Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.

https://threatpost.com/mitel-voip-bug-exploited/180079/

CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.

https://threatpost.com/log4shell-targeted-vmware-data/180072/

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

https://threatpost.com/fancy-bear-nuke-threat-lure/180056/

The threat actor targets institutions and companies in Europe and Asia.

https://threatpost.com/elusive-toddycat-apt-targets-microsoft-exchange-servers/180031/

Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders.

https://threatpost.com/kazakh-govt-used-spyware-against-protesters/180016/

Evidence suggests that a just-discovered APT has been active since 2013.

https://threatpost.com/apt-flew-under-radar-decade/179995/

Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access.

https://threatpost.com/linux-malware-impossible-detect/179944/

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns.

https://threatpost.com/potent-emotet-variant-spreads-via-stolen-email-credentials/179932/

Ransomware attackers often strike targets twice, regardless of whether the ransom was paid.

https://threatpost.com/paying-ransomware-bullseye-back/179915/

The novel cybercriminal group tapped the ever-evolving info-stealing trojan to move laterally on a network in a recent attack, researchers have found.

https://threatpost.com/black-basta-ransomware-qbot/179909/

Deja-Vu data from this year’s DBIR report feels like we are stuck in the movie ‘Groundhog Day.’

https://threatpost.com/old-hacks-die-hard-ransomware-social-engineering-top-verizon-dbir-threats-again/179864/

The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity.

https://threatpost.com/evil-corp-pivots-to-lockbit-to-dodge-u-s-sanctions/179858/

The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.

https://threatpost.com/international-authorities-take-down-flubot-malware-network/179825/

Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.

https://threatpost.com/enemybot-malware-targets-web-servers-cms-tools-and-android-os/179765/

Malware loads itself from remote servers and bypasses Microsoft’s Defender AV scanner, according to reports.

https://threatpost.com/zero-day-follina-bug-lays-older-microsoft-office-versions-open-to-attack/179756/

Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.

https://threatpost.com/cybergang-claims-revil-is-back-