-
A high-volume phishing campaign leveraging the Phorpiex botnet has been distributing GLOBAL GROUP ransomware through weaponized Windows shortcut files. The attack begins with an email attachment named Document.doc.lnk. Windows’ default behavior o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new offensive security tool named “RecoverIt” has been released, offering red teamers a stealthy method for lateral movement and persistence by abusing the Windows Service recovery mechanism. The tool circumvents traditional detection met…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security researcher has released a new proof-of-concept (PoC) tool on GitHub designed to stop ransomware at the deepest level of the operating system. Part of a broader Endpoint Detection and Response (EDR) strategy named “Sanctum,” the p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity firm eSentire’s TRU break down the Russian Prometei botnet attack on a UK firm, detailing its TOR usage, password theft and decoy tactics.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new spear phishing campaign that weaponizes a forgotten file type to bypass modern defenses. Attackers are luring victims into downloading Windows screensaver (.scr) files, which silently deploy legitimate Remote Monitoring and Management (RMM) softw…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The inner workings of LockBit 5.0, a sophisticated ransomware variant targeting Windows, Linux, and VMware ESXi systems simultaneously. This latest version represents a significant evolution in the cyber threat landscape, demonstrating how ransomware o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WatchGuard has released a critical security update for its Mobile VPN with IPSec client for Windows to address a privilege escalation vulnerability. The flaw, originating in the underlying software provided by NCP engineering, allows local attackers to…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has officially begun rolling out native System Monitor (Sysmon) functionality to Windows 11, marking a significant shift for threat hunters and security operations centers (SOCs). Released via the Windows 11 Insider Preview Build 26300.7733 (…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new campaign by the Russian-linked group APT28, called Op Neusploit, exploits a Microsoft Office flaw to steal emails for remote control of devices in Ukraine, Slovakia, and Romania.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is making a significant move to strengthen Windows security by phasing out NTLM (New Technology LAN Manager). This legacy authentication protocol has been part of Windows for over 30 years. The company plans to disable NTLM by default in upco…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
