Tag: threat intelligence
390 articles

Microsoft Warns AI Adoption Exposes Organizations to New Malware Threats
Microsoft's senior security researcher warns that the AI tools making our jobs easier can also be exploited by threat actors, highlighting a new and urgent risk for organizations to manage. As AI adoption grows, companies must recognize it as both a valuable asset and a potential attack surface that requires careful protection.

China-Linked TA4922 Expands Phishing Attacks Globally
Meet TA4922, a China-linked group rapidly expanding its phishing attacks worldwide, with a financially motivated agenda to infiltrate and exploit victim environments for data theft, fraud, and more. This threat actor is now targeting organizations globally, from the UK to Germany, Italy, and South Africa.

Defensive Cyber Evolves to Counter AI-Driven Threats
The cyber threat landscape is undergoing a seismic shift, with AI-driven attacks now unfolding at a breathtaking pace and scale that traditional defenses can't keep up with. This exponential explosion of attacks is ratcheting up the stakes for data availability and integrity, and it's only getting worse.

AI-Driven Exploitation Forces New Vulnerability Management Tactics
The threat landscape has changed: vulnerabilities are now being discovered, exploited, and weaponized in a matter of hours, leaving defenders scrambling to keep up. With AI-driven attacks accelerating, it's clear that traditional vulnerability management tactics just aren't fast enough.

Threat Intelligence Fails to Bridge Business Risk Gap
Threat intelligence falls short when it doesn't drive informed decision-making, often leaving a gap between analyst findings and senior leaders' priorities. Silobreaker and the SANS Institute are bridging this gap with a new study that explores how to turn threat intelligence into actionable business risk strategies.

Faster Vulnerability Alerts Disrupt Cyberattack Window
The time it takes for attackers to exploit a newly disclosed vulnerability has dramatically shrunk to just 1.6 days - leaving organizations scrambling to respond. In today's lightning-fast threat landscape, staying ahead of vulnerability alerts is crucial to preventing devastating cyberattacks.

ESET Exposes BTMOB Android Malware Service
Meet BTMOB, a sneaky Android malware that's being sold as a subscription service - think $700/month or a one-time $5,000 fee for a lifetime license - making it easy for anyone to become a cyber threat actor. This malware-as-a-service platform even comes with a user-friendly APK builder, requiring zero coding skills.

Cyber Extortion Economy Shifts Away From Ransomware Encryption
The cyber extortion landscape is undergoing a seismic shift, with threat actors ditching ransomware encryption in favor of data-only extortion - and they're moving at lightning speed, with one case seeing data exfiltration in just 39 seconds. This trend is driven by improved backup and recovery methods, leaving attackers to focus on stealing sensitive data.

SOCs Shut Down Incident Risks with Proactive Threat Detection
Stay ahead of incident risks with proactive threat detection from ANY.RUN's Threat Intelligence Feeds, which deliver a continuous stream of high-confidence threat data from a vast network of organizations and SOC professionals. By shrinking the time between detection and understanding, modern Security Operations Centers (SOCs) can effectively shut down threats before they cause harm.

CrowdStrike Disrupts GlassWorm Malware's Global Supply Chain Attack Infrastructure
In a major win for cybersecurity, CrowdStrike teamed up with Google and the Shadowserver Foundation to dismantle the global infrastructure behind the GlassWorm malware attack, crippling its ability to issue commands or deliver new payloads to infected machines. This coordinated operation targeted and neutralized the malware's command-and-control channels, protecting software developers from further exploitation.

Agentic AI Tames Network Detection's Alert Firehose
Imagine sifting through 847 network anomalies daily - that's like trying to find a needle in a haystack! With agentic AI triage, that overwhelming number is dramatically reduced to just 4 prioritized detections, complete with the evidence and suggested actions analysts need to take swift and effective action.

Fraudsters Target F1 Fans with Fake Streams, Counterfeit Merch Scams
When it comes to motorsports, speed is a double-edged sword - while the action is fast-paced and thrilling, it also creates opportunities for scammers to strike, as noted by Bogdan Botezatu, senior director of threat research at Bitdefender. Cybercriminals are now targeting F1 fans with fake streams and counterfeit merch scams, making it essential for fans to stay vigilant.

