Tag: threat intelligence
390 articles

AI Empowers Cyberattacks with Operational Efficiency
As AI continues to evolve, it's crucial to treat AI-driven threats as a top priority, using the technology to supercharge their attacks and compress timelines. AI is being used by attackers to automate routine work, streamline reconnaissance, and shorten development cycles, turning what once took days into operations that can be executed in just hours.

Vulnerabilities Remain Unaddressed Despite Swift Remediation Efforts
Malicious npm packages have skyrocketed 451% year-over-year, highlighting a disturbing trend where old vulnerabilities continue to resurface and supply-chain abuse is scaling rapidly, putting organizations at risk. Despite swift remediation efforts, many critical vulnerabilities remain unaddressed.

AI Fuels End-to-End Cyberattacks With Expanded Role Across Intrusion Stages
Criminal groups are now using AI as the main driver behind massive cyberattacks, breaching government agencies and carrying out thousands of commands with minimal human oversight. This marks a significant shift from AI as a supporting tool to a primary operator in end-to-end cyberattacks.

Varonis Launches Breach at the Beach, a Hands-On Entra ID Training Experience
Get ready to dive into the world of Entra ID with Varonis' immersive Breach at the Beach training experience, where you'll learn to navigate the complex control plane that connects users, applications, and AI-powered workflows. Discover how to defend against threats that exploit non-human identities and automate breaches.

Microsoft Uncovers GigaWiper Backdoor with Ransomware, Wiping Capabilities
Microsoft has uncovered a highly destructive backdoor, dubbed GigaWiper, which combines ransomware and wiping capabilities, marking a concerning shift in the evolution of wiper malware. This modular threat can both extort and destroy, posing significant real-world consequences.

Exposed Server Unveils WP-SHELLSTORM's Massive WordPress Backdoor Operation
For 22 days, a US-based server sat exposed on the public internet with no password, revealing a massive WordPress backdoor operation that targeted over 1.4 million domains. The astonishing discovery included scans, exploits, and command history, giving a rare glimpse into the playbook of a notorious hacking group.

US County Pays $1M to Cyber Extortionists Amid Data Leak Threat
A US county recently made a shocking decision to pay $1 million to cyber extortionists, despite lacking concrete proof that the hackers had deleted the stolen data, after a month-long negotiation that began with a hefty demand of $3 million. The extortion group, Kairos, had threatened to leak sensitive information, prompting the county to make a counteroffer that was ultimately outweighed by the threat.

GitHub Accounts Used to Map Corporate Orgs in Stealthy Campaigns
Cyber attackers are using sneaky tactics, leveraging old or compromised GitHub accounts, to secretly map out corporate organizations and steal sensitive data. They're exploiting loopholes with automated tools and stolen tokens to quietly gather intel from GitHub APIs.

Vulnerability Management Faces Patch Apocalypse Amid AI-Driven Discovery Surge
The AI-driven discovery surge is creating a perfect storm in vulnerability management, with nearly 48,000 CVEs published in 2025 alone, and a growing mismatch between rapid vulnerability discovery and slower human-led remediation. This has given rise to the "Patch Apocalypse," where the scale, speed, and exploitability of vulnerabilities are outpacing traditional patching approaches.

AI Coding Agents Expose Unix-Era Security Flaw
A clever trick that exploits a long-standing Unix security flaw, dubbed GhostApproval, can bypass human approvals in AI coding assistants, rendering consent meaningless. By manipulating a harmless-looking project file, attackers can secretly alter sensitive system settings.

Meta Disrupts Phishing Campaign Targeting Facebook Business Users
Watch out for phishing scams targeting Facebook Business users - red flags include broken graphics, suspicious links, and unsolicited emails promising exciting opportunities. Experts warn that cybercriminals are getting sneaky, using legitimate-looking emails and Messenger chatbots to trick victims into taking action.

AI-Powered Ransomware Targets Victims with Autonomous Attacks
Imagine a ransomware attack that can think and act on its own - that's what Sysdig researchers recently observed, as an AI agent autonomously carried out a complex extortion operation with alarming speed and efficiency. This groundbreaking case of agentic ransomware has raised the stakes for cybersecurity, combining AI-driven decision-making with human-like orchestration to wreak havoc in just 31 seconds.

