durabletask: TeamPCP's Latest PyPi Compromise

Discover the latest on malicious versions of the pypi package durabletask, matching TeamPCP tactics...

Accelerating detection engineering using AI-assisted synthetic attack logs generation

In this article 1. Core Idea: From TTPs to Logs 2. Approaches for Synthetic Attack Log Generation 3. Evaluation Datasets 4. References 5. Learn more Logs and telemetry are the foundation of modern cybersecurity. They enable threat detection, incident response, forensic investigation, and complian...

Accelerating detection engineering using AI-assisted synthetic attack logs generation

In this article 1. Core Idea: From TTPs to Logs 2. Approaches for Synthetic Attack Log Generation 3. Evaluation Datasets 4. References 5. Learn more Logs and telemetry are the foundation of modern cybersecurity. They enable threat detection, incident response, forensic investigation, and complian...

Email threat landscape: Q1 2026 trends and insights

In this article 1. Tycoon2FA disruption impact 2. QR code phishing attacks 3. CAPTCHA tactics 4. Malicious payloads 5. Business email compromise 6. Defending against email threats 7. Microsoft Defender detections During the first quarter of 2026 January-March, Microsoft Threat Intelligence detect...

AI-powered honeypots: Turning the tables on malicious AI agents

Generative AI allows defenders to instantly create diverse honeypots, like Linux shells or Internet of Things IoT devices, using simple text prompts. This makes deploying complex, convincing deceptive environments much easier and more scalable than traditional methods. AI-driven attacks often...

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

Threat actors associated with The Gentlemen ransomware‑as‑a‑service RaaS operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control C2 or C&C server linked to SystemBC has led to the discover...

Detection strategies across cloud and identities against infiltrating IT workers

In this article 1. Attack chain overview 1. Activities in pre-recruitment phase 2. Activities in recruiting phase 3. Activities in post-recruitment phase 2. Mitigation and protection guidance 3. Microsoft Defender XDR detections The shift to remote and hybrid work since the pandemic expanded glob...

Threat Intel Scraping Without Burning Your Cover or Your Stack

Threat Intel Scraping sounds simple until it isn’t, here’s how cybersecurity teams avoid blocks, bad data, and unnecessary risk...

Omnistealer uses the blockchain to steal everything it can

A new infostealer dubbed Omnistealer is turning the blockchain into a permanent malware hosting platform, which is bad news for both companies and everyday users. It’s pretty common for malware to store its payload on a public platform, ideally one that adds some trustworthiness to the download...

Refund scam impersonates Avast to harvest credit card details

A fraudulent website dressed in Avast’s brand is tricking French-speaking users into handing over their full credit card details—card number, expiry date, and three-digit security code—under the cover story of processing a €499.99 refund that was never owed to them. The operation combines live ch...

UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server

Cybersecurity firm eSentire's TRU break down the Russian Prometei botnet attack on a UK firm, detailing its TOR usage, password theft and decoy tactics...

Identifying Adversary Tactics and Techniques in Malware Binaries with an LLM Agent

Understanding TTPs Tactics, Techniques, and Procedures in malware binaries is essential for security analysis and threat intelligence, yet remains challenging in practice. Real-world malware binaries are typically stripped of symbols, contain large numbers of functions, and distribute malicious...

Turning threat reports into detection insights with AI

Security teams routinely need to transform unstructured threat knowledge, such as incident narratives, red team breach-path writeups, threat actor profiles, and public reports into concrete defensive action. The early stages of that work are often the slowest. These include extracting tactics,...

GoTo Resolve Tool’s Background Activities Compared to Ransomware Tactics

New research from Point Wild’s Lat61 team reveals how the HEURRemoteAdmin.GoToResolve.gen tool allows silent, unattended access to PCs. Learn why this legitimate remote administration software is being flagged as a security risk and its surprising connection to ransomware tactics...

Top 10 Threat Actors: Their Tactics & Motivations

The world of cybercrime has its own cast of characters, each with a unique script. Some are patient spies, like state-sponsored groups that move silently within a network for months to gather intelligence. Others are loud and aggressive, like ransomware gangs that operate like ruthless businesses...

New CastleLoader Variant Linked to 469 Infections Across Critical Sectors

ANY.RUN report reveals how the new CastleLoader malware targets US government agencies using stealthy ClickFix tricks and memory-based attacks to bypass security...

Multi-Agent Framework for Threat Mitigation and Resilience in AI-Based Systems

Machine learning ML underpins foundation models in finance, healthcare, and critical infrastructure, making them targets for data poisoning, model extraction, prompt injection, automated jailbreaking, and preference-guided black-box attacks that exploit model comparisons. Larger models can be mor...

BEACON: A Unified Behavioral-Tactical Framework for Explainable Cybercrime Analysis with Large Language Models

Cybercrime increasingly exploits human cognitive biases in addition to technical vulnerabilities, yet most existing analytical frameworks focus primarily on operational aspects and overlook psychological manipulation. This paper proposes BEACON, a unified dual-dimension framework that integrates...

3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID Logs

How OAuth tokens, JWT fields and Entra sign-in logs reveal attacker behavior, and how to turn those signals into reliable detections...

CISA and Partners Release Advisory Update on Akira Ransomware

Today, Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, StopRansomware:...