Lucene search
K

98 matches found

Malwarebytes
Malwarebytes
added 2026/05/20 3:33 p.m.30 views

Fake malware-signing service Fox Tempest dismantled by Microsoft

Microsoft says it dismantled a malware-signing-as-a-service MSaaS called Fox Tempest, which helped cybercriminals make malware appear legitimate. The service let customers submit malicious files to be digitally signed with short-lived Microsoft-issued certificates, making the malware look...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/20 2:36 p.m.33 views

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service MSaaS operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attribut...

5.8AI score
Exploits0
hivepro
hivepro
added 2026/05/04 4:7 p.m.8 views

Why VM Programs Suck

& From the Trenches This is the conversation I have with VM leads every week. It usually starts at minute thirty of a discovery call, after the official agenda is over and the Zoom faces relax. Someone says "can I be honest with you for a second?" — and then I get the list. Same complaints...

5.6AI score
Exploits0
HackRead
HackRead
added 2026/04/08 2:19 p.m.7 views

Storm-1175 Deploys Medusa Ransomware Within 24 Hours of Flaw Disclosure

Microsoft researchers have uncovered a fast-moving group, Storm-1175, launching high-speed Medusa ransomware attacks against healthcare and education sectors in the UK, US, and Australia by exploiting security flaws in as little as 24 hours...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/07 6:35 a.m.19 views

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and...

10CVSS7.4AI score0.99999EPSS
Exploits132
Microsoft Secure
Microsoft Secure
added 2026/04/06 4:0 p.m.20 views

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

In this article 1. Storm-1175’s rapid attack chain: From initial access to impact 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates...

10CVSS7.4AI score0.99999EPSS
Exploits161
The Hacker News
The Hacker News
added 2026/03/23 10:55 a.m.4 views

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/20 12:0 a.m.3 views

An Agentic Multi-Agent Architecture for Cybersecurity Risk Management

Getting a real cybersecurity risk assessment for a small organization is expensive -- a NIST CSF-aligned engagement runs $15,000 on the low end, takes weeks, and depends on practitioners who are genuinely scarce. Most small companies skip it entirely. We built a six-agent AI system where each age...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.20 views

PT-2026-25544

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Manipulation of the mode argument can lead to operating system command injection. This attack can be...

7.5CVSS7AI score0.0114EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2026/03/10 4:21 p.m.15 views

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall NGFW appliances as entry points to breach victim networks. The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials...

9.8CVSS7.2AI score0.85844EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/02/26 3:17 p.m.6 views

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to...

6.1AI score
Exploits0
HackRead
HackRead
added 2026/02/24 11:40 p.m.6 views

North Korean Lazarus Group Adopts Medusa Ransomware in Global Attacks

Lazarus Group is now using Medusa ransomware in attacks on healthcare and social services, signaling a move toward profit-focused cybercrime...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/24 11:52 a.m.10 views

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

The North Korea-linked Lazarus Group aka Diamond Sleet and Pompilus has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it...

5.8AI score
Exploits0
Trellix
Trellix
added 2026/01/06 12:0 a.m.4 views

The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics

The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics By Aswath A · January 6, 2026 CrazyHunter ransomware has emerged as a significant and concerning threat, highlighting the increasing sophistication of cybercriminal tactics. Trellix has been actively tracking this ransomware since...

6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/12/04 3:25 p.m.8 views

Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option

A critical remote code execution RCE vulnerability in 7-Zip CVE-2025-11001 is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. When a malicious archive is extracted, 7-Zip may write files outside the intended directory, allowing an...

7.8CVSS8.5AI score0.27017EPSS
Exploits11
Packet Storm News
Packet Storm News
added 2025/11/16 12:0 a.m.6 views

An Evaluation Framework for Network IDS/IPS Datasets: Leveraging MITRE ATT&CK and Industry Relevance Metrics

The performance of Machine Learning ML and Deep Learning DL-based Intrusion Detection and Prevention Systems IDS/IPS is critically dependent on the relevance and quality of the datasets used for training and evaluation. However, current AI model evaluation practices for developing IDS/IPS focus...

6.8AI score
Exploits0
CISA
CISA
added 2025/11/13 12:0 p.m.7 views

CISA and Partners Release Advisory Update on Akira Ransomware

Today, Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, StopRansomware:...

7.5AI score
Exploits0References2
The Hacker News
The Hacker News
added 2025/09/29 4:36 p.m.9 views

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

Threat actors have been observed using seemingly legitimate artificial intelligence AI tools and software to sneakily slip malware for future attacks on organizations worldwide. According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various...

7.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/08/27 4:0 p.m.10 views

Storm-0501’s evolving techniques lead to cloud-based ransomware

Microsoft Threat Intelligence has observed financially motivated threat actor Storm-0501 continuously evolving their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures TTPs. While the threat actor has been known for targeting hybrid cloud environments, their...

8.3AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/08/27 4:0 p.m.5 views

Storm-0501’s evolving techniques lead to cloud-based ransomware

Microsoft Threat Intelligence has observed financially motivated threat actor Storm-0501 continuously evolving their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures TTPs. While the threat actor has been known for targeting hybrid cloud environments, their...

8AI score
Exploits0
Rows per page
Query Builder