Researchers find new ICS malware toolkit designed to cause electric power outages
Mandiant recommends threat-hunting steps to detect COSMICENERGY despite no confirmed attacks in the wild.
Stories by Lucian Constantin
Researchers show ways to abuse Microsoft Teams accounts for lateral movement
Attackers have several ways to enable lateral movement within a network via a compromised Teams account.
SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups
Research shows a shift toward advanced persistent threat actors compromising smaller organisation, in part to enable other attacks.
Legitimate looking npm packages found hosting TurkoRat infostealer
The malicious packages have been downloaded hundreds of times, but the long-term impact is unknown.
Critical remote code execution flaws patched in Cisco small business switches
Some of the vulnerabilities could lead to complete compromise of the device as a proof of concept is publicly available.
New ransomware gang RA Group quickly expanding operations
The RA Group uses double extortion and has detailed information on its victims.
Israeli threat group uses fake company acquisitions in CEO fraud schemes
The group targets multinational firms using email display name spoofing and multiple fake personas.
Microsoft fixes bypass for critical Outlook zero-click flaw patch
Microsoft rates the new Outlook vulnerability as medium severity, but Akamai researchers say it should be higher.
Azure API Management flaws highlight server-side request forgery risks in API development
New SSRF vulnerabilities highlight the weaknesses of using blacklisting techniques as a defense mechanism.
New ransomware group CACTUS abuses remote management tools for persistence
The CACTUS cybercriminal group targets VPN appliances for initial access and to install a backdoor.
Attacks increasingly use malicious HTML email attachments
New research shows that up to a half of all HTML email attachments are malicious, and not just because of a few massive campaigns.
Cybercrime group FIN7 targets Veeam backup servers
At least two Veeam instances have been compromised, possibly using a vulnerability patched in March.
Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers
A cyberespionage group believed to be associated with the Iranian government has been infecting Microsoft Exchange Servers with a new malware implant dubbed BellaCiao that acts as a dropper for additional payloads.
New DDoS amplification vector could enable massive attacks
A vulnerability in the Service Location Protocol on internet-connected devices could create a DDoS amplification factor of up to 2200X.
Cisco patches high and critical flaws across several products
Left unmitigated, the vulnerabilities could lead to unauthorised remote access, denial of service attacks, or privilege escalation.
