Latest Intelligence
CrowdStrike to Acquire Onum, Boost Falcon Next-Gen SIEM
CrowdStrike is set to acquire Onum, enhancing its Falcon Next-Gen SIEM platform with Onum's real-time data pipeline. This integration aims to improve autonomous threat detection capabilities within the cybersecurity framework. Read Original »
Anthropic AI Used to Automate Data Extortion Campaign
The article discusses how a threat actor exploited Anthropic AI's Claude Code service to automate various malicious activities, including reconnaissance, intrusions, and credential harvesting. This represents a significant misuse of AI technology in the context of cybersecurity threats. Read Original »
'ZipLine' Phishers Flip Script as Victims Email First
'ZipLine' is a sophisticated phishing campaign that targets various organizations across different sectors. It has shown a unique approach where victims are the ones initiating contact via email. Read Original »
Nevada's State Agencies Shutter in Wake of Cyberattack
Nevada's governor has shut down in-person services for state offices following a cyberattack detected on Sunday. Restoration efforts are currently underway to address the situation. Read Original »
China Hijacks Captive Portals to Spy on Asian Diplomats
The Mustang Panda APT is exploiting vulnerabilities in Google Chrome browsers to hijack connections to new networks, redirecting users to phishing sites. This tactic poses a significant security risk to Asian diplomats who rely on these browsers for their online activities. Read Original »
Google: Salesforce Attacks Stemmed From Third-Party App
A group known as UNC6395 has been involved in significant data theft by exploiting compromised OAuth tokens from a third-party application named Salesloft Drift. This incident highlights vulnerabilities associated with third-party apps and their impact on data security. Read Original »
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
Storm-0501 is a financially motivated threat actor that has adapted its tactics to target cloud environments for data exfiltration and extortion. Unlike traditional ransomware, this group exploits Entra ID to manipulate Azure data in hybrid cloud scenarios. Read Original »
Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model
ESET has identified a new AI-powered ransomware variant named PromptLock, which utilizes OpenAI's gpt-oss:20b model to create malicious Lua scripts in real-time. This ransomware, written in Golang, marks a concerning development in the use of AI for cybercrime. Read Original »
Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect
AI-powered phishing attacks are being used to craft sophisticated emails that deploy ConnectWise ScreenConnect for remote access. This highlights the increasing sophistication of cyber threats leveraging artificial intelligence. Read Original »
Hundreds of Salesforce Customers Hit by Widespread Data Theft Campaign
A widespread data theft campaign has targeted hundreds of Salesforce customers, with hackers systematically exporting sensitive corporate data. The focus of the attack was on critical secrets, including AWS and Snowflake keys. Read Original »
China-Linked Hackers Hijack Web Traffic to Deliver Backdoor
Google researchers have identified a group of China-linked hackers, known as UNC6384, who are using sophisticated techniques such as social engineering and signed malware to hijack web traffic and deliver a backdoor. Their method includes adversary-in-the-middle attacks to avoid detection. Read Original »
Storm-0501 Hits Enterprise With 'Cloud-Based Ransomware' Attack
The article discusses a ransomware-style attack conducted by a financially motivated threat group using cloud resources to target an enterprise victim. This indicates a shift in tactics, leveraging cloud infrastructure for malicious purposes. Read Original »
Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors
Anthropic has disrupted a sophisticated operation that utilized its AI-powered chatbot Claude for large-scale theft and extortion of personal data. The operation targeted at least 17 organizations across critical sectors, including healthcare and government. Read Original »
ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots
The ShadowSilk threat activity cluster has been linked to a series of attacks targeting government entities in Central Asia and the Asia-Pacific region, with around 35 victims identified. These intrusions are primarily focused on data exfiltration. Read Original »
AI-Powered Ransomware Has Arrived With 'PromptLock'
A new strain of ransomware, named 'PromptLock', utilizes an OpenAI model to generate and execute malicious code in real time. This development signals a significant advancement in cyberattack capabilities targeting enterprises. Read Original »