Login Subscribe

Compliance & Regulation

AI‑Boosted Phishing Fuels PowerShell Attacks by Muddled Libra Group

AI‑Boosted Phishing Fuels PowerShell Attacks by Muddled Libra Group

Muddled Libra has refined its intrusion chain by leveraging generative AI to produce highly contextualized phishing emails that bypass traditional language‑based filters. Recipients are lured into executing seemingly benign PowerShell commands, which in turn download and execute a custom loader. The loader establishes a foothold, registers scheduled tasks, and

Public Hacking Tools Flood the Threat Landscape, Raising Defense Stakes

The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory highlighting a sharp rise in freely available hacking utilities that have surfaced in cyber‑attacks worldwide. From turnkey ransomware encryptors to ready‑made credential‑harvesting scripts, these tools are being uploaded to public forums, code‑sharing sites, and underground marketplaces,

Granular Cloud‑Log Framework Exposes Hidden Lateral Moves and Privilege Abuse

Granular Cloud‑Log Framework Exposes Hidden Lateral Moves and Privilege Abuse

Palo Alto Networks Unit 42 has released a detection framework that ingests raw logs from multiple cloud services, normalizes them into a unified schema, and applies behavior‑based analytics to surface attacker activity that blends into normal traffic. By correlating API calls, identity events, and network flows across SaaS, IaaS,

Microsoft patches 59 flaws, six actively exploited – patch now

Microsoft patches 59 flaws, six actively exploited – patch now

Microsoft released its February security update bundle addressing 59 vulnerabilities across Windows client OSes, server products, and Azure cloud services. The fixes cover a range from privilege‑escalation bugs to remote‑code‑execution flaws, and six of the issues have been confirmed as active zero‑day exploits in the wild.

APT TA423 Watering‑Hole Injects ScanBox Keylogger into News Sites

A Chinese‑based threat group identified as APT TA423 has been running a watering‑hole campaign that compromises high‑traffic news websites frequented by professionals in targeted industries. The attackers inject the ScanBox reconnaissance framework—a lightweight keylogger and credential‑harvesting tool—into the pages of these sites. When a

CISA Flags Surge of Public Attack Tools Lowering Threat Actor Barriers

The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory that catalogs dozens of freely available tools that have already been weaponized in real‑world incidents. These include ransomware kits, credential‑dumping utilities, exploit frameworks, and post‑exploitation modules that are now hosted on public repositories, underground forums, and even

CISA Flags Open‑Source Tool Abuse Fueling Modern Intrusions

The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory showing that adversaries are increasingly turning to publicly available open‑source utilities—such as Nmap, PowerShell scripts, and credential‑dumping tools—to map networks, exploit known vulnerabilities, and embed back‑doors. By leveraging these freely accessible resources, threat actors can

Sophos CISO Warns: Fake Remote IT Hires Threaten Enterprise Access

Sophos CISO Warns: Fake Remote IT Hires Threaten Enterprise Access

During a recent Reddit AMA, Sophos CISO Ross McKerchar revealed that cybercriminals are increasingly masquerading as remote IT contractors to infiltrate organizations. By posting bogus job listings or responding to legitimate hiring ads, these actors secure “remote hire” contracts, then use the supposed employment relationship to request privileged credentials, VPN