The European Union continues to face a complex web of cyber threats, according to the 2025 ENISA Threat Landscape report. Covering incidents from July 2024 through June 2025, the report details how a variety of threat actors are targeting the EU’s digital infrastructure with overlapping tactics, highly technical attack models, and heightened collaboration. The EU Threat Landscapeand Converging Threat Groups ENISA’s latest analysis, based on 4,875 recorded cybersecurity incidents, reveal...| Cyble Podcast | Cybersecurity & Threat Intelligence Insights
Australia’s rich resources and high median wealth make the country an attractive target for threat groups, and ransomware groups have taken notice. Ransomware groups have claimed 71 attacks on Australian organizations thus far in 2025, compared to just nine in New Zealand. Both countries have experienced significant ransomware attacks this year, however, and some with supply chain implications, so we discuss 10 significant recent incidents below involving both Australia and New Zealand. ...| Cyble Podcast | Cybersecurity & Threat Intelligence Insights
A new report from the leader in the generative AI boom says AI is being used in existing workflows, instead of to create new ones dedicated to malicious hacking. The post OpenAI: Threat actors use us to be efficient, not make new tools appeared first on CyberScoop.| CyberScoop
Today, we are taking some big steps forward in our mission to help build a better Internet. Cloudflare is giving everyone free access to 10+ different website and network security products and features.| The Cloudflare Blog
SANTA CLARA, Calif.–(BUSINESS WIRE)–Cequence, a pioneer in API security and bot management, today announced a new partnership with Netskope, a leader in secure access service edge (SASE). Through the partnership, Netskope customers can now leverage unique API threat intelligence from the Cequence Unified API Protection (UAP) platform to unlock insights into real-world threats and ultimately strengthen organizational […]| Merchant Fraud Journal
BOSTON–(BUSINESS WIRE)–Lookout, Inc., the data-centric cloud security company, today announced it has been named a leader in The Forrester Wave™: Mobile Threat Defense Solutions, Q3 2024 report. According to the report, Lookout Mobile Endpoint Security balances powerful mobile security with user experience to provide a strong set of features across the spectrum of mobile security and deep threat […]| Merchant Fraud Journal
Cybersecurity has been stuck in reaction mode for too long. Detect, respond, patch, repeat. That cycle isn’t working anymore especially not when threat actors are moving faster, scaling wider, and using AI to outpace defenders.| blog.eclecticiq.com
Fighting ransomware isn’t about more data — it’s about smarter context. Veteran Jeremy Nichols reveals how to outpace threats with automation.| blog.eclecticiq.com
Executive summary On June 2, 2025, EclecticIQ analysts observed the emergence of GLOBAL GROUP, a new Ransomware-as-a-Service (RaaS) brand promoted on the Ramp4u forum by the threat actor known as “$$$”. The same actor controls the Black Lock RaaS [1] and previously managed Mamona [2] ransomware operations. GLOBAL GROUP targets a wide range of sectors across the United States and Europe. EclecticIQ assesses with medium confidence that GLOBAL GROUP was likely established as a rebranding...| EclecticIQ Blog
Executive Summary On May 7, 2025, during the active military escalation between Pakistan and India—specifically in the context of India's military campaign 'Operation Sindoor'—, EclecticIQ analysts observed that Bitter APT (also known as TA397)[1] very likely targeted the Pakistan Telecommunication Company Limited (PTCL) workers[2] in a spear phishing campaign very likely to deliver malware. Analysts assess that, Bitter APT is very likely a South Asian state-sponsored actor, conducting cy...| EclecticIQ Blog
Executive Summary On Thursday, May 15, 2025, Ivanti disclosed two critical vulnerabilities - CVE-2025-4427 and CVE-2025-4428 - affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. [1] These vulnerabilities can be chained to achieve unauthenticated remote code execution (RCE) on exposed systems.| EclecticIQ Blog
Executive Summary EclecticIQ analysts assess with high confidence that on May 11, 2025, pro-Kremlin disinformation group Storm-1516 [1] amplified a fabricated story on X, falsely claiming European leaders used drugs while traveling by train to Kyiv for peace talks, aiming to undermine the European support for Ukraine [2]. Independent fact-checkers quickly debunked the false rumour, which was based on a photo of a paper napkin likely deliberately misidentified as a “bag of cocaine.”[3]| EclecticIQ Blog
Regional APT Threat Situation In August 2025, the global threat hunting system of Fuying Lab detected a total of 23 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations, the most […] The post NSFOCUS Monthly APT Insights – August 2025 appeared first on NSFOCUS, Inc., a global network and cyber security leader, ...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
This report on cybercrime, hacktivist and APT groups targeting primarily Russian organizations provides an analysis and comparison of their TTPs and divides them into three clusters.| securelist.com
When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They| Help Net Security
