Threat Intel News

Mastodon’s flagship server was hit by a DDoS attack, causing temporary disruptions. The decentralized nature of its network helped mitigate wider impacts. Countermeasures were quickly deployed to restore service.

Iran's MOIS is using multiple hacker personas in a coordinated cyber campaign. These attacks target governments and organizations, blending cyber intrusions with psychological operations. Understanding this threat is crucial for enhancing cybersecurity measures.

A Chinese operative stalked figure skater Alysa Liu's father, revealing a broader campaign against dissidents in the US. This alarming case highlights transnational repression.

U.S. authorities have taken down the W3LL phishing ring, while AgingFly malware targets Ukrainian systems. A critical Nginx vulnerability is being exploited, risking server control. Immediate updates are essential for protection.

A threat actor successfully enumerated an Active Directory environment using PowerShell without triggering alerts. This incident reveals a significant detection gap in security monitoring. Understanding how ADWS operates is crucial for improving defenses against such tactics.

Europol has emailed 75,000 suspected DDoS attackers urging them to cease their activities. This operation led to arrests and domain takedowns, highlighting the ongoing threat of DDoS attacks.

A new method using Event 5156 allows for accurate attribution of ADWS queries to their real source IP. This is crucial for effective threat detection. By correlating events, security teams can enhance their monitoring capabilities and respond to potential threats swiftly.

A recent vulnerability in a staging environment highlights the often-overlooked security risks. Attackers target these systems, making them a crucial part of your security strategy.

Operation PowerOFF has dismantled 53 DDoS domains and warned over 75,000 users, exposing data from 3 million accounts in a significant international crackdown on cybercrime.

A Bluetooth tracker sent to a Dutch navy frigate revealed its location, exposing a major operational security lapse. This incident highlights vulnerabilities in military protocols. The Dutch Ministry of Defence is now reviewing its mailing policies to prevent future breaches.

A recent domain compromise was effectively contained using predictive shielding. This proactive approach prevented credential abuse and halted the threat actor's lateral movement. Organizations can learn from this incident to improve their defenses against similar attacks.

Supply chain vulnerabilities are a significant risk for SMBs. Understanding these blind spots is crucial for operational resilience. Major attacks have shown how quickly disruptions can cascade across industries.

Join our upcoming webinar to learn how MSPs can rethink their security and recovery strategies against evolving cyber threats like phishing and ransomware. Discover practical insights to enhance your defenses and ensure business continuity.

Sapphire Sleet, a North Korean threat actor, has launched a new macOS intrusion campaign that uses social engineering to deliver malware disguised as a legitimate software update. This article analyzes the attack lifecycle and offers defensive measures.

Kejia Wang and Zhenxing Wang sentenced for facilitating a North Korean scheme that infiltrated U.S. businesses, raising significant national security concerns.

AI-generated narratives are creating fictional data breaches, leading to unnecessary panic and crisis responses. Organizations must adapt to this new threat vector quickly to mitigate risks.

The Cyber Centre has launched CIREN to help critical infrastructure organizations prepare for severe cyber threats. This initiative aims to enhance resilience and response strategies, ensuring essential services remain operational during crises.

Research reveals a surge in cyber-enabled cargo theft linked to organized crime, with hackers employing advanced tactics to infiltrate logistics firms and steal valuable cargo.

Microsoft warns that attackers are increasingly abusing Microsoft Teams to impersonate IT helpdesk staff, tricking employees into granting remote access that leads to data theft. This evolving tactic relies on social engineering and legitimate tools, complicating detection efforts.

In Q4 2025, the industrial automation sector faced a significant increase in malware threats, particularly from Backdoor.MSIL.XWorm, highlighting vulnerabilities across various regions and industries.

A pro-Russian hacker group attempted to breach a thermal power plant in Sweden, signaling a troubling escalation in cyber threats to critical infrastructure across Europe.

A new guidance document has been released to help ISPs and network defenders mitigate risks from bulletproof hosting providers. These services pose a significant threat to critical systems. By following the recommendations, organizations can enhance their cybersecurity posture and reduce the effectiveness of cybercriminal activities.

Canada’s water systems are under increasing cyber threat from criminals and state-sponsored actors. This report highlights vulnerabilities and essential mitigation strategies to protect clean water infrastructure.

