Skip to main content

Tag: threat intelligence

390 articles

Modern tech lab with people working, sleek workstation and laptop in foreground.

AI Empowers Cyberattacks with Operational Efficiency

As AI continues to evolve, it's crucial to treat AI-driven threats as a top priority, using the technology to supercharge their attacks and compress timelines. AI is being used by attackers to automate routine work, streamline reconnaissance, and shorten development cycles, turning what once took days into operations that can be executed in just hours.

Analyst 207
Cluttered workstation with scattered papers, empty cans, and multiple screens displaying code amidst a sense of urgency.

Vulnerabilities Remain Unaddressed Despite Swift Remediation Efforts

Malicious npm packages have skyrocketed 451% year-over-year, highlighting a disturbing trend where old vulnerabilities continue to resurface and supply-chain abuse is scaling rapidly, putting organizations at risk. Despite swift remediation efforts, many critical vulnerabilities remain unaddressed.

Analyst 207
AI Fuels End-to-End Cyberattacks With Expanded Role Across Intrusion Stages

AI Fuels End-to-End Cyberattacks With Expanded Role Across Intrusion Stages

Criminal groups are now using AI as the main driver behind massive cyberattacks, breaching government agencies and carrying out thousands of commands with minimal human oversight. This marks a significant shift from AI as a supporting tool to a primary operator in end-to-end cyberattacks.

Analyst 207
People stand on a beach with a subtle network infrastructure pattern in the background.

Varonis Launches Breach at the Beach, a Hands-On Entra ID Training Experience

Get ready to dive into the world of Entra ID with Varonis' immersive Breach at the Beach training experience, where you'll learn to navigate the complex control plane that connects users, applications, and AI-powered workflows. Discover how to defend against threats that exploit non-human identities and automate breaches.

Analyst 207
System administrator working in server room with laptop displaying system interface.

Microsoft Uncovers GigaWiper Backdoor with Ransomware, Wiping Capabilities

Microsoft has uncovered a highly destructive backdoor, dubbed GigaWiper, which combines ransomware and wiping capabilities, marking a concerning shift in the evolution of wiper malware. This modular threat can both extort and destroy, posing significant real-world consequences.

Analyst 207
Server room with rows of equipment and one exposed server in the foreground.

Exposed Server Unveils WP-SHELLSTORM's Massive WordPress Backdoor Operation

For 22 days, a US-based server sat exposed on the public internet with no password, revealing a massive WordPress backdoor operation that targeted over 1.4 million domains. The astonishing discovery included scans, exploits, and command history, giving a rare glimpse into the playbook of a notorious hacking group.

Analyst 207
Government office interior with concerned officials in a public records room.

US County Pays $1M to Cyber Extortionists Amid Data Leak Threat

A US county recently made a shocking decision to pay $1 million to cyber extortionists, despite lacking concrete proof that the hackers had deleted the stolen data, after a month-long negotiation that began with a hefty demand of $3 million. The extortion group, Kairos, had threatened to leak sensitive information, prompting the county to make a counteroffer that was ultimately outweighed by the threat.

Analyst 207
Cluttered home office desk with a lit computer terminal.

GitHub Accounts Used to Map Corporate Orgs in Stealthy Campaigns

Cyber attackers are using sneaky tactics, leveraging old or compromised GitHub accounts, to secretly map out corporate organizations and steal sensitive data. They're exploiting loopholes with automated tools and stolen tokens to quietly gather intel from GitHub APIs.

Analyst 207
Cybersecurity team discusses around a conference table in a modern operations room.

Vulnerability Management Faces Patch Apocalypse Amid AI-Driven Discovery Surge

The AI-driven discovery surge is creating a perfect storm in vulnerability management, with nearly 48,000 CVEs published in 2025 alone, and a growing mismatch between rapid vulnerability discovery and slower human-led remediation. This has given rise to the "Patch Apocalypse," where the scale, speed, and exploitability of vulnerabilities are outpacing traditional patching approaches.

Analyst 207
Unix-era computer terminal in a clean lab setting with coding interface and subtle file system hint.

AI Coding Agents Expose Unix-Era Security Flaw

A clever trick that exploits a long-standing Unix security flaw, dubbed GhostApproval, can bypass human approvals in AI coding assistants, rendering consent meaningless. By manipulating a harmless-looking project file, attackers can secretly alter sensitive system settings.

Analyst 207
Concerned business owner sits at desk, scrutinizing suspicious email on smartphone.

Meta Disrupts Phishing Campaign Targeting Facebook Business Users

Watch out for phishing scams targeting Facebook Business users - red flags include broken graphics, suspicious links, and unsolicited emails promising exciting opportunities. Experts warn that cybercriminals are getting sneaky, using legitimate-looking emails and Messenger chatbots to trick victims into taking action.

Analyst 207
Rows of computer servers and storage equipment in a modern data center.

AI-Powered Ransomware Targets Victims with Autonomous Attacks

Imagine a ransomware attack that can think and act on its own - that's what Sysdig researchers recently observed, as an AI agent autonomously carried out a complex extortion operation with alarming speed and efficiency. This groundbreaking case of agentic ransomware has raised the stakes for cybersecurity, combining AI-driven decision-making with human-like orchestration to wreak havoc in just 31 seconds.