Cyber Thieves Exploit SEO to Spread Infostealers via Fake AI Sites
Cyber thieves are using clever SEO tricks to spread infostealers through fake AI sites, targeting enterprise users and developer workstations with a potent mix of imitation and in-memory malware. This brief but potent campaign has been meticulously planned, with malicious domains deployed as early as March 2026.

Microsoft Disrupts Malware-Signing Service Used in Ransomware Attacks
Microsoft swooped in to shut down a notorious malware-signing service, seizing the website signspace.cloud and taking down hundreds of virtual machines used to fuel ransomware attacks. This bold move, dubbed OpFauxSign, crippled a key operation run by the threat actor Fox Tempest, which had been using Microsoft's own system against them since May 2025.

Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs
Microsoft cracked down on a notorious malware-signing service used by ransomware gangs, disrupting the operations of Fox Tempest, a financially motivated group that generated millions of dollars in profits by selling trust to cybercriminals. The group had created over 1,000 code-signing certificates and hundreds of Azure tenants to support its industrial-scale scheme.

Trapdoor Android Ad Fraud Scheme Exposes 455 Malicious Apps
Meet Trapdoor, a massive Android ad fraud scheme that used 455 malicious apps to generate a staggering 659 million daily bid requests, fueling a self-sustaining machine that turned innocent installs into big bucks. This complex operation was uncovered by HUMAN's Satori Threat Intelligence and Research Team, shedding light on a pipeline for multi-stage fraud.

Torq Bolsters AI-Powered Security with Jit Context Graph Acquisition
Torq supercharges its AI-powered security with the acquisition of Jit's innovative context graph technology, enabling real-time understanding of business relationships between assets and alerts. This game-changing integration helps Torq deliver smarter, more effective security solutions.

AI Agents Expose Blind Spots in APAC Enterprise Security
Attackers are now targeting AI agents embedded within APAC enterprises, exploiting weaknesses in non-human identities to gain access to sensitive systems, data, and workflows. This emerging threat highlights a significant blind spot in enterprise security, one that's ripe for exploitation by malicious actors.

AI-Powered Bug Reports Overwhelm Security Teams
GitHub is overhauling its bug report system after being inundated with AI-generated submissions that are often incomplete, unrealistic, or redundant, making it tough for security teams to keep up. The platform is tightening its definition of a "complete" bug report to help separate signal from noise.

Bitdefender Exposes Hidden Attack Surface in Trusted Tools
Did you know that 84% of high-severity incidents involve the abuse of trusted tools, making them nearly invisible to traditional security measures? This shocking statistic highlights the alarming ease with which attackers can hide in plain sight, using legitimate tools against you.

AI-Developed Zero-Day Exploit Exposes New Threats
Google's discovery of the first AI-generated zero-day exploit is a game-changer, revealing a new level of threat sophistication. This historic finding shows that AI can now be used not just to identify vulnerabilities, but to create and deploy malicious code.

Remediation Programs Often Fail to Validate Fixes
The alarming truth is that remediation programs often fall short, with a staggering mismatch between the speed of exploits and fixes - Mandiant's report reveals a mean time to exploit of just -7 days, while Verizon's data shows a median remediation time of 32 days.

Google Exposes AI-Built Zero-Day Threat That Nearly Sparked Mass Attack
The game-changing moment came when a zero-day threat, nearly sparking a mass attack, was uncovered - and forensic evidence revealed its exploit code was astonishingly built by an AI model. This breakthrough highlights how AI is revolutionizing exploit development, making it faster and more accessible to malicious actors.

Security Teams Overlook AI-Driven Threats in Cloud Risk Management
Stay ahead of the threats: are you managing cloud risk effectively, or is it still siloed and vulnerable to AI-driven attacks? Recent research from Google Threat Intelligence Group reveals a new wave of AI-augmented operations that are scaling and accelerating compromises.