Microsoft’s Digital Crimes Unit (DCU) has disrupted RaccoonO365, the fastest-growing tool used by cybercriminals to steal Microsoft 365 usernames and| Health-ISAC - Health Information Sharing and Analysis Center
Need a VirusTotal alternative? zvelo delivers human-curated, AI-powered threat & phishing intel with broad coverage and predictable pricing. The post zvelo. Smart, Cost Effective VT Alternative for Threat Intel. appeared first on zvelo.| zvelo
Authors: Yun Zheng Hu and Mick Koomen Introduction In the past few years, Fox-IT and NCC Group have conducted multiple incident response cases involving a Lazarus subgroup that specifically targets…| Fox-IT International blog
Regional APT Threat Situation In July 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Southeast Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations, […]| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
LazarOps: APT Tactics Targeting the Developers Supply Chain [PART 1]| Security Joes
Find crucial steps to take as a CISO to empower your SOC operations with threat intelligence to mitigate risks and improve key metrics.| ANY.RUN's Cybersecurity Blog
Explore why financial institutions are prime cybercrime targets and what features to seek in threat intelligence tools to protect assets and ensure compliance.| Searchlight Cyber
Perplexity is repeatedly modifying their user agent and changing IPs and ASNs to hide their crawling activity, in direct conflict with explicit no-crawl preferences expressed by websites.| The Cloudflare Blog
Imagine sipping your morning coffee, scrolling through your inbox, when a seemingly innocent ProtonMail message catches your eye. But this isn’t your typical email—it’s a credential-harvesting attempt targeting specific cloud services. Today, cybercriminals are not just focusing on well-known platforms like DocuSign and Microsoft. They’re expanding their reach, exploiting a variety of cloud apps such […] The post Is That Really ProtonMail? New Credential Harvesting Threats Targeting...| SlashNext
Discover how a groundbreaking AI solution neutralized a bold Black Basta-style cyberattack in under 90 minutes—the first AI solution in the industry.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Security assessment of Meta's Llama 4 Scout and Maverick models shows medium risk (52-58%) with notable jailbreak vulnerabilities.| protectai.com
In today’s threat landscape, CTI as it’s commonly practiced—charting IOCs, naming malware strains, passing around the same handful of YARA rules—isn’t cutting it anymore. We’ve built an industry around collecting the digital exhaust of attackers while leaving the drivers untouched. We’ve become comfortable with symptoms and allergic to root cause. That’s a problem. Because the […]| Krypt3ia
The 2025 Information Risk Insight Study reveals a 650% surge in cyberattacks. Discover trends and insights to strengthen your cybersecurity.| Alert Logic
Before starting, let’s understand a few terms,what is CNAPP? CNAPP aka cloud Native Application Protection Platform is all-in one cloud-native software platform that simplifies DevSecops practices.This term CNAPP was orignally coined by Gartner in 2021 CNAPPs make it simpler to embed security into the application lifecycle while providing superior protection for cloud workloads and data. A few core features of CNAPP are:- No Vendor Locking, with multi cloud support TI(Threat Intelligence)in...| hugs4bugs
Before jump over the onboarding of Microsoft Sentinel, let’s understand what MS Sentinel is? Definition: Microsoft Sentinel is a cloud native SIEM(Security information and Event Management) and SOAR(Security orchestration,automation,and response) solution,which delivers intelligent security analytics and threat intelligence. Why do we use it? To act as blue teaming as defensive security against attack detection,threat visibility,proactive hunting and threat response. In this blog we’ll be...| hugs4bugs
Before starting let’s understand a few steps of threat investigation and attackers’ mindset. Whenever attacker breaches a system or try to all logs are generated as Events and Incidents which can be fetched into SIEM tools like MS Sentinel , Qradar. These behaviours can be summarised into TTP viz Tactics : The high level description of the behaviour and strategy of a threat actor.It means how they behave across the different stages of the cyberattack kill chain. Usually these stages inclu...| hugs4bugs
Learn about the differences between EDR, MDR, and XDR solutions—and how they each alleviate the challenges of cybersecurity teams.| ThreatDown by Malwarebytes
Where does cyber risk come from? Read our blog to find out as well as learn how vulnerabilities can be identified before cybercriminals spot them.| Searchlight Cyber
KMSpico is one of the most popular hack tools for activating pirated copies of Microsoft products. Here’s why we don’t recommend it.| ThreatDown by Malwarebytes
A trusted root certificate is the cornerstone of authentication and security on the Internet. But even this can be abused. Read on to learn how.| ThreatDown by Malwarebytes
Learn how SIEM enables real-time threat monitoring for swift identification and response to emerging cyber threats.| Govindhtech
March 2025 saw a huge number of ransomware attacks, and the Pennsylvania State Education Association quietly notify over 500,000 current and former teachers that hackers infiltrated its networks last…| ThreatDown by Malwarebytes
Threat intelligence platforms help analyze and share cyber threat data. Discover top TIPs , their features, use cases, and comparisons.| eSecurity Planet
A notable trend in cyber threats nowadays is the exploitation of vulnerabilities in drivers through the Bring Your Own Vulnerable Driver...| Security Joes
Security Joes Incident Response team recently became aware of a set of relatively new CVEs that were released at the end of March 2023....| Security Joes
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may...| Security Joes
In September of last year, our Incident Response team was called to an incident that was identified as an attempt of social engineering...| Security Joes
Recent attacks documented in previous months seem to be orchestrated by hacking groups using a framework called Raspberry Robin. This...| Security Joes
PlugX is a malware family first spotted in 2008. It is a Remote Access Trojan that has been used by several threat actors and provides...| Security Joes
Microsoft Threat Intelligence has identified a shift in tactics for Silk Typhoon, a Chinese state-sponsored espionage group, to target remote management tools| RH-ISAC
Watch how zvelo enhances phishing protection solutions with real-time intelligence that helps block phishing attacks before harm occurs.| zvelo
Sandworm APT targets Ukrainian users with Trojanized Microsoft KMS tools for cyber espionage, leveraging pirated software to exfiltrate sensitive data and compromise critical infrastructure.| blog.eclecticiq.com
Date: 2.13.25 🚨 Top Headlines Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job Summary: Tools typically employed by Chinese cyberespionage groups have been used in a recent ransomware attack, likely by an individual hacker, Symantec notes in a fresh report. The toolset includes a legitimate Toshiba executable deployed on the victims’ systems to sideload […]| Krypt3ia
Date: 2.5.25 🚨 Top Headlines Five Eyes Launch Guidance to Improve Edge Device Security Summary: The UK’s leading cybersecurity agency and its Five Eyes peers have produced new guidance for manufacturers of edge devices designed to improve baseline security. GCHQ’s National Cyber Security Centre (NCSC) and allies in Australia, Canada, New Zealand and the US […]| Krypt3ia
Mission "Data Destruction": A Large-scale Data-Wiping Campaign Targeting Israel| Security Joes
Threat intelligence plays a crucial role in cybersecurity decision-making. It involves identifying and gathering cybersecurity information.| CIP Blog
Explore emerging credential harvesting threats targeting cloud apps like ProtonMail, Gravatar, and telecoms. Learn tactics, risks, and how to stay secure.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Discover how a groundbreaking AI solution neutralized a bold Black Basta-style cyberattack in under 90 minutes—the first AI solution in the industry.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
We analyze an example of how the Black Basta ransomware group uses PowerShell to prepare their attack| ThreatDown by Malwarebytes
The emergence of the Internet of Things, or IoT, as it’s commonly known, has been a massive boon to just about every aspect of our society. It allows a multitude […]| Planet Mainframe
EclecticIQ analysts discovered phishing campaigns targeting financial institutions driven by a Phishing-as-a-Service (PhaaS) platform called ONNX Store.| blog.eclecticiq.com
Ist ja schön, dass wir im ersten Artikel "Modern Honeypot Network – Teil 1: Kommandozentrale auf DigitalOcean" eine Kommandozentrale eingerichtet haben, um unsere Honeypots zu kontrollieren. Aber wie bekommen wir es nun hin, dass hier auch wirklich Daten ankommen? Wir müssen dazu unseren ersten Honeypot einrichten bzw. unseren ersten "Sensor" installieren. Ich habe mich dafür […]| Tizian Kohler
Letztens kam mir die Idee einen Honeypot aufzusetzen, um Daten über das Vorgehen von Hackern zu sammeln. Also habe ich mich damit beschäftigt und mir mit Modern Honeypot Network (MHN) ein passendes Framework gesucht. Da ich keinen lokalen Honeypot aufsetzen wollte, habe ich eine cloudbasierte Variante mit DigitalOcean realisiert. In diesem Beitrag beschreibe ich kurz […]| Tizian Kohler
Kaspersky's CTI analysts recently released their Asian APT groups report, including details on behavior by different adversaries. Followin...| blog.virustotal.com
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.| blog.eclecticiq.com
This post is the fifth of a series on Threat Intelligence Automation topic. Post 1: Architecture and Hardening of MineMeld Post 2: Foundation: write a custom prototype and SOC integration Post 3: E…| Scubarda
MD5 is known to be broken for more than a decade now. Practical attacks have been shown since 2006, and public collision generator tools are also available since that time. The dangers of the developed collision attacks were demonstrated by academia and white-hat hackers too, but in case of the Flame malware we’ve also seen malicious parties exploiting the weaknesses in the wild.| Silent Signal Techblog
Explore how curated threat intelligence offers a strategic, cost-effective solution in the face of cybersecurity budget cuts.| zvelo
AI-fueled social engineering tactics are a potent initial infection vector for ransomware as well as a myriad of other cyber threats.| zvelo
This post explores Defense-in-Depth, a comprehensive strategy with a multi-layered approach to modern threat protection.| zvelo
