Team Mirai and Democracy
Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different wa...
Campaigns
20 articles
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-nativ...
North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware
North Korea-linked threat actors use VS Code auto-run tasks to spread StoatWaffle malware via malicious projects that execute on folder open. North Korea-lin...
FBI: Iranian hackers targeting opponents with Telegram malware
The campaign goes back to 2023 but is the subject of an alert amid conflict in the Middle East. The post FBI: Iranian hackers targeting opponents with Telegr...
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as Stoat...
An AI-powered phishing campaign has compromised hundreds of organizations
Huntress researchers said it’s likely the victims they've identified represent just a fraction of compromised organizations worldwide. The post An AI-powered...
From Vision to Real-time Threat Intelligence: TruLens for ETM
Peer benchmarks, exposure timing, and threat actor insight, orchestrated by agentic AI to turn TruRisk into decisions you can defend.
Operation Alice Takes Down 370,000+ Dark Web Sites
German-led policing effort against fraud operation disrupts countless CSAM and cybercrime sites
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like Wha...
The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico
Kaspersky SOC uncovered and analyzed a complex Horabot campaign in Mexico. In this article we share insights into how it is unleashed and how to hunt for thi...
Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears
Armis reveals that “mutually assured disruption” is no longer preventing state-backed attacks
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repo...
FBI Calls for Help to Track Steam Malware Campaign
The FBI wants to hear from gamers who have downloaded Steam titles containing malware
Law Enforcement Dismantles SocksEscort Proxy Network in Operation Lightning
Operation Lightning sees international law enforcement partners shut down ‘SocksEscort,’ a major malicious proxy service used by cybercriminals worldwide
Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia
An espionage operation demonstrated strategic operational patience against targets in Southeast Asia, deploying custom backdoors. The post Suspected China-Ba...
“Handala Hack” – Unveiling Group’s Modus Operandi
Key Findings Introduction Handala Hack, also tracked by Check Point Research as Void Manticore, is an Iranian threat actor that is known for multiple destruc...
Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury
In the wake of Operation Epic Fury, digital attacks have shifted from quiet espionage to a loud, coordinated campaign of economic and physical retaliation. I...
Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign
Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, war...
BlackSanta EDR-Killer Targets HR Teams in CV-Themed Campaign
BlackSanta malware targets HR staff with fake resumes, kills EDR and steals system data
When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation
Overview Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by a...