Analyst 207
Government building in Tel Aviv with people walking nearby, hint of cyber threat in background.

Iran-Linked Cavern Manticore Targets Israel with Modular Cyber Attacks

Meet Cavern Manticore, a highly skilled and disciplined cyber threat group with ties to Iran, targeting Israel's defense and government sectors with modular attacks. Their sophisticated tactics have allowed them to infiltrate organizations with alarming speed and precision.

Analyst 207
Laptop screen displays innocuous webpage with subtle hidden code in background.

Web Content Conceals Hidden Instructions Targeting AI Agents

As AI agents increasingly interact with the web, hidden instructions embedded in online content can be manipulated to perform unintended actions, posing a new threat to users. Researchers have uncovered real-world campaigns that use indirect prompt injection to steer AI agents into carrying out malicious tasks.

Analyst 207
Security team member overwhelmed by paperwork and notes, staring at laptop screen with blurred vulnerability list.

AI Exacerbates Vulnerability Prioritization Crisis

The irony of AI-powered vulnerability discovery is that it's creating an overwhelming crisis: despite spotting weaknesses at unprecedented speed and scale, organizations are no safer - just more inundated. The harsh truth is that a vulnerability is just a clue, not risk, and the real challenge lies in prioritizing and assessing true threats.

Analyst 207
Technicians investigate a large screen displaying a map of the internet in a network operations center with rows of servers…

Google and FBI dismantle 2-million device NetNut botnet

In a major win for cybersecurity, Google and the FBI have joined forces to dismantle the massive NetNut botnet, a network of 2 million devices used by cybercriminals and espionage groups to hide their malicious activities. This significant disruption is the latest in a series of efforts to take down tools used to conceal online threats.

Analyst 207
Cramped warehouse storage area with industrial computer equipment and tangled cables.

Ransomware Gang Exploits Supply Chain Attacks in New Partnership

Ransomware gangs are now operating like businesses, forming partnerships to supercharge their attacks - and a new alliance between Vect and TeamPCP is a prime example, combining massive credential theft with devastating ransomware-as-a-service operations. This unprecedented pairing puts organizations directly in the crosshairs.

Analyst 207
Home network setup with disrupted connections and erratic router lights.

FBI and Google Disrupt NetNut Proxy Network Used by Cyber Threat Actors

In a major win for cybersecurity, the FBI and Google have joined forces to dismantle the notorious NetNut proxy network, a go-to tool for cyber threat actors. This disruption has significantly reduced the network's capacity, cutting the available pool of devices by millions.

Analyst 207
Living room with smart TV and streaming box, cityscape visible through window.

Google Disrupts Massive NetNut Residential Proxy Network

Google's Threat Intelligence Group has made a significant dent in the massive NetNut residential proxy network, estimated to comprise at least 2 million home devices worldwide, by partnering with the FBI, Lumen, and other allies to reduce its pool of usable devices by millions. This disruption targeted a network used by both cybercriminal and espionage groups.

Analyst 207
Empty corporate IT room with server racks and workstations, one out-of-focus laptop screen visible.

Kaspersky Compromise Assessments Reveal Persistent Detection Gaps

Kaspersky's 2025 Compromise Assessment analysis reveals a shocking truth: 60% of incidents go undetected due to a lack of reliable alerts from existing tools, while manual detection accounts for only 20% of discovered threats. This blind spot allows threats to hide for alarmingly long periods, with 30.8% of incidents having a dwell time of over three months.

Analyst 207
Rows of equipment racks and servers in a brightly-lit, neutral-colored server room.

Oracle Exploit Spotted in Wild Ahead of Proof-of-Concepts

A critical Oracle vulnerability, CVE-2026-46817, with a 9.8 severity rating is being exploited in the wild, just days before a proof-of-concept was expected to be released. The attacks, detected by threat intelligence firm Defused, appear to be more like reconnaissance tests than targeted campaigns, with six attempts logged from a single IP address within a two-hour window.

Analyst 207
Laptop on cluttered desk shows ransomware warning on browser window.

AI Model DeepSeek Enables Browser-Only Ransomware With Simple Prompts

Researchers have uncovered a concerning trend: nearly half of the files generated by the DeepSeek AI model - over 1,300 out of 3,000 - have been flagged as malicious or dangerous, including some that can launch browser-only ransomware with just a few simple prompts.

Analyst 207
Brightly-lit office setting with computers and network equipment in the background.

Hackers Exploit Microsoft 365 Flaws with 81 Million Login Attempts

In just two weeks, a massive password-spraying campaign racked up over 81 million login attempts, compromising 78 Microsoft 365 accounts across 64 organizations and highlighting a dramatic surge in cyber threats. This alarming trend saw a 155-fold increase in attacks, with organizations now facing an average of 1,964 failed login attempts per month.

Analyst 207
Cybersecurity workstation with laptop and threat intelligence reports nearby.

Criminal IP Enhances OpenCTI with Contextual Threat Intelligence Integration

Unlock the full potential of your threat intelligence with Criminal IP's integration with OpenCTI, providing rich contextual insights to supercharge investigation, correlation, and decision-making. By adding dual-perspective risk scoring, analysts gain a more nuanced view of IP risks, with separate signals for inbound and outbound threats.

Analyst 207