A newly identified threat actor designated Storm-2603 has emerged as a sophisticated adversary in the ransomware landscape, leveraging advanced custom malware to circumvent endpoint security protections through innovative techniques. The group first gained attention during Microsoft’s investigation into the “ToolShell”…
Tag: Cyber Security News
Threat Actors Leverage Compromised Email Accounts for Targeted Phishing Attacks
Cybercriminals are increasingly sophisticated in their phishing attacks, with threat actors now leveraging compromised email accounts from trusted sources to bypass security controls and enhance campaign legitimacy. Recent incident response data reveals phishing remains a dominant attack vector, accounting for…
Secret Blizzard Group’s ApolloShadow Malware Install Root Certificates on Devices to Trust Malicious Sites
A sophisticated cyberespionage campaign targeting foreign embassies in Moscow has been uncovered, revealing the deployment of a custom malware strain designed to manipulate digital trust mechanisms. The Russian state-sponsored threat group Secret Blizzard has been orchestrating an adversary-in-the-middle operation since…
APT36 Hackers Weaponizing PDF Files to Attack Indian Railways, Oil & Government Systems
The Pakistan-linked Advanced Persistent Threat (APT) group APT36, also known as Transparent Tribe, has significantly expanded its cyber operations beyond traditional military targets to encompass critical Indian infrastructure including railway systems, oil and gas facilities, and key government ministries. This…
LLMs Accelerating Offensive R&D, Helps to Identify and Exploit Trapped COM Objects
The cybersecurity landscape has witnessed a significant evolution in offensive research methodologies with the integration of Large Language Models (LLMs) into malware development workflows. Security researchers at Outflank have pioneered the use of artificial intelligence to accelerate the discovery and…
Threat Actors Impersonating Microsoft OAuth Applications to Steal Login Credentials
A sophisticated phishing campaign exploiting Microsoft OAuth applications has emerged as a significant threat to enterprise security, with cybercriminals successfully bypassing multifactor authentication systems to steal user credentials. The campaign, which began in early 2025 and remains ongoing, leverages fake…
Microsoft to Disable External Workbook Links to Blocked File Types By Default
Microsoft announced a significant security enhancement for Microsoft 365 apps that will fundamentally change how external workbook links function. Starting in October 2025, the company will disable external workbook links to blocked file types by default, implementing a new group…
Microsoft Teams New Option Let IT admins Run 60-second Silent Test Call
Microsoft has announced a new proactive network monitoring capability for Teams administrators, introducing 60-second silent test calls designed to assess network quality without disrupting user experiences. The feature represents a significant advancement in enterprise communication infrastructure management. Key Takeaways1. IT…
Microsoft Upgrades .NET Bounty Program with Rewards to Researchers Up to $40,000
Microsoft has significantly enhanced its .NET bounty program, announcing substantial updates that expand the program’s scope, streamline award structures, and provide greater incentives for cybersecurity researchers. The enhanced program now offers rewards of up to $40,000 USD for identifying critical…
Threat Actors Abuse Proofpoint’s and Intermedia’s Link Wrapping Features to Hide Phishing Payloads
The latest wave of credential-phishing campaigns has revealed an unexpectedly convenient ally for threat actors: the very e-mail security suites meant to protect users. First observed in late July 2025, multiple phishing clusters began embedding malicious URLs inside the legitimate…
CISA Issues ICS Advisories for Rockwell Automation Using VMware, and Güralp Seismic Monitoring Systems
CISA released two high-severity Industrial Control Systems (ICS) advisories on July 31, 2025, highlighting critical vulnerabilities in widely deployed industrial equipment that could enable remote attackers to manipulate critical infrastructure systems. The flaws affect seismic monitoring devices and virtualized industrial…
Search Engines are Indexing ChatGPT Conversations! – Here is our OSINT Research
ChatGPT shared conversations are being indexed by major search engines, effectively turning private exchanges into publicly discoverable content accessible to millions of users worldwide. The issue first came to light through investigative reporting by Fast Company, which revealed that nearly…
Hackers Weaponizing Free Trials of EDR to Disable Existing EDR Protections
A sophisticated attack technique was uncovered where cybercriminals exploit free trials of Endpoint Detection and Response (EDR) software to disable existing security protections on compromised systems. This method, dubbed BYOEDR (Bring Your Own EDR), represents a concerning evolution in defense…
Threat Actors Embed Malicious RMM Tools to Gain Silent Initial Access to Organizations
A sophisticated cyber campaign leveraging legitimate Remote Monitoring and Management (RMM) tools has emerged as a significant threat to European organizations, particularly those in France and Luxembourg. Since November 2024, threat actors have been deploying carefully crafted PDF documents containing…
Unit 42 Unveils Attribution Framework to Classify Threat Actors Based on Activity
Palo Alto Networks’ Unit 42 threat research team has introduced a groundbreaking systematic approach to threat actor attribution, addressing longstanding challenges in cybersecurity intelligence analysis. The Unit 42 Attribution Framework, unveiled on July 31, 2025, transforms what has traditionally been…
New Banking Malware DoubleTrouble Attacking Users Via Phishing Sites To Steal Banking Credentials
A sophisticated new banking trojan dubbed DoubleTrouble has emerged as a significant threat to mobile users across Europe, employing advanced evasion techniques and expanding its attack surface through novel distribution channels. The malware initially spread through phishing websites impersonating well-known…
First AI-Powered Malware LAMEHUG Attacking Organizations With Compromised Official Email Account
The cybersecurity landscape has witnessed a groundbreaking and concerning development with the emergence of LAMEHUG, the first publicly documented malware to integrate artificial intelligence capabilities for automated cyberattacks. This sophisticated malware, developed by the notorious Russian threat actor group APT28…
Anubis Ransomware Attacking Android and Windows Users to Encrypt Files and Steal Login Credentials
A sophisticated new ransomware threat has emerged from the cybercriminal underground, targeting both Android and Windows platforms with dual capabilities that extend far beyond traditional file encryption. Anubis ransomware, first identified in November 2024, represents a concerning evolution in malware…
Silver Fox Hackers Using Weaponized Google Translate Tools to Deploy Windows Malware
A sophisticated malware campaign has emerged targeting unsuspecting users through weaponized versions of popular online tools, particularly Google Translate interfaces. The Silver Fox threat actors have developed an intricate attack chain that leverages social engineering tactics to deliver the notorious…
Navigating APTs – Singapore’s Cautious Response to State-Linked Cyber Attacks
Singapore’s cybersecurity landscape faced a significant challenge in July 2025 when Coordinating Minister K. Shanmugam disclosed that the nation was actively defending against UNC3886, a highly sophisticated Advanced Persistent Threat (APT) group targeting critical infrastructure. The revelation, announced during the…