Noah Christopher, a German cybercrime operator, was arrested in Thailand for running DDoS attack services. He faces 74 warrants in Germany. His platforms may still be active, posing ongoing risks.

Former Black Basta affiliates are ramping up social engineering attacks targeting senior executives, with a focus on remote access tools and automated phishing tactics.

A surge in brute-force cyberattacks from the Middle East is raising alarms, particularly targeting SonicWall and Fortinet devices amidst ongoing geopolitical tensions.

In 2025, state-sponsored threats from China, Russia, North Korea, and Iran showcased similar tactics despite differing objectives. Understanding these patterns is crucial for defense.

China-aligned hackers are stealing cloud credentials using a Linux backdoor. This attack affects major cloud providers and could lead to significant data breaches. Security measures are urgently needed to combat this threat.

Cybercriminals are increasingly using vishing attacks to compromise Okta identity systems, posing significant risks to corporate data security. This evolving tactic highlights vulnerabilities in identity management workflows.

Hybrid attacks targeting Germany's critical infrastructure are increasing. Military and civilian sectors face heightened risks from state-sponsored hackers. NATO exercises aim to strengthen defenses.

Attackers are increasingly exploiting Microsoft 365 mailbox rules to maintain access and exfiltrate sensitive data post-compromise. This stealthy technique poses significant risks, as these rules persist even after password resets, allowing continued data leakage.

APT41 is leveraging a new 'zero-detection' backdoor targeting cloud services, utilizing advanced techniques to harvest credentials without detection.

OpenAI's involvement in the Axios supply chain hack underscores the growing sophistication and speed of cyber threats, particularly from nation-state actors like North Korea.

Handala has claimed responsibility for a major cyberattack on three UAE organizations, alleging massive data destruction and theft.

A new research project aims to detect cybercrime on Telegram using AI. This could help authorities track illegal activities on the platform. Understanding these threats is vital for cybersecurity.

The FBI's secret Group 78 is reportedly using covert tactics against ransomware groups like Black Basta. This has raised tensions with European law enforcement agencies. The fight against ransomware is intensifying, but cooperation is key.

Hackers have gained control over Venice's San Marco flood defense system, raising serious concerns about the vulnerability of critical infrastructure and operational technology.

The latest Security Affairs newsletter reveals critical threats, including Iranian APTs targeting U.S. devices and a ransomware attack on healthcare services in Europe, alongside new vulnerabilities affecting major software platforms.

A new podcast episode reveals how cyberattacks unfold from start to finish. Learn about the tactics used by attackers and how organizations can better prepare. This insightful discussion emphasizes the importance of incident readiness and resilience.

The Linux threat landscape is changing, with ransomware and nation-state actors increasingly targeting Linux systems. Understanding these threats is vital for security.

The FBI has disrupted a significant cyber espionage operation by the Russian GRU, targeting thousands of compromised TP-Link routers across the U.S. and stealing sensitive user data.

Iranian APT actors are targeting over 5,200 exposed Rockwell PLCs, primarily in the U.S., raising alarms about critical infrastructure security and potential disruptions.

The UK has revealed covert Russian submarine operations near critical undersea infrastructure, raising alarms about potential sabotage risks to connectivity. Recent reports indicate that these operations were aimed at gathering intelligence on subsea cables.

CISOs can learn valuable lessons from musk oxen about managing third-party risks. Recent cyberattacks highlight the importance of collaborative strategies. By working together, organizations can enhance their security posture against vulnerabilities.

The Contagious Interview campaign is growing, with new malicious packages targeting sensitive data. North Korean group UNC1069 is behind this expansion, raising alarms for users.

Russia's Fancy Bear APT is on the attack again, targeting various organizations. Experts warn that patching and zero trust measures are essential. Stay vigilant to protect against these sophisticated threats.

CyberAv3ngers, an IRGC-linked group, is increasingly targeting critical U.S. infrastructure, raising alarms about the security of over 5,200 vulnerable devices.

Hackers are targeting U.S. critical infrastructure, raising alarms. NERC is closely monitoring the grid for potential disruptions. This threat emphasizes the need for robust cybersecurity measures.

Bill Largent reveals how strategy games can sharpen threat hunting skills. By understanding patterns, analysts can outsmart evolving cyber threats. Discover how to defend against these tactics.

The U.S. Treasury Department is launching a cyber threat intelligence sharing initiative for cryptocurrency firms, aiming to enhance their defenses against rising cyber threats.