FIN6 has shifted from traditional financial fraud to employing sophisticated social engineering tactics, impersonating job seekers to target recruiters and deploy malware. They use convincing resumes, fake domains, and advanced evasion techniques to deliver the ‘More Eggs’ backdoor, emphasizing the importance of cautious verification processes. #FIN6 #MoreEggs
Tag: CLOUD
FIN6, also known as Skeleton Spider, employs sophisticated social engineering tactics leveraging professional job platforms to distribute the Moreeggs backdoor via cloud-hosted malicious infrastructure. Their campaigns utilize fake resumes, CAPTCHA protections, and environmental filtering to evade detection and deliver ransomware and credential theft malware. #FIN6 #Moreeggs #Skeleton_Spider
Modern enterprise networks depend heavily on non-human identities (NHIs) like API keys and service accounts, which are expanding rapidly and presenting significant security risks. Managing and securing NHIs is critical as they are prime targets for cyberattacks, and organizations are increasing their cybersecurity investments accordingly. #NHIs #identitymanagement…
Security researchers uncovered five zero-day vulnerabilities and 15 misconfigurations in Salesforce Industry Cloud, affecting numerous organizations across various sectors. Salesforce addressed some vulnerabilities quickly, but many misconfigurations remain exploitable, posing serious security risks. #SalesforceIndustryCloud #ZeroDayVulnerabilities…
DanaBot is a Malware-as-a-Service platform active since 2018, known for operating under an affiliate model facilitating banking fraud and credential theft. A memory leak vulnerability named DanaBleed in DanaBot’s C2 server, discovered in 2022, exposed sensitive internal data until the infrastructure was dismantled in 2025 under Operation Endgame. #DanaBot #DanaBleed #OperationEndgame
Trend Vision One™ – Threat Intelligence enhances proactive security by providing retrospective scanning and container-aware visibility to detect past and ongoing threats in diverse environments. It integrates real-time data, MITRE ATT&CK mapping, and automated investigations to enable faster, intelligence-driven incident response. #TrendVisionOne #ThreatInsights #ContainerSecurity…
SentinelLABS detected and thwarted reconnaissance and intrusion operations linked to the PurpleHaze and ShadowPad activity clusters, attributed with high confidence to China-nexus threat actors targeting SentinelOne and related organizations. Despite multiple sophisticated attacks between 2024 and 2025, SentinelOne’s infrastructure remained uncompromised, underscoring persistent threats to cybersecurity vendors and global industries. #PurpleHaze #ShadowPad #GOREshell #APT15 #UNC5174
Paragon, a spyware manufacturer, terminated its contract with Italy after the government committee refused independent verification of alleged misuse against a journalist. The report confirmed Italian intelligence agencies used Paragon’s Graphite spyware, but found no evidence of targeting journalist Francesco Cancellato. #Paragon #Graphite #Italy #COPASIR #Cancellato…
Recent cyberattacks in Texas and Illinois have led to the theft of sensitive personal data, including crash reports and employee information. These incidents highlight vulnerabilities in government systems and the importance of robust cybersecurity measures. #TxDOT #HFS #data breach…
A cybercrime group called DarkGaboon has been conducting targeted ransomware attacks on Russian companies across multiple sectors, using LockBit 3.0 ransomware and phishing emails in Russian. Although their methods are similar to other LockBit operations, DarkGaboon operates independently and primarily targets financial departments with malicious documents. #DarkGaboon #LockBit3.0 #RussianCyberattacks…
A major U.S. food distributor, United Natural Foods, experienced a cyberattack disrupting its operations and customer order fulfillment. The company is actively investigating the incident with law enforcement and cybersecurity experts. #UnitedNaturalFoods #Cyberattack #FoodDistribution #SEC…
Brett Leatherman, a seasoned FBI cybersecurity expert, has been appointed as the assistant director of the FBI’s Cyber Division, taking over from Bryan Vorndran. He aims to enhance collaboration across government, industry, and international partners to disrupt cyber threats and support victims. #FBI #CyberDivision #CyberThreats #Leatherman #Vorndran…
Guardz is a cybersecurity startup focused on providing an all-in-one platform for small and medium-sized businesses, securing $56 million in Series B funding. The company’s AI-powered detection and response platform integrates multiple security functions and expands its reach in the U.S. market. #SentinelOne #MSPs…
Recent cyberattacks targeting smartphones used by government, political, tech, and journalism professionals reveal China’s sophisticated cyberespionage efforts. These attacks highlight the growing vulnerability of mobile devices and apps, posing significant risks to national security. #ChineseHackers #iVerify…
Blue Teams are essential in defending organizational IT environments by monitoring threats and responding with structured playbooks. Wazuh enhances these efforts by providing real-time detection, automation, and comprehensive incident management tools. #CredentialDumping #WebShells #DataExfiltration #BruteForceAttacks #Wazuh