stealer via Fake Software Lures

Cybercriminals are using TikTok and Instagram Reels to spread the Vidar infostealer by disguising it as free software tutorials, tricking viewers into downloading malware. By reporting these accounts, users can help take them down and slow down the attackers' momentum.

Analyst 207
Threat Actors Exploit Microsoft Teams for Phishing Attacks

Threat Actors Exploit Microsoft Teams for Phishing Attacks

Phishing attacks are getting smarter, with threat actors now using trusted platforms like Microsoft Teams to target unsuspecting employees, accounting for 42% of all phishing alerts in just the first four months of 2026. These sneaky messages can land directly in your feed, masquerade as internal IT support, and trick you into taking action with alarming ease.

Analyst 207
Security analysts work at computer stations in a dimly lit operations center.

AI Phishing Overwhelms SOCs, Exposing Gaps in Alert Triage

AI has transformed phishing from a numbers game into a volume machine, allowing attackers to churn out convincing lures in minutes and flood security teams with a tidal wave of alerts to sift through. This overwhelming surge is exposing gaps in alert triage, putting Tier 1 analysts to the test.

Analyst 207
Dental professional looks concerned while viewing laptop in a brightly-lit healthcare setting.

DentaQuest Breach Exposes 2.6M Accounts

A massive data breach at dental benefits provider DentaQuest has exposed a staggering 2.6 million accounts, after hackers stole over 234 GB of sensitive information and released it following failed negotiations with the company.

Analyst 207
Laptop screen displays hacker forum on cluttered desk in home office setting.

Hackers Exploit Gaps in Vulnerability Programs with Simplified Playbook

Meet Hercules, the mastermind behind a notorious underground tutorial that spills the beans on how to turn vulnerability exploitation into cold, hard cash. With a refreshingly blunt approach, Hercules breaks down the process into simple, actionable steps that even novice attackers can follow.

Analyst 207
Cluttered home office workspace with laptop and scattered papers.

Malware Sites Exploit Open-Source Tools in Google Search Results

Malicious websites are masquerading as legitimate open-source and freeware projects, expertly designed to deceive users into downloading malware. With fake portals that mimic trusted sites, complete with real GitHub links and references to upstream resources, it's easy to get caught off guard - until you click that download button.

Analyst 207
Brightly-lit office workstation with browser showing redirect chain and cup.

Google DoubleClick Exploited in Malspam Campaign Delivering DesckVB RAT

Cyber attackers are cleverly using Google's DoubleClick to disguise malicious emails, routing victims through a legitimate domain that often flies under the radar of security tools. By exploiting this trusted platform, hackers can easily trick people into downloading the DesckVB RAT malware.

Analyst 207
Cybersecurity team works in office setting with laptop and blurred screen.

AI-Driven Patching Pressures Redefine Vulnerability Response

The window between patch release and exploitation has dramatically shrunk to just six hours and 40 minutes, leaving organizations scrambling to keep up with increasingly rapid vulnerability response. This alarming trend is fueled by the growing power of large language models that can autonomously discover and even fix vulnerabilities.

Analyst 207
Software development workspace with laptop and papers, subtle coding environment in background.

Red Hat npm Packages Compromised in Supply-Chain Attack

A recent supply-chain attack compromised 32 Red Hat npm packages, affecting 117,000 weekly downloads, after attackers backdoored 96 package versions under the @redhat-cloud-services namespace. The breach occurred when a Red Hat employee's GitHub account was compromised, allowing malicious commits to be pushed.

Analyst 207
Laptop screen shows ChatGPT-like interface with suspicious URL and blurred malware prompt.

Hackers Exploit ChatGPT Features in Malware Phishing Campaigns

Hackers are exploiting ChatGPT's features to create convincing phishing pages that trick victims into downloading malware, using the platform's code-rendering feature to build fake pages that appear legitimate. These attacks cleverly use trusted ChatGPT domains to evade detection, making them harder to spot.

Analyst 207
Person sitting at laptop with browser window open showing fake ChatGPT outage message.

Threat Actors Exploit ChatGPT Sharing Feature to Deliver Malware

Malicious actors are exploiting ChatGPT's sharing feature to spread malware, using convincing fake outage messages to trick users into downloading malicious desktop applications. They even hijacked Google ads to make their scam look legit.

Analyst 207
Retail setting with subtle tech hints, blurred customer service area.

ShinyHunters Breaches Charter, Exposes 4.9M Customer Records

A massive data breach at Charter has exposed a whopping 4.9 million customer records, with hackers from the notorious ShinyHunters group proudly adding the telco to their "trophy shelf" and making sensitive info like names, addresses, and phone numbers publicly available. Charter has downplayed the incident, claiming no sensitive data was taken, but the reality is that millions of customers are now at risk.

Analyst 207