Lucene search
K

26 matches found

The Hacker News
The Hacker News
added 2026/06/23 6:20 p.m.53 views

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

A Russian-speaking initial access broker IAB driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/18 1:30 p.m.8 views

DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic

Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan RAT called Backdoor.Turn to conceal command-and-control C2 traffic inside Microsoft Teams relay infrastructure. According to findings from Broadcom-owned Symantec and Carbon...

5.5CVSS6.7AI score0.00275EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/05/04 6:6 p.m.17 views

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management RMM software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUSHELPER , has impacted over 80...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/24 6:49 a.m.6 views

U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage

A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years 81 months in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Departme...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/13 9:8 a.m.14 views

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOWREACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. "The infection chain follows a...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/09 1:37 p.m.11 views

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. "These methods allow them to bypass defense...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/26 8:28 a.m.9 views

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time that a RomCom payload has been observed being distributed by SocGholish," Arctic Wolf Labs...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/09/18 12:56 p.m.5 views

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT. "CountLoader is being used either as par...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/09 4:26 p.m.9 views

Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

The Initial Access Broker IAB known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the monike...

8.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/09 11:40 a.m.31 views

Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials

Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management RMM software since January 2025. "The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entic...

7.8CVSS8.1AI score0.99945EPSS
Exploits33
Talos Blog
Talos Blog
added 2025/05/08 10:0 a.m.10 views

Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

Cisco Talos identified a spam campaign targeting Brazilian users with commercial remote monitoring and management RMM tools since at least January 2025. Talos observed the use of PDQ Connect and N-able remote access tools in this campaign. The spam message uses the Brazilian electronic invoice...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/26 10:38 a.m.35 views

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

Cybersecurity researchers have detailed the activities of an initial access broker IAB dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/23 10:0 a.m.31 views

Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs

In 2023, Cisco Talos discovered an extensive compromise in a critical infrastructure enterprise consisting of a combination of threat actors. From initial access to double extortion, these actors slowly and steadily compromised a multitude of hosts in the network using a combination of various...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/25 1:39 p.m.34 views

Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker

A new investigation has unearthed nearly 200 unique command-and-control C2 domains associated with a malware called Raspberry Robin. "Raspberry Robin also known as Roshtyak or Storm-0856 is a complex and evolving threat actor that provides initial access broker IAB services to numerous criminal...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/21 9:11 a.m.121 views

Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers

A financially motivated threat actor has been outed as an initial access broker IAB that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit CTU has dubbed the e-crime group Gold Melody, which is also kno...

10CVSS9.4AI score0.99999EPSS
Exploits577
The Hacker News
The Hacker News
added 2023/06/08 1:56 p.m.8 views

Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021

The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...

9.8CVSS8.8AI score0.99934EPSS
Exploits15
Talos Blog
Talos Blog
added 2023/01/26 11:15 p.m.19 views

What Old is New Again and What's Old is Me?

Welcome to this weeks edition of the Threat Source newsletter. Whats old is new again and whats old is still old. The fact that we are seeing a comeback of this USB thumb drive nonsense is giving me heartburn, and a headache, and my left eye is twitching … and maybe numbness in my legs? Yes, I am...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/19 9:59 p.m.17 views

Threat Source newsletter (Jan. 19, 2023): Talent retention and institutional knowledge

Welcome to this weeks edition of the Threat Source newsletter. Talent retention and institutional knowledge go hand in hand. Both are critical to ensuring the security of your network environment. To that end, I want to talk briefly about why talent retention isnt just about money. So I am going ...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/15 6:45 p.m.44 views

Timely patching is good, but sometimes it's not enough

Ransomware gangs have shown that they can play a long game, so it shouldnt come as a surprise to learn of one prepared to wait months to make use of a compromised system. S-RMs Incident Response team shared details of a campaign attributed to the Lorenz ransomware group that exploited a specific...

10CVSS10AI score0.56967EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/09/14 2:4 p.m.83 views

Lorenz Ransomware Exploit Mitel VoIP Systems to Breach Business Networks

The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. "Initial malicious activity originated from a Mitel appliance sitting...

10CVSS1.4AI score0.56967EPSS
Exploits0
Rows per page
Query Builder