Iran-Linked Cavern Manticore Targets Israel with Modular Cyber Attacks
Meet Cavern Manticore, a highly skilled and disciplined cyber threat group with ties to Iran, targeting Israel's defense and government sectors with modular attacks. Their sophisticated tactics have allowed them to infiltrate organizations with alarming speed and precision.

Web Content Conceals Hidden Instructions Targeting AI Agents
As AI agents increasingly interact with the web, hidden instructions embedded in online content can be manipulated to perform unintended actions, posing a new threat to users. Researchers have uncovered real-world campaigns that use indirect prompt injection to steer AI agents into carrying out malicious tasks.

AI Exacerbates Vulnerability Prioritization Crisis
The irony of AI-powered vulnerability discovery is that it's creating an overwhelming crisis: despite spotting weaknesses at unprecedented speed and scale, organizations are no safer - just more inundated. The harsh truth is that a vulnerability is just a clue, not risk, and the real challenge lies in prioritizing and assessing true threats.

Google and FBI dismantle 2-million device NetNut botnet
In a major win for cybersecurity, Google and the FBI have joined forces to dismantle the massive NetNut botnet, a network of 2 million devices used by cybercriminals and espionage groups to hide their malicious activities. This significant disruption is the latest in a series of efforts to take down tools used to conceal online threats.

Ransomware Gang Exploits Supply Chain Attacks in New Partnership
Ransomware gangs are now operating like businesses, forming partnerships to supercharge their attacks - and a new alliance between Vect and TeamPCP is a prime example, combining massive credential theft with devastating ransomware-as-a-service operations. This unprecedented pairing puts organizations directly in the crosshairs.

FBI and Google Disrupt NetNut Proxy Network Used by Cyber Threat Actors
In a major win for cybersecurity, the FBI and Google have joined forces to dismantle the notorious NetNut proxy network, a go-to tool for cyber threat actors. This disruption has significantly reduced the network's capacity, cutting the available pool of devices by millions.

Google Disrupts Massive NetNut Residential Proxy Network
Google's Threat Intelligence Group has made a significant dent in the massive NetNut residential proxy network, estimated to comprise at least 2 million home devices worldwide, by partnering with the FBI, Lumen, and other allies to reduce its pool of usable devices by millions. This disruption targeted a network used by both cybercriminal and espionage groups.

Kaspersky Compromise Assessments Reveal Persistent Detection Gaps
Kaspersky's 2025 Compromise Assessment analysis reveals a shocking truth: 60% of incidents go undetected due to a lack of reliable alerts from existing tools, while manual detection accounts for only 20% of discovered threats. This blind spot allows threats to hide for alarmingly long periods, with 30.8% of incidents having a dwell time of over three months.

Oracle Exploit Spotted in Wild Ahead of Proof-of-Concepts
A critical Oracle vulnerability, CVE-2026-46817, with a 9.8 severity rating is being exploited in the wild, just days before a proof-of-concept was expected to be released. The attacks, detected by threat intelligence firm Defused, appear to be more like reconnaissance tests than targeted campaigns, with six attempts logged from a single IP address within a two-hour window.

AI Model DeepSeek Enables Browser-Only Ransomware With Simple Prompts
Researchers have uncovered a concerning trend: nearly half of the files generated by the DeepSeek AI model - over 1,300 out of 3,000 - have been flagged as malicious or dangerous, including some that can launch browser-only ransomware with just a few simple prompts.

Hackers Exploit Microsoft 365 Flaws with 81 Million Login Attempts
In just two weeks, a massive password-spraying campaign racked up over 81 million login attempts, compromising 78 Microsoft 365 accounts across 64 organizations and highlighting a dramatic surge in cyber threats. This alarming trend saw a 155-fold increase in attacks, with organizations now facing an average of 1,964 failed login attempts per month.

Criminal IP Enhances OpenCTI with Contextual Threat Intelligence Integration
Unlock the full potential of your threat intelligence with Criminal IP's integration with OpenCTI, providing rich contextual insights to supercharge investigation, correlation, and decision-making. By adding dual-perspective risk scoring, analysts gain a more nuanced view of IP risks, with separate signals for inbound and outbound threats.