< ciso
brief />
Tag Banner

All news with #threat report tag

542 articles · page 17 of 28

ForumTroll Targets Political Scientists with Tuoni

📧 Kaspersky researchers have uncovered a targeted campaign by the ForumTroll APT that lures political scientists with personalized plagiarism-check links impersonating the eLibrary service. The downloaded archive contained a malicious .lnk and a .Thumbs directory with images used to evade security; filenames included each victim’s full name. When executed on Windows the .lnk ran a PowerShell chain that installed the commercial red-team framework Tuoni, used COM hijacking for persistence, and displayed a decoy PDF named for the target. Kaspersky reports detections and recommends endpoint and mail-gateway protections to stop similar email-delivered threats.
read more →

Ink Dragon Uses European Government Servers as Relays

🔍 A prolific China-linked group known as Ink Dragon is exploiting misconfigured public-facing servers in European government networks to create relay nodes, Check Point reports. After probing IIS, SharePoint and other web services for configuration flaws, operators quietly harvest credentials, reuse administrator and service accounts, and move laterally using Remote Desktop to blend into normal traffic. They install backdoors and credential-stealing implants, and deploy a customized module and a new FinalDraft backdoor to maintain long-term access and obfuscate command channels.
read more →

Cloud Security 2025: AI-Driven Risk and Operational Gaps

🔒 The Palo Alto Networks State of Cloud Security Report 2025 warns that rapid enterprise AI adoption has massively expanded the cloud attack surface, with 75% running AI in production and 99% reporting at least one AI-targeted incident last year. It finds GenAI-assisted coding accelerating insecure code into production and AppSec teams unable to keep pace with weekly deploys. The research highlights rising API attacks, persistent identity weaknesses, and widespread tool sprawl, and argues for agentic security to unify cloud and SOC operations.
read more →

New Report: China's AI Surveillance Reshapes Rights

🔍 A new ASPI report, discussed here, documents how Chinese state actors rapidly embedded advanced AI into political control systems between 2023 and 2025. It highlights four accelerated areas: multimodal censorship of politically sensitive images; AI integration into the criminal‑justice pipeline; industrialised online information control; and AI‑enabled platforms run by Chinese firms abroad. The post frames this evidence to inform policymakers, civil society, the media and technology companies seeking to counter AI‑enabled repression.
read more →

Ink Dragon Expands: New Tools and Wider Victim Network

🛡️ Check Point Research reveals that Ink Dragon, a Chinese espionage group, has broadened operations from Asia and South America into European government networks, turning compromised servers into relay nodes to route commands and obscure activity. Updated toolsets — including a new FinalDraft variant — let attackers mimic Microsoft cloud traffic and maintain long-term access. Multiple actors, notably RudePanda, exploited the same public-facing flaw, underscoring how a single vulnerability can attract several advanced groups.
read more →

ESET Threat Report H2 2025: AI, Ransomware Trends Outlook

🔍 ESET's H2 2025 threat report documents rapid attacker innovation, including the first known AI-driven ransomware, PromptLock, which can generate malicious scripts on demand. The report also highlights a near-collapse of Lumma Stealer, a roughly thirtyfold surge in the CloudEyE downloader, and a sharp rise in ransomware victims and NFC-based Android fraud. It underscores evolving distribution and evasion techniques across platforms.
read more →

SantaStealer info-stealer targets browsers and wallets

⚠️Rapid7 researchers report a new malware-as-a-service called SantaStealer, advertised on Telegram and hacker forums as an in-memory info‑stealer designed to evade file-based detection. The operation appears to be a rebranding of BluelineStealer by a Russian-speaking developer and is being marketed with Basic ($175/month) and Premium ($300/month) tiers. Samples and an affiliate panel show 14 modular data-collection threads that harvest browser credentials, cookies, saved cards, messaging and gaming app data, crypto wallets and documents, bundle results into ZIPs in memory, and exfiltrate them in 10MB chunks to a hardcoded C2 on port 6767. Despite claims of stealth, leaked builds include symbol names and unencrypted strings that make analysis straightforward.
read more →

Cloudflare Radar 2025 Year in Review — AI, PQ, DDoS Trends

🔍 The 2025 Cloudflare Radar Year in Review summarizes Internet trends observed across Cloudflare’s global network, covering January–December 2025. The report highlights rapid growth in traffic (up 19%), dramatic increases in AI crawling and user-action requests, and widespread adoption of post-quantum TLS, which reached 52% of human web traffic. It also documents hyper-volumetric DDoS escalation — multiple attacks exceeded 10 Tbps with records hitting 31.4 Tbps — and provides sector, device, and connectivity insights informed by new AI and speed‑test datasets.
read more →

Black Hat Europe 2025: Reputation and the Ransomware Economy

🔐 At Black Hat Europe 2025, Max Smeets of Virtual Rotes presented 'Inside the Ransomware Machine', examining LockBit and its affiliate-driven RaaS operations from 2022–2024. He highlighted how reputation shapes victim decisions and the attackers' need to be seen as reliable to secure payments. The talk warned that exposed cyber insurance details can guide extortion amounts and recommended segregating or air‑gapping insurance documentation.
read more →

ThreatsDay Bulletin: Spyware, Mirai, Docker Leaks and More

🔔 This week's ThreatsDay Bulletin highlights a packed week of cross-cutting threats: a Mirai variant dubbed Broadside exploiting TBK DVRs (CVE-2024-3721), widespread exploitation of React2Shell (CVE-2025-55182), and the leak of a ValleyRAT builder that includes a signed kernel-mode rootkit. Law enforcement actions ranged from Europol's 193 arrests in a VaaS crackdown to multiple national detentions, while Apple and Google issued broad spyware alerts. Researchers flagged >10,000 Docker Hub images leaking secrets and 19 malicious VS Code extensions that used a PNG disguise to deliver trojans, underscoring persistent supply-chain and user-facing risks.
read more →

Navigating Analyst and Test Reports for Endpoint Security

🖼️ Many vendor and lab reports — from Gartner and Forrester market quadrants to specialist tests like AV‑Comparatives, SE Labs and MITRE Engenuity’s ATT&CK Evaluations — offer distinct, valuable perspectives on endpoint security. Security teams should selectively combine these assessments to triangulate performance, match operational requirements, and validate vendor claims before procurement decisions.
read more →

November 2025: Ransomware and GenAI Drive Cyber Attacks

🛡️ In November 2025, organizations faced an average of 2,003 cyber-attacks per week, a 3% rise from October and 4% above November 2024. Check Point Research attributes the increase to a surge in ransomware, broader attack surfaces and growing exposure from internal use of generative AI tools. The education sector was hit hardest, averaging 4,656 attacks per organization per week. These trends elevate operational, data and recovery risks across industries.
read more →

Malicious VS Code Extensions Steal Credentials via DLL

🛡️ Researchers from Koi Security have uncovered two malicious Visual Studio Code extensions, Bitcoin Black and Codo AI, that delivered a DLL-based infostealer via a disguised Lightshot executable. The campaign used social engineering and evolving technical methods—initially complex PowerShell and passworded ZIPs, later streamlined to hidden batch scripts—to harvest screenshots, clipboard data, Wi‑Fi credentials and browser sessions. One extension posed as a theme while the other offered legitimate AI coding features, helping both evade suspicion on the VS Code Marketplace.
read more →

Streamlit Exposes Shadow AI Risks and Data Leaks at Scale

⚠️ UpGuard's analysis of Streamlit-hosted applications uncovered thousands of publicly accessible data apps that expose sensitive business and personal information. In October 2025 scans identified 14,995 unique IPs running Streamlit; after accounting for instances with authentication or errors, over ten thousand apps remained accessible without login. The report documents exposed PII and business intelligence dashboards and recommends practical controls: maintain an inventory of user apps, move sensitive workloads off the Community Cloud, and enable authentication by default.
read more →

Four clusters exploiting CastleLoader expand MaaS reach

🛡️Recorded Future's Insikt Group attributes rapid expansion of a modular loader ecosystem to an actor named GrayBravo, noting the distribution of a loader called CastleLoader under a malware-as-a-service model. The report identifies four distinct operational clusters that employ phishing, ClickFix campaigns, malvertising, and impersonation to deliver CastleLoader and secondary payloads such as CastleRAT and NetSupport RAT. These campaigns target logistics and enterprise software users and leverage multi-tiered C2 infrastructure and fraudulent platform accounts to increase credibility and resilience.
read more →

STAC6565 Targets Canada; Gold Blade Deploys QWCrypt

🛡️ Sophos links nearly 40 intrusions from Feb 2024 to Aug 2025 to STAC6565, a cluster assessed to overlap the criminal group Gold Blade (aka RedCurl/Red Wolf). The campaign shows an unusually narrow geographic focus — almost 80% of attacks targeted Canadian organizations — and combines targeted data theft with selective ransomware deployment using QWCrypt. Attack chains abuse recruitment platforms to deliver multi‑stage loaders such as RedLoader and tools designed to evade AV and disable recovery, often leveraging WebDAV, Cloudflare Workers and program‑compatibility execution paths.
read more →

Experts Warn AI Is Becoming Integrated in Cyberattacks

🔍 Industry debate is heating up over AI’s role in the cyber threat chain, with some experts calling warnings exaggerated while many frontline practitioners report concrete AI-assisted attacks. Recent reports from Google and Anthropic document malware and espionage leveraging LLMs and agentic tools. CISOs are urged to balance fundamentals with rapid defenses and prepare boards for trade-offs.
read more →

Manufacturing Sees Fewer Encryptions but Ransom Risks

🔒 A recent Sophos study finds the manufacturing sector is blocking more ransomware before encryption, with only 40% of attacks resulting in data encryption this year versus 74% in 2024. Despite improved containment, data theft remains high (39% of encrypted cases) and more than half of affected firms paid ransoms; the median payment was about €861,000. Shortages of skilled staff, unknown vulnerabilities and inadequate protections are cited as root causes, and attacks are increasing stress and leadership pressures within IT teams.
read more →

Ransomware Gangs Use Shanya Packer to Evade EDR Protections

🛡️ Shanya is a packer-as-a-service used by multiple ransomware gangs to conceal payloads that disable endpoint detection and response (EDR) tools. The service returns a custom, encrypted wrapper that decrypts and decompresses the payload entirely in memory and inserts it into a memory-mapped copy of shell32.dll, avoiding disk artifacts. Sophos telemetry links Shanya-packed samples to Medusa, Qilin, Crytox and Akira, and notes techniques that crash user-mode debuggers and facilitate DLL side-loading to deploy EDR killers.
read more →

FinCEN: Ransomware Gangs Extorted $2.1B (2022–2024)

📊 A FinCEN analysis of 4,194 Bank Secrecy Act filings found organizations paid more than $2.1 billion in ransom between January 2022 and December 2024. Ransomware incidents peaked in 2023 before falling in 2024 after law enforcement actions disrupted ALPHV/BlackCat and LockBit. Most ransom payments were under $250,000 and roughly 97% were made in Bitcoin. Manufacturing, financial services, and healthcare were the most targeted industries.
read more →