China's TA4922 Expands Cybercrime Attacks Globally
One of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia.
One of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia.
The post Termite Ransomware: Steganographic In-Memory Attack Analysis appeared first on Clearwater.
Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.
A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...]
By targeting large numbers of users, attackers increased their chances of success.
Pesquisadores da Calif publicaram ontem um exploit de negação de serviço (DoS) chamado “HTTP/2 Bomb”. Ele afeta a configuração padrão dos principais servidores web, incluindo nginx, Apache httpd, Microsoft IIS, Envoy e Cloudflare Pingora, conforme artigo no blog da empresa. A fal…
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has n…
A Cisco publicou, em 3 de junho de 2026, um aviso de segurança para corrigir uma vulnerabilidade de Server-Side Request Forgery (SSRF) no Cisco Unified Communications Manager (Unified CM) e na edição Session Management Edition (Unified CM SME), conforme comunicado oficial. A falh…
Cibercriminosos compraram entre 10% e 20% de todos os nomes de domínio de gTLDs criados em 2025, com pelo menos 8,5 milhões de domínios já incluídos em listas de bloqueio, segundo relatório do Interisle Consulting. O estudo estabelece que 10% é o piso, mas projeções indicam que o…
A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]
A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack …
Especialistas Sophos X-Ops, da força-tarefa da Sophos, descobriram que agentes de ameaças estão utilizando tecnologias de IA para testar táticas de evasão contra soluções de EDR (Detecção e Resposta de Endpoint) em uma estrutura de pós-exploração do tipo “red team”, numa espécie …
A CISA e mais oito agências do governo americano publicaram um alerta urgente sobre atividade maliciosa direcionada a sistemas automáticos de medição de tanques (ATG) expostos na internet. O grupo publicou um guia detalhado para hardening dos sistemas, que são amplamente utilizad…
Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. [...]
It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts brea…
North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk.
A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal com…
Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity clus…
Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]
Five Eyes warns that Chinese spies are using fake job ads on LinkedIn, Indeed, and Upwork to target military staff and steal sensitive data.