Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection," Microsoft said in a … [Read more...] about Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
attacks
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
Mar 26, 2025Ravie LakshmananMalware / Vulnerability The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a … [Read more...] about New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis. "More than 1,600 victims were affected … [Read more...] about Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
How Industry Leaders are Stopping Identity Attacks
The CrowdStrike 2025 Global Threat Report highlights the ongoing threat of identity-based attacks. Adversaries are increasingly exploiting stolen credentials to evade detection, and 79% of detections overall were classified as malware-free. Valid account abuse became the primary initial access method in 35% of cloud intrusions. The report also shares that access broker … [Read more...] about How Industry Leaders are Stopping Identity Attacks
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Mar 05, 2025Ravie LakshmananNetwork Security / Data Breach The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That's according to new findings from the Microsoft … [Read more...] about China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Mar 03, 2025Ravie LakshmananCloud Security / Email Security Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), … [Read more...] about Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations
Feb 27, 2025Ravie LakshmananMalware / Threat Intelligence A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country's National Taxation Bureau. The campaign, detected last month by Fortinet FortiGuard Labs, marks a departure from previous attack chains that have leveraged malicious game-related … [Read more...] about Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations
Your Endpoint Is Secure Against AI Supply Chain Attacks
The recent emergence of powerful open-source AI models like DeepSeek has sent many enterprises scrambling to block access per their security policies. While AI teams increasingly turn to open repositories to leverage free and highly capable models like DeepSeek, security teams face mounting pressure to prevent unrestricted downloading of artifacts from untrusted sources. The … [Read more...] about Your Endpoint Is Secure Against AI Supply Chain Attacks
New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
Feb 18, 2025Ravie LakshmananVulnerability / Network Security Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat … [Read more...] about New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Feb 14, 2025Ravie LakshmananBrowser Security / Cryptocurrency The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an … [Read more...] about Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks