Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
The attack abused misconfigured conditional access policies to bypass multi-factor authentication protections.
SOCRadar researchers found one operator logged into both INC Ransom and Lynx negotiation panels using FortiBleed’s own ...
A fileless malware framework has been abusing Google's Blogspot platform to deliver the PureLog Stealer entirely in memory, letting attackers steal credentials while leaving few traces on disk.
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool ...
A wave of phishing emails sent to Booking.com partner accommodations in Japan in May led to blockchain-hosted malware ...
AWS has recently announced the AWS Workload Credentials Provider to automatically deliver and refresh certificates and ...
The malware program has been deployed across multiple sectors since April, helping to provide initial access sold to ransomware gangs.
Law enforcement dismantled 326 servers and 142 domains tied to Amadey and StealC, recovering 27 million stolen credentials.
On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
Mapping detections and controls to MITRE ATT&CK: a practical guide for technical teams MITRE ATT&CK is useful because it gives technical teams a common language for describing adversary behaviour. For ...