Tag: cybersecurity

26 Attack Reports | 0 Vulnerabilities

Attack reports

The Hidden Dangers of Calendar Subscriptions: 4 Million Devices at Risk

Bitsight researchers uncovered a significant security risk associated with calendar subscriptions, potentially affecting 4 million devices. Expired or hijacked domains hosting calendar subscriptions can be exploited for large-scale social engineering attacks. The research revealed two types of sync…
ios
social engineering
macos
cybersecurity
CVE-2025-27915
push notifications
2025-11-26
balada injector
calendar subscriptions
expired domains
Published: November 26, 2025
Linked vulnerabilities : CVE-2025-27915 (CVSS 5.4)
Downloadable IOCs: 22

It's not personal, it's just business

Advances in agentic AI are transforming the cyber crime landscape, allowing AI agents to autonomously execute routine activities through APIs. This technology brings efficiencies to both legitimate and criminal economies, potentially lowering barriers to entry for less skilled actors. The discovery…
cybersecurity
threat landscape
2025-11-21
force enabler
cyber crime
honeypot systems
defensive strategies
ai-orchestrated campaign
agentic ai
Published: November 21, 2025
Downloadable IOCs: 5

How AI Is Fueling a New Wave of Black Friday Scams

AI tools are enabling cybercriminals to create sophisticated Black Friday scams, including realistic phishing emails, cloned websites, and fake social media ads. Common tactics involve impersonating trusted brands like Amazon and Temu, offering unrealistic discounts on luxury goods, and exploiting …
phishing
social engineering
ai
cybersecurity
scams
e-commerce
black friday
2025-11-15
luxury goods
Published: November 15, 2025
Downloadable IOCs: 15

Remember, remember the fifth of November

The article discusses the historical significance of November 5th in the UK, known as Bonfire Night or Guy Fawkes Night. It recounts the failed Gunpowder Plot of 1605, where conspirators attempted to assassinate King James I by blowing up the House of Lords. The plot was foiled due to an anonymous …
hacktivism
cybersecurity
threat intelligence
uk
history
2025-11-07
gunpowder plot
guy fawkes
Published: November 7, 2025
Downloadable IOCs: 0

Loophole allows threat actors to claim VS Code extension names

A loophole in VS Code Marketplace allows malicious actors to reuse names of removed extensions. ReversingLabs discovered this vulnerability after finding a malicious extension with the same name as one previously identified. The platform's documentation states that extension names must be unique, b…
vulnerability
open-source
cybersecurity
extension
vs code
software supply chain
2025-08-29
loophole
package names
Published: August 29, 2025
Downloadable IOCs: 0

Link up, lift up, level up

This report emphasizes the importance of community in the cybersecurity profession, reflecting on experiences at Black Hat USA 2025 and DEF CON 33. It highlights the value of these events for learning and networking, but also acknowledges their high costs and potential inaccessibility for many. The…
ransomware
cybersecurity
vulnerabilities
education
2025-08-28
promptlock
networking
conferences
community
professional development
CVE-2025-48384
Published: August 28, 2025
Downloadable IOCs: 0

'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan

A new ransomware strain called 'Blue Locker' is targeting Pakistan's oil and gas sector, particularly affecting Pakistan Petroleum Limited. The National Cyber Emergency Response Team (NCERT) has issued warnings to 39 key ministries and institutions about this severe threat. The ransomware, which sh…
phishing
ransomware
pakistan
encryption
cybersecurity
2025-08-15
oil and gas
ncert
proton
shinra
blue locker
Published: August 15, 2025
Downloadable IOCs: 0

Defending Against ToolShell: SharePoint's Latest Critical Vulnerability

A critical zero-day vulnerability named ToolShell (CVE-2025-53770) has been discovered in on-premises SharePoint Server deployments. This vulnerability allows unauthenticated remote code execution, posing a significant threat to organizations worldwide. SentinelOne has detected active exploitation …
vulnerability
zero-day
cybersecurity
remote code execution
threat detection
sharepoint
patch
CVE-2025-53770
toolshell
2025-07-23
Published: July 23, 2025
Downloadable IOCs: 2

A message from the mechanical shark

Bruce, the mechanical shark from Jaws, reflects on his role in the iconic film 50 years later. He shares insights on the challenges faced during filming due to unpredictable ocean conditions, drawing parallels to cybersecurity. Bruce emphasizes the importance of overpreparing, maintaining perspecti…
phishing
cybersecurity
brand impersonation
cisco talos
2025-07-06
email threats
jaws
pdf payloads
Published: July 6, 2025
Downloadable IOCs: 7

Steam Phishing: Popular as Ever

A recent phishing campaign targeting Steam users has been identified, involving deceptive messages sent through the platform's Friends list. The attackers use fraudulent URLs that closely mimic Steam's official domain, directing users to a fake 'Summer Gift Marathon' page. Upon logging in, users' c…
phishing
social engineering
credential theft
fraud
cybersecurity
gaming
steam
2025-06-20
Published: June 20, 2025
Downloadable IOCs: 31

GitHub's Dark Side: Unveiling Malware Disguised as Cracks, Hacks, and Crypto Tools

Cybercriminals are exploiting GitHub's reputation to distribute malware, particularly targeting gamers and children. They create repositories offering game hacks, cracked software, and crypto tools, which actually contain Lumma Stealer variants. The attack chain begins with users searching for thes…
social engineering
malware distribution
lumma stealer
cybersecurity
github
2025-06-18
cracked software
game hacks
crypto tools
Published: June 18, 2025
Downloadable IOCs: 4

Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks

The Trustwave SpiderLabs Email Security team has identified a significant increase in SVG image-based attacks, where seemingly harmless graphics are used to conceal dangerous links. Cybercriminals are exploiting the ability of SVG files to embed JavaScript, which can execute automatically upon open…
obfuscation
phishing
social engineering
phaas
javascript
cybersecurity
email security
svg
2025-05-16
ursnif
tycoon2fa
Published: May 16, 2025
Downloadable IOCs: 4

Modern Incident Response: Tackling Malicious ML Artifacts

This analysis explores the emerging threat of machine learning model-based breaches, detailing their anatomy, detection methods, and real-world examples. It highlights the risks associated with sharing ML models, particularly through platforms like Hugging Face, and the potential for malicious acto…
cobalt strike
incident response
cybersecurity
metasploit
mythic
machine learning
2025-05-14
trickbot
sandboxing
pickle files
forensics
model-based breaches
malicious ai
Published: May 14, 2025
Downloadable IOCs: 2

Real-Time Anti-Phishing: Essential Defense Against Evolving Cyber Threats

Phishing remains a prevalent cybersecurity threat, causing financial loss, data theft, and malware deployment. Attackers are expanding targets across platforms and using AI to refine techniques, making detection more challenging. Real-time anti-phishing (RTAP) solutions using AI and machine learnin…
phishing
social engineering
ai
cybersecurity
machine learning
2025-03-21
real-time anti-phishing
employee awareness
Published: March 21, 2025
Downloadable IOCs: 11

Virtue or Vice? A First Look at Paragon's Proliferating Spyware Operations

The report investigates Paragon Solutions, an Israeli spyware company founded in 2019 that sells a product called Graphite. Through infrastructure analysis, the researchers identified potential Paragon deployments in several countries. They also found evidence linking Paragon to the Canadian Ontari…
surveillance
graphite
spyware
cybersecurity
human rights
law enforcement
2025-03-19
canada
italy
zero-click exploit
Published: March 19, 2025
Downloadable IOCs: 22

Patch it up: Old vulnerabilities are everyone's problems

This analysis emphasizes the importance of addressing old vulnerabilities in software systems globally. It highlights the end of Windows 10 support in October 2025 and the risks associated with unpatched systems. The article discusses the relevance of vulnerabilities regardless of geographic locati…
CVE-2024-4577
cybersecurity
vulnerabilities
CVE-2025-22224
taowu
2025-03-14
software updates
kev
windows 10
global threats
cve
patching
Published: March 14, 2025
Downloadable IOCs: 0

The adventures of an extroverted cyber nerd and the people who help to fight the good fight

The article describes the experiences of a Senior Security Strategist at Talos, highlighting the unique blend of technical expertise and communication skills required for the role. It emphasizes the importance of supporting NGOs in cybersecurity, detailing the author's involvement with the NGO-ISAC…
phishing
cybersecurity
2024-12-06
qr code attacks
ngo
communication skills
water systems vulnerabilities
Published: December 6, 2024
Downloadable IOCs: 0

