Tag: EMAIL

Silk Typhoon Targeting IT Supply Chain
Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…
Read More
Malvertising Campaign Leads to Info Stealers Hosted on GitHub
In December 2024, a widespread malvertising campaign was discovered that affected nearly a million devices globally, originating from illegal streaming websites embedded with malicious advertisements. The attack involved a series of redirections leading to GitHub, Dropbox, and Discord, where malware was hosted. This campaign targeted various sectors indiscriminately, highlighting the need for enhanced security measures across devices and networks.…
Read More
Phishing campaign impersonates Booking dot com delivers a suite of credential stealing malware
A phishing campaign impersonating Booking.com has been identified targeting organizations within the hospitality sector, particularly in relation to travel. Using the ClickFix social engineering technique, this campaign seeks to steal credentials and engage in financial fraud, affecting various regions including North America and Europe. Affected: hospitality industry, Booking.com…
Read More
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor
In August 2024, ESET researchers uncovered cyberespionage activities by the MirrorFace APT group targeting a Central European diplomatic institute related to Expo 2025 in Osaka, Japan. This marks the first instance of MirrorFace infiltrating a European entity, showcasing new tactics and tools, including the backdoor ANEL and a customized variant of AsyncRAT.…
Read More
Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation
This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…
Read More
Unraveling Time: A Deep Dive into TTD Instruction Emulation Bugs
This article delves into Microsoft’s Time Travel Debugging (TTD) framework, emphasizing the importance of accurate CPU instruction emulation for reliable debugging and security analysis. It highlights various emulation bugs discovered within TTD that could mislead investigations and emphasizes the need for continuous improvements to maintain the integrity of investigative tools.…
Read More
BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique
The article discusses the increasing threat of Browser in the Middle (BitM) attacks which allow adversaries to compromise user sessions across various web applications swiftly. While multi-factor authentication (MFA) is critical for security, sophisticated social engineering tactics can successfully bypass it by targeting session tokens. To combat these threats, organizations are urged to implement robust defenses such as hardware-based MFA, client certificates, and FIDO2.…
Read More
Capture the Flag: A Cybersecurity Challenge with Cado
Cado Security’s Capture the Flag (CTF) challenges provide cybersecurity professionals with an immersive environment to enhance their skills in cloud security, focusing on real-world threats like the Romanian actor DIICOT. Participants utilize the Cado Platform to learn investigation techniques, explore AWS vulnerabilities, and engage with cutting-edge forensic tools while addressing modern cloud security challenges.…
Read More
Cyberattackers Prey on Health Fears in Sophisticated Phishing Campaign
Summary: A new report from JUMPSEC’s DART team reveals a disturbing trend of cybercriminals exploiting health fears through sophisticated phishing attacks. The report outlines how attackers used enticing health-related emails to deceive victims into providing sensitive information, employing multi-stage tactics to enforce these scams. Investigations into the infrastructure of the attackers revealed connections to poorly-reputed networks and the use of legitimate platforms to mask phishing activities.…
Read More
New XCSSET Malware Adds New Obfuscation and Persistence Techniques to Infect Xcode Projects | Microsoft Security Blog
A new variant of XCSSET malware has been discovered, which is specifically designed to infect macOS Xcode projects. This sophisticated malware utilizes advanced obfuscation, updated persistence techniques, and novel infection strategies to exfiltrate sensitive information, including digital wallet data. It operates in a stealthy manner, often remaining fileless, which complicates detection and removal efforts.…
Read More
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | Microsoft Security Blog
In November 2024, Microsoft Incident Response uncovered StilachiRAT, a remote access trojan that employs sophisticated evasion techniques and data exfiltration capabilities, targeting sensitive information such as credentials, digital wallet data, and clipboard contents. StilachiRAT establishes command-and-control connectivity with remote servers, and Microsoft has issued guidance to bolster defenses against this growing threat.…
Read More
Cyberattack Disrupts Nursing Home Management in Mönchengladbach, Germany

Date Reported: 2025-03-17 Country: DEU | Germany Victim: Sozial-Holding Mönchengladbach | Sozial-Holding Mönchengladbach Website: sozial-holding.de Information :Hackers launched a cyberattack against the management of nursing homes in the city of Mönchengladbach, Germany. The attack left the computer systems out of service. Six nursing homes and the company’s headquarters are currently inaccessible by phone and email.…
Read More
SingCERT Alerts Public on Fraudulent Emails Impersonating CSA and SPF
Summary: The Singapore Cyber Emergency Response Team (SingCERT) has alerted the public about a surge in fraudulent emails where scammers impersonate officials from the Cyber Security Agency of Singapore (CSA) and the Singapore Police Force (SPF). These emails falsely claim that the recipients are involved in illegal activities, pressuring them to respond swiftly under the threat of severe consequences.…
Read More
Major Cyber Attacks in Review: February 2025
In February 2025, multiple significant cyber incidents revealed ongoing risks across various industries worldwide. Notable attacks included the Qilin ransomware incident at Lee Enterprises, which disrupted media distribution, and a .5 billion cryptocurrency theft attributed to North Korea’s Lazarus Group. Breaches at DISA Global Solutions, Orange, and LANIT highlighted severe vulnerabilities in finance, telecom, healthcare, media, and government sectors.…
Read More
Microsoft 365 Targeted in New Phishing, Account Takeover Attacks
Summary: Security researchers have identified new phishing campaigns that exploit Microsoft 365, utilizing both legitimate domains and tenant misconfigurations to facilitate account takeovers. These attacks leverage various tactics, including brand impersonation and OAuth redirection, making them difficult to detect. The campaigns heavily rely on modifying organization names and creating misleading communication channels to mislead victims and steal credentials.…
Read More
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More