PoC exploit code available for heavily targeted Veeam backup solution.New loader dubbed PhantomLoader delivers MaaS payloads.Black Basta may have exploited flaw 3 months before fix issued, as 0 day.

Threat Bulletin #269

13 days ago 7m 19s

Attackers target GitHub repos once again in Ransom-lite extortion.Windows will finally depreciate NTLM, providing transition advice.PoC chaining two flaws for Telerik report released.

Threat Bulletin #268

21 days ago 8m 6s

In this week news: Check Point Zero-day vulnerability.Okta Credential Stuffing.Operation Endgame Targets Botnets.

Threat Bulletin #267

27 days ago 6m 32s

In this weeks episode, LockBit Ransomware group have had nothing but setbacks since “Operation Chronos”, GitHub alerts users to 2 high severity vulnerabilities and a significant uptick in Docusign phishing emails has been observed in May.

Threat Bulletin #266

May 10th, 2024 6m 7s

LockBit ransomware admin is named and sanctioned.North Korean actors exploiting weak DMARC policies for spearphishing.Ivanti flaws chained together to drop Mirai botnet.

Threat Bulletin #265

May 3rd, 2024 6m 35s

Developers targeted with Python backdoor during false job interviews.New UK law now in effect limits default passwords on smart devices.New malware emerges targeting small office and home routers.

Threat Bulletin #264

Apr 26th, 2024 6m 13s

MITRE breached using two Ivanti zero days.CrushFTP victim of targeted zero day exploitation.ArcaneDoor campaign targets vulnerable Cisco devices.

Threat Bulletin #263

Apr 19th, 2024 6m 18s

Large scale exploitation of Palo Alto CVE following PoC disclosures.Atlassian vulnerability leveraged to deploy Cerber ransomware.PuTTY flaw can be used to obtain private cryptographic keys.

Threat Bulletin #262

Apr 12th, 2024 7m

Warnings issued regarding 10/10 CVSS score Rust vulnerability.Researchers speculate LLM wrote Powershell for malware strain.Change Healthcare hit by ransom demand again following AlphV exit scam.

Threat Bulletin #261

Apr 5th, 2024 6m 23s

Sophisticated supply chain attack attempted against multiple Linux distros.Linux false Sudo prompt flaw has persisted for over a decade.DinodasRAT now targeting Linux servers with new variant.

Threat Bulletin #260

Mar 28th, 2024 4m 46s

Huge darknet marketplace seized by German takedown effort.Muddywater group using legitimate RM tools for access.APT31 members sanctioned following US infrastructure attacks.

Threat Bulletin #259

Mar 22nd, 2024 5m 23s

Fujitsu discover malware compromised systems.Russian actors may be targeting Ukrainian telecoms with new wiper malware.New DoS technique discovered able to create infinite feedback loop.

Threat Bulletin #258

Mar 15th, 2024 5m 2s

Russian groups accesses Microsoft source code in follow up from January attack.StopCrypt, the ransomware still targeting individuals over business has been upgraded.DarkGate leverage recent SmartScreen vulnerability in attacks.

Threat Bulletin #257

Mar 8th, 2024 6m 41s

The Blackcat / AlphV ransomware operation fakes law enforcement takedown to steal from their own affiliate.

Threat Bulletin #256

Mar 1st, 2024 6m 31s

LockBit claims swift recovery from takedown operation, downplaying severity and threatening leaks.Lazarus exploit Windows zero day flaw with new improved Rootkit.

Threat Bulletin #255

Feb 23rd, 2024 6m 42s

DoJ takes down botnet used by Russian state group.LockBit ransomware operation gutted by the NCA.ScreenConnect under active attack, Lockbit utilised.

Threat Bulletin #254

Feb 9th, 2024 6m 49s

Anydesk confirms cyberattack that allowed hackers to gain access to the company's production systems, Cloudflare publicly disclose its internal Atlassian server was breached by a suspected nation-state attacker and the FBI disrupt and neutraliz

Threat Bulletin #254

Feb 9th, 2024 6m 49s

Ivanti discloses 2 new zero-day flaws, including one under active exploitation, Cloudflare publicly disclose its internal Atlassian server was breached by a suspected nation-state attacker and the FBI disrupt and neutralize KV-botnet.

Threat Bulletin #253

Jan 26th, 2024 6m 16s

Microsoft confirms details of recent Russian compromise.Kasseika joins ransomware groups performing BYOVD attacks.Trickbot browser injection developer jailed.

Threat Bulletin #252

Jan 19th, 2024 5m 47s

VMware critical flaw under active exploitation.Critical vulnerability discovered in Juniper firewalls and switches.Ivanti bypass flaw exploited in the wild.

Threat Bulletin #251

Jan 12th, 2024 5m 52s

Evasive Async RAT has targeted infrastructure for almost a year.New FBot toolkit targets SaaS and cloud platforms.Turkish group uses Mimic ransomware to target MSSQL servers.

Threat Bulletin #250

Jan 5th, 2024 6m 15s

Critical Invanti flaw allows compromise of enrolled devices.Multiple malware strains use Google feature for persistence.Microsoft disables MSIX after it is abused by malware again.

Threat Bulletin #249

Dec 22nd, 2023 5m 37s

Rhadamanthys infostealer gains popularity with new features.MongoDB confirms breach and theft of customer data.FBI confirms it breached the Blackcat ransomware group.

Threat Bulletin #248

Dec 15th, 2023 6m 57s

AlphV ransomware outage rumored to be caused by FBI.New "Pool Party" injection technique evades 5 leading EDR solutions.Lazarus continues to abuse Log4J with 3 new malware strains.

Threat Bulletin #247

Dec 8th, 2023 5m 47s

NCSC warns of Russian state group social engineering activity.Okta customers affected by recent attack revised from 1% to 100%.Researchers discover Linux rootkit RAT undetected since 2021.