First UEFI bootkit malware for Linux discovered

A groundbreaking discovery has been made in the realm of cybersecurity: the first UEFI bootkit specifically targeting Linux systems. Named 'Bootkitty,' this proof-of-concept malware marks a significant evolution in stealthy and hard-to-remove bootkit threats. Although currently limited to certain U…
malware
linux
cybersecurity
kernel
2024-11-27
uefi
bootkit
bcdropper
ubuntu
proof-of-concept
bootkitty
bcobserver
Published: November 27, 2024
Downloadable IOCs: 0

Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape

Proofpoint researchers have identified a surge in the ClickFix social engineering technique across the threat landscape. This technique uses dialogue boxes with fake error messages to trick users into copying, pasting, and running malicious content on their computers. Multiple threat actors are emp…
xworm
phishing
social engineering
powershell
darkgate
lumma stealer
asyncrat
danabot
latrodectus
netsupport
cybersecurity
clickfix
threat actors
brute ratel c4
2024-11-18
malware delivery
lucky volunteer
recaptcha phish
threat landscape
Published: November 18, 2024
Downloadable IOCs: 0

How to Improve Cyber Threat Investigations with TI Lookup

This article discusses the use of Threat Intelligence (TI) Lookup, a centralized service for threat data exploration and analysis. It highlights key features such as fast search results, extensive search parameters, and access to a large database of malware and phishing samples. The article explain…
phishing
remcos
stealc
cybersecurity
lumma
malware analysis
threat intelligence
agenttesla
yara rules
2024-11-13
darkvision
sandbox
ioc
Published: November 13, 2024
Downloadable IOCs: 0

Automatically Detecting DNS Hijacking in Passive DNS

This article describes a machine learning-based pipeline for detecting DNS hijacking using passive DNS data. The system processes an average of 167 million new DNS records daily, extracting 74 features from over 169 terabytes of data. Between March and September 2024, it identified 6,729 hijacking …
cybersecurity
machine learning
2024-11-05
dns hijacking
passive dns
network security
threat detection
domain compromise
Published: November 5, 2024
Downloadable IOCs: 37

Exploring GenAI in Cybersecurity: Gemini for Malware Analysis

This analysis explores the application of Generative AI, specifically Google's Gemini Advanced, in malware analysis. The experiment focuses on analyzing executable files, particularly a RisePro Stealer sample. The methodology involves decompiling the malware using Ghidra and IDA Pro, then using spe…
cybersecurity
malware analysis
genai
2024-10-07
risepro stealer
decompilation
ai-assisted analysis
ida pro
ghidra
gemini
executable files
2024-10-08
Published: October 8, 2024
Downloadable IOCs: 1

Exploring Newly Released Top-Level Domains

An investigation into 19 new top-level domains (TLDs) released in the past year revealed various malicious activities, including phishing campaigns, distribution of potentially unwanted programs, torrenting websites, and pranking campaigns. The study found a correlation between the TLDs' general av…
phishing
dns
cybersecurity
2024-09-02
domain abuse
top-level domains
graph-based detection
redirection campaigns
domain registration
torrenting
Published: September 2, 2024
Downloadable IOCs: 22

How Managed Detection and Response Pressed Pause on a Play Ransomware Attack

This report details how Trend Micro's Managed Detection and Response (MDR) service successfully thwarted a sophisticated ransomware attack orchestrated by the notorious Play ransomware group. Through continuous monitoring and expert analysis, the MDR team swiftly identified and contained the intrus…
ransomware
incident response
cybersecurity
threat analysis
2024-08-23
systembc
grixba
malware campaign
Published: August 23, 2024
Downloadable IOCs: 1

Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…
malware
phishing
stealer
latrodectus
downloader
cybersecurity
acr stealer
2024-08-20
Published: August 20, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-44228, CVE-2017-11882, CVE-2024-21412, CVE-2024-21893
Downloadable IOCs: 15

BlackSuit Ransomware: Insights and Defense Strategies

This report provides an in-depth analysis of the BlackSuit ransomware, a threat that has been actively targeting various sectors since May 2023. It presents statistics from incident response engagements, explores the ransomware's behavior and technical analysis, and offers insights into the potenti…
ransomware
encryption
data exfiltration
2024-07-08
blacksuit
cybersecurity
threat analysis
Published: July 8, 2024
Downloadable IOCs: 8
Click here to see more Attack Reports