Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
iT4iNT SERVER The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and gov…
Showing posts from November, 2025Show all
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
iT4iNT SERVER The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to inclu…
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
iT4iNT SERVER Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply ch…
Why Organizations Are Turning to RPAM
iT4iNT SERVER As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional perimeter-based…
Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan
iT4iNT SERVER The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2…
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update
iT4iNT SERVER Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks star…
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories
iT4iNT SERVER Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, ther…
Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
iT4iNT SERVER The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages…
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist
iT4iNT SERVER South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the …
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware
iT4iNT SERVER The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbe…
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
iT4iNT SERVER Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult …
ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
iT4iNT SERVER The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target …
CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users
iT4iNT SERVER The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging co…
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
iT4iNT SERVER Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's remin…
Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs
iT4iNT SERVER New research from CrowdStrike has revealed that DeepSeek's artificial intelligence (AI) reasoning model DeepSeek-R1 produces more s…
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
iT4iNT SERVER A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute m…
China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
iT4iNT SERVER The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian infor…
Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
iT4iNT SERVER Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new comman…
Why IT Admins Choose Samsung for Mobile Security
iT4iNT SERVER Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have. Mobile devices are essentia…
SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny
iT4iNT SERVER The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security offic…
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet
iT4iNT SERVER Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI…
Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt
iT4iNT SERVER Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a t…
TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign
iT4iNT SERVER Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a glob…
Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)
iT4iNT SERVER A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by t…
EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates
iT4iNT SERVER The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper…
Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year
iT4iNT SERVER Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to hel…
Learn How Leading Companies Secure Cloud Workloads and Infrastructure at Scale
iT4iNT SERVER You’ve probably already moved some of your business to the cloud—or you’re planning to. That’s a smart move. It helps you work faster, …
Microsoft Mitigates Record 5.72 Tbps DDoS Attack Driven by AISURU Botnet
iT4iNT SERVER Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service (DDoS) attack targeting a …
⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More
iT4iNT SERVER This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we tr…
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
iT4iNT SERVER The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modifi…
Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time
iT4iNT SERVER Google has disclosed that the company's continued adoption of the Rust programming language in Android has resulted in the number o…
RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
iT4iNT SERVER The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could …
Five U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 Companies
iT4iNT SERVER The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea's illic…
Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
iT4iNT SERVER Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) in…
Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns
iT4iNT SERVER Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem …
Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data
iT4iNT SERVER A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the …
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain
iT4iNT SERVER Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functional…
ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories
iT4iNT SERVER Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are gett…
Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform
iT4iNT SERVER Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers wh…
Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws
iT4iNT SERVER Amazon's threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day sec…
Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security
iT4iNT SERVER Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD's importance has grown as companies…
GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites
iT4iNT SERVER The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings …
Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature
iT4iNT SERVER Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's T…
⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
iT4iNT SERVER Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-chann…
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
iT4iNT SERVER Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel mana…
Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic
iT4iNT SERVER Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary w…
Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp
iT4iNT SERVER A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" And…
Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts
iT4iNT SERVER Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts ma…
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
iT4iNT SERVER Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appea…
Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection
iT4iNT SERVER The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions…
