Tag: machine learning

9 Attack Reports | 0 Vulnerabilities

Attack reports

Beyond Signatures: Detecting Lumma Stealer with an ML-Powered Sandbox

This analysis focuses on a new variant of Lumma Stealer, a malware that reemerged after a brief hiatus following a law enforcement operation. The article details the malware's code obfuscation, evasion techniques, and persistence mechanisms. It describes Netskope's machine learning-based detection …
persistence
anti-analysis
lumma stealer
autoit
nsis
evasion techniques
machine learning
sandbox
2025-09-25
Published: September 25, 2025
Downloadable IOCs: 1

Pausing for a "Sanctuary Moon" marathon

This newsletter discusses the debut of the 'Humans of Talos' series, which highlights the people behind Cisco Talos' research and operations. It draws parallels between sci-fi characters and cybersecurity professionals, emphasizing the importance of human creativity and insight in advanced technolo…
chaos
machine learning
CVE-2025-53770
2025-07-24
sharepoint vulnerability
Published: July 24, 2025
Linked vulnerabilities : CVE-2025-53770 (CVSS 9.8)
Downloadable IOCs: 7

Malicious attack method on hosted ML models now targets PyPI

A new malicious campaign has been discovered targeting the Python Package Index (PyPI) by exploiting the Pickle file format in machine learning models. Three malicious packages posing as an Alibaba AI Labs SDK were detected, containing infostealer payloads hidden inside PyTorch models. The packages…
infostealer
ai
pypi
machine learning
supply chain attack
pytorch
2025-05-26
pickle format
Published: May 26, 2025
Downloadable IOCs: 2

Modern Incident Response: Tackling Malicious ML Artifacts

This analysis explores the emerging threat of machine learning model-based breaches, detailing their anatomy, detection methods, and real-world examples. It highlights the risks associated with sharing ML models, particularly through platforms like Hugging Face, and the potential for malicious acto…
cobalt strike
incident response
cybersecurity
metasploit
mythic
machine learning
2025-05-14
trickbot
sandboxing
pickle files
forensics
model-based breaches
malicious ai
Published: May 14, 2025
Downloadable IOCs: 2

Real-Time Anti-Phishing: Essential Defense Against Evolving Cyber Threats

Phishing remains a prevalent cybersecurity threat, causing financial loss, data theft, and malware deployment. Attackers are expanding targets across platforms and using AI to refine techniques, making detection more challenging. Real-time anti-phishing (RTAP) solutions using AI and machine learnin…
phishing
social engineering
ai
cybersecurity
machine learning
2025-03-21
real-time anti-phishing
employee awareness
Published: March 21, 2025
Downloadable IOCs: 11

Malicious ML models discovered on Hugging Face platform

RL researchers have identified a novel attack technique called nullifAI on the Hugging Face platform, which abuses Pickle file serialization to distribute malware. Two malicious models were found containing reverse shell code, bypassing Hugging Face's security scanning mechanisms. The attack exploi…
reverse shell
machine learning
2025-02-07
pytorch
ai security
hugging face
pickle serialization
nullifai
picklescan
Published: February 7, 2025
Downloadable IOCs: 0

Malicious PyPI crypto pay package aiocpa implants infostealer code

ReversingLabs detected a malicious package named 'aiocpa' on PyPI, engineered to compromise cryptocurrency wallets. Unlike typical attacks, the actors published their own crypto client tool to attract users before compromising them through a malicious update. The package appeared legitimate, with m…
obfuscation
infostealer
cryptocurrency
pypi
machine learning
software supply chain
2024-11-29
threat hunting
Published: November 29, 2024
Downloadable IOCs: 0

Automatically Detecting DNS Hijacking in Passive DNS

This article describes a machine learning-based pipeline for detecting DNS hijacking using passive DNS data. The system processes an average of 167 million new DNS records daily, extracting 74 features from over 169 terabytes of data. Between March and September 2024, it identified 6,729 hijacking …
cybersecurity
machine learning
2024-11-05
dns hijacking
passive dns
network security
threat detection
domain compromise
Published: November 5, 2024
Downloadable IOCs: 37

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning

Researchers discovered an automated scanning tool called Swiss Army Suite (S.A.S) used for vulnerability scans on web services. The tool generates unusual SQL injection patterns that could potentially bypass web application firewalls. It offers features like Dork-based checker, generator, and SQL v…
sql injection
2024-10-01
2024-10-02
machine learning
vulnerability scanning
telemetry analysis
swiss army suite
underground tools
dork-based checker
s.a.s
web application security
Published: October 2, 2024
Downloadable IOCs: 8
Click here to see more Attack Reports