threat actor tactics – Threat Note

From The Hacker News – SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. "The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for

shaikh Saqib April 4, 2025

News

From Security Week – US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations

[[{"value":"US and allied countries warn of threat actors using the “fast flux” technique to change DNS records and hide malicious servers’ locations. The post US, Allies Warn of Threat Actors…

shaikh Saqib April 4, 2025

News

From Dark Reading – Gootloader Malware Resurfaces in Google Ads for Legal Docs

Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising. Read More

shaikh Saqib April 2, 2025

News

From The Hacker News – VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a

shaikh Saqib March 24, 2025

News

From The Hacker News – CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to

shaikh Saqib March 20, 2025

News

From Cyber Security News – Lazarus Hackers Exploiting IIS Servers to Deploy ASP-based Web Shells

Researchers have identified a series of sophisticated attacks by the notorious Lazarus group targeting South Korean web servers. The threat actors have been breaching IIS servers to deploy ASP-based web…

shaikh Saqib March 14, 2025

Webinars

From Security Week – Webinar Today: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks

[[{"value":"How hyper agenda-driven threat actors, cybercriminals, and nation-states integrate digital, narrative, and physical attacks to target organizations through their executives. The post Webinar Today: Protecting Executives and Enterprises from Digital,…

Samir K March 12, 2025

News

From The Hacker News – ⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact

Cyber threats today don't just evolve—they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds—ranging from nation-state espionage and ransomware to manipulated AI chatbots—the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can our

shaikh Saqib March 10, 2025

News

From Cyber Security News – Hackers Leveraging Compromised Email Server To Send Fraudulent Emails

In a sophisticated business email compromise (BEC) attack recently uncovered by Trend Micro Managed XDR team, threat actors exploited a compromised third-party email server to conduct fraudulent financial transactions between…

shaikh Saqib March 10, 2025

News

From Cyber Security News – SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details

A new ransomware group, SecP0, has emerged on the cybercrime landscape, adopting a novel and deeply concerning tactic: demanding ransom payments not for encrypted data, but for undisclosed software vulnerabilities. …

shaikh Saqib March 6, 2025

News

From Dark Reading – Phishers Wreak ‘Havoc,’ Disguising Attack Inside SharePoint

A complex campaign allows cyberattackers to take over Windows systems by a combining a ClickFix-style attack and sophisticated obfuscation that abuses legitimate Microsoft services. Read More

shaikh Saqib March 4, 2025

News

From Cyber Security News – New Vulnerability in Substack let Attackers Take Over Subdomains

A newly disclosed edge case in Substack’s custom domain implementation allows threat actors to hijack inactive subdomains, potentially enabling content spoofing, phishing campaigns, and brand impersonation. The researcher identified 1,426…

shaikh Saqib March 3, 2025

Vulnerabilities

From Cybersecurity Help – New Ghostwriter campaign targets Ukrainian military and government orgs

Between 2020 and 2024, Ghostwriter used malicious Excel documents to deliver PicassoLoader and Cobalt Strike payloads. Read More

shaikh Saqib February 25, 2025

News

From The Hacker News – Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3

The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale. The latest iteration of the phishing suite "represents a significant

shaikh Saqib February 21, 2025

News

From Security Week – Lee Enterprises Newspaper Disruptions Caused by Ransomware

[[{"value":"Lee Enterprises has shared more details on the recent cyberattack, saying the attackers encrypted and stole files. The post Lee Enterprises Newspaper Disruptions Caused by Ransomware appeared first on SecurityWeek."}]] Read…

shaikh Saqib February 19, 2025