| Title |
Published |
Tags |
Description |
Number of indicators |
| Scam Attacks Taking Advantage of the Popularity of the Generative AI Wave |
July 26, 2024, 1:35 p.m. |
|
This analysis explores the evolution of network threats associated with generative AI (GenAI) terms, correlating with key milesto… |
31 |
| Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412 |
July 11, 2024, 1:12 p.m. |
|
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The … |
12 |
| FIN7: Silent Push unearths 4000+ phishing and shell domains |
July 11, 2024, 11:51 a.m. |
|
Silent Push threat analysts have uncovered an extensive series of campaigns linked to the FIN7 cybercrime group, including severa… |
94 |
| Analysis of Suspected APT Attack Activities by “Silver Fox” |
July 10, 2024, 10:19 a.m. |
|
This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and t… |
7 |
| How do cryptocurrency drainer phishing scams work? |
July 10, 2024, 9:42 a.m. |
|
Cryptodrainer phishing scams have emerged as a significant threat, targeting unsuspecting individuals through deceptive tactics t… |
14 |
| M365 adversary-in-the-middle campaign |
July 8, 2024, 7:46 p.m. |
|
Field Effect researchers uncovered a previously unreported campaign leveraging the Axios user agent string to facilitate business… |
19 |
| The Hidden Danger of PDF Files with Embedded QR Codes |
July 5, 2024, 3:37 p.m. |
|
The report describes how malware authors are abusing PDF files with embedded QR codes to deceive users into visiting malicious ph… |
1 |
| ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution |
July 2, 2024, 3:45 p.m. |
|
This intelligence report analyzes the ONNX Store, a phishing-as-a-service platform targeting financial institutions through embed… |
25 |
| An Android RAT targets Telegram Users |
June 28, 2024, 2:49 p.m. |
|
This analysis discusses SpyMax, a Remote Access Trojan (RAT) that targets Android devices and specifically aims at obtaining data… |
4 |
| DBatLoader Distributed via CMD Files |
June 27, 2024, 9:26 a.m. |
|
A cybersecurity analysis has identified a malicious operation involving the distribution of a downloader, dubbed DBatLoader or Mo… |
0 |
| Phishing Incident Report: Facts and Timeline |
June 25, 2024, 7:41 a.m. |
|
On June 18, 2024, an employee's account at ANY.RUN was compromised and used to carry out a phishing attack against the company's … |
9 |
| AdsExhaust, a Newly Discovered Adware MasqueradingOculus… |
June 24, 2024, 4:35 p.m. |
|
In June 2024, the eSentire Threat Response Unit (TRU) identified adware, which we have dubbed AdsExhaust, being distributed throu… |
17 |
| espionage group targets government agencies with and more infection techniques |
June 24, 2024, 8:11 a.m. |
|
A recently discovered threat actor, dubbed 'SneakyChef,' has been conducting an ongoing espionage campaign targeting government a… |
148 |
| Unveiling SpiceRAT: Latest tool targeting EMEA and Asia |
June 24, 2024, 8:03 a.m. |
|
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, employed by the threat actor SneakyChef in a recent mali… |
6 |
| SolarMarker Impersonates Job Employment Website |
June 18, 2024, 9:45 p.m. |
|
On April 2024, Cyber Analysts responded to a SolarMarker infection event. The infection occurred through a drive-by download when… |
6 |
| Dipping into Danger: The WARMCOOKIE backdoor |
June 12, 2024, 10:41 a.m. |
|
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCO… |
6 |
| Search & Spoof: Abuse of Windows Search to Redirect to Malware |
June 11, 2024, 1:36 p.m. |
|
Trustwave SpiderLabs has uncovered a sophisticated malicious campaign that exploits the Windows search functionality embedded in … |
2 |
| RAT Distributed as UUEncoding (UUE) File |
June 11, 2024, 10:11 a.m. |
|
This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated throug… |
3 |
| New Agent Tesla Campaign Targeting Spanish-Speaking People |
June 10, 2024, 11:24 a.m. |
|
This report analyzes a phishing campaign spreading a new Agent Tesla variant designed to infiltrate victims' computers and steal … |
6 |
| Cybercriminals attack banking customers in EU with V3B phishing kit |
June 10, 2024, 11:20 a.m. |
|
An analysis reveals that a cybercriminal group is distributing sophisticated phishing kits to target banking customers in the Eur… |
44 |
| Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks |
June 7, 2024, 8 a.m. |
|
Morphisec Labs has been monitoring increased activity associated with Sticky Werewolf, a suspected geopolitical or hacktivist gro… |
14 |
| DarkGate again but... Improved? |
June 6, 2024, 8:16 a.m. |
|
The report details the latest developments surrounding the DarkGate remote access trojan, including its enhanced capabilities in … |
313 |
| Warning Against Phishing Emails Prompting Execution of Commands via Paste |
June 6, 2024, 7:18 a.m. |
|
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run… |
15 |
| Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud |
June 3, 2024, 11:21 a.m. |
|
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in… |
14 |
| Chat Messenger voting topics - a new way to steal accounts is gaining momentum |
May 31, 2024, 1:24 p.m. |
|
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaini… |
230 |
| Disrupting FlyingYeti's campaign targeting Ukraine |
May 31, 2024, 12:19 p.m. |
|
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Rus… |
8 |
| 'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered |
May 30, 2024, 9:31 a.m. |
|
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employee… |
30 |
| Side Loading through IObit against Colombia |
May 29, 2024, 11:06 a.m. |
|
In May 2024, researchers detected a phishing campaign impersonating the Colombian Attorney General's Office, aiming to infect sys… |
3 |
| Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling |
May 28, 2024, 12:36 p.m. |
|
Netskope Threat Labs has been tracking an increase in phishing campaigns hosted on Cloudflare Workers. The campaigns use techniqu… |
134 |
| Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware |
May 22, 2024, 7:39 a.m. |
|
Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed CLOUD#REVERSER, that leverages popular cloud sto… |
16 |
| D3F@ck Loader, the New MaaS Loader |
May 21, 2024, 9:03 p.m. |
|
In March 2024, eSentire's Threat Response Unit (TRU) discovered multiple instances of D3F@ck Loader infections being propagated v… |
3 |
| Banking trojan unleashed: Observing emerging global campaigns |
May 20, 2024, 9:40 a.m. |
|
IBM's X-Force has been tracking large-scale phishing campaigns distributing the Grandoreiro banking trojan, likely operated as a … |
18 |
| From Document to Script: Insides of Campaign |
May 17, 2024, 9:38 a.m. |
|
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to i… |
11 |
| Payload Trends in Malicious OneNote Samples |
May 16, 2024, 5:25 p.m. |
|
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into … |
550 |
| SugarGh0st RAT Used to Target American Artificial Intelligence Experts |
May 16, 2024, 10:07 a.m. |
|
This intelligence report provides details about a SugarGh0st RAT campaign conducted by an unattributed threat actor, tracked as U… |
9 |
| Romance Scams Urging Investment |
May 13, 2024, 9:38 a.m. |
|
The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cry… |
3 |
| StopRansomware: Black Basta |
May 13, 2024, 9:31 a.m. |
|
This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant f… |
174 |
| New Campaigns from Scattered Spider |
May 10, 2024, 8:33 a.m. |
|
Scattered Spider, a financially motivated threat actor group, has been conducting aggressive phishing campaigns targeting various… |
118 |
| APT28 campaign against Polish government institutions |
May 8, 2024, 3:37 p.m. |
|
The CERT Polska team is investigating a large-scale malware campaign carried out by the Russian intelligence group APT28, which h… |
74 |
| Scaly Wolf’s new loader: the right tool for the wrong job |
May 2, 2024, 2:48 p.m. |
|
The report analyzes a recent campaign by the Scaly Wolf threat group targeting organizations in Russia and Belarus. The group emp… |
23 |
| Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams |
May 1, 2024, 7:59 p.m. |
|
This report details an investigation by JFrog Security researchers on a coordinated attack on Docker Hub, where millions of malic… |
46 |
| Linux Trojan - Xorddos with Filename eyshcjdmzg |
May 1, 2024, 7:55 p.m. |
|
This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provi… |
11 |
| FakeBat Malware Distributing via Fake Browser Updates |
April 29, 2024, 6:18 p.m. |
|
This report details a recent malware campaign leveraging fake browser update notifications to distribute the FakeBat loader. The … |
6 |