Skip to main content
← All Tags

Threat Intelligence

75 articles in this category (Page 3 of 4)

AI NewsCybersecurityThreat Intelligence

Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon details a 2021–2025 GRU-linked campaign (APT44) targeting critical infrastructure via misconfigured network devices, highlighting a shift from exploit-driven attacks.

Read more
AI NewsCybersecurityThreat Intelligence

ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories

This week’s ThreatsDay Bulletin highlights a surge in cyber threats, including 193 arrests in a crackdown on Violence-as-a-Service (VaaS).

Read more
AI NewsCybersecurityThreat Intelligence

STAC6565 Shifts Focus to Canada in QWCrypt Ransomware Attacks

Sophos reports STAC6565 targeted nearly 40 victims, with 80% of attacks hitting Canadian firms and deploying QWCrypt ransomware.

Read more
AI NewsCybersecurityThreat Intelligence

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

Storm-0249 is evolving its tactics, now employing ClickFix, fileless PowerShell, and DLL sideloading to facilitate ransomware operations and evade detection.

Read more
AI NewsCybersecurityThreat Intelligence

Iranian Hackers Deploy MuddyViper Backdoor in Targeted Israeli Attacks

Iran-linked MuddyWater group uses MuddyViper backdoor to target Israeli sectors, exploiting spear-phishing and legacy systems.

Read more
AI NewsCybersecurityThreat Intelligence

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

Bloody Wolf targets Kyrgyzstan and Uzbekistan with Java-based loaders delivering NetSupport RAT in sector-wide phishing attacks.

Read more
AI NewsCybersecurityThreat Intelligence

CISA Warns of Active Spyware Campaigns Hijacking Signal and WhatsApp Users

CISA alerts users to ongoing spyware campaigns targeting high-value individuals via Signal, WhatsApp, and Android, with identified campaigns impacting fewer than 200 WhatsApp users.

Read more
AI NewsCybersecurityThreat Intelligence

JackFix Attack Circumvents ClickFix Mitigations

JackFix, a new ClickFix variant, bypasses security mitigations with psychological phishing and runtime obfuscation, causing hundreds of VirusTotal reports.

Read more
AI NewsCybersecurityThreat Intelligence

ToddyCat APT Enhances Tools to Steal Outlook Emails & Microsoft 365 Tokens

ToddyCat upgrades hacking tools like TCSectorCopy and TomBerBil to steal corporate email and Microsoft 365 access tokens, impacting data security.

Read more
AI NewsCybersecurityThreat Intelligence

Scale IR Tabletop Exercises — Best Practices & Steps to Build a Plan

This week’s cybersecurity recap details a record 15.72 Tbps DDoS attack mitigated by Microsoft and multiple 0-day exploits affecting Fortinet and Chrome.

Read more
AI NewsCybersecurityThreat Intelligence

6 Black Hat Laws: Cybersecurity's New Frontline Against Silent Attacks

A 2025 cybersecurity framework reveals how attackers exploit governance logic, not just code, to infiltrate enterprises.

Read more
AI NewsCyber SecurityThreat Intelligence

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

Iranian threat actors used cyber operations, including mapping ship AIS data, to support a failed missile strike, demonstrating ‘cyber-enabled kinetic targeting’.

Read more
AI NewsCybersecurityThreat Intelligence

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

UNC1549, an Iranian threat actor, successfully breached 11 European telecom companies via a LinkedIn-based social engineering campaign.

Read more
AI NewsCybersecurityThreat Intelligence

Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion

Researchers uncovered a failed 2025 cyberattack on a US real estate firm utilizing the Tuoni C2 framework and steganographic payload delivery.

Read more
AI NewsCybersecurityThreat Intelligence

Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets

Iran’s APT42 launched the ‘SpearSpecter’ campaign in September 2025, targeting defense and government officials with the TAMECAT malware.

Read more
AI NewsCybersecurityThreat Intelligence

Trojanized ESET Installers Used in Phishing Campaigns to Deploy Kalambur Backdoor in Ukraine

A Russia-aligned threat group, InedibleOchotense, is exploiting ESET's reputation through phishing attacks to deploy the Kalambur backdoor in Ukraine, alongside Sandworm's wiper campaigns and RomCom's WinRAR 0-day exploits.

Read more
AI Newscyber securitythreat intelligence

Why SOC Burnout Can Be Avoided: Practical Steps

Discover how SOC teams can prevent burnout through real-time analysis, automation, and threat intelligence integration, achieving 3× efficiency and reducing workload by 20%.

Read more
AI NewsCybersecurityThreat Intelligence

Operation SkyCloak: Tor-Powered OpenSSH Backdoor Targeting Defense Sectors

Researchers reveal a sophisticated cyber campaign, Operation SkyCloak, using Tor-enabled OpenSSH backdoors to target defense networks in Russia and Belarus via phishing attacks.

Read more
AI NewsCybersecurityThreat Intelligence

New HttpTroy Backdoor Exploits South Korean Targets via Phishing Campaign

North Korea-linked group Kimsuky deploys HttpTroy backdoor via phishing emails posing as VPN invoices, enabling full system control and stealthy persistence in South Korea.

Read more
AI NewsCybersecurityThreat Intelligence

Weekly Cybersecurity Recap: Emerging Threats, Vulnerabilities, and Industry Developments (2025-11-03)

A detailed summary of critical cyber threats, exploits, and updates from late 2025, including nation-state attacks, AI-driven vulnerabilities, and new security tools.

Read more
AI NewsCybersecurityThreat Intelligence

3 SOC Challenges You Need to Solve Before 2026

AI-driven attacks and alert overload are forcing SOCs to adopt interactive malware analysis and threat intelligence, with a projected need to reduce risk and prove ROI by 2026.

Read more
AI NewsCyber SecurityMalware Analysis

Konni Hackers Exploit Google Find Hub for Remote Data-Wiping and Multi-Group Cyber Threats

North Korea-linked Konni hackers weaponize Google's Find Hub for remote device wiping, while Lazarus and Kimsuky groups deploy advanced malware in targeted campaigns.

Read more
AI NewsCyber SecurityThreat Intelligence

China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

A China-linked cyber espionage group, Tick, is exploiting a critical zero-day vulnerability (CVE-2025-61932) in Motex Lanscope Endpoint Manager to hijack corporate systems, deploy backdoors, and exfiltrate data, as revealed by cybersecurity firm Sophos.

Read more
AI NewsCybersecurityThreat Intelligence

ThreatsDay Bulletin: Emerging Cybersecurity Threats and Vulnerabilities in 2025

A comprehensive overview of 2025's critical cybersecurity threats, including DNS poisoning, supply-chain attacks, Rust-based malware, and rising ransomware trends, as detailed in The Hacker News' ThreatsDay bulletin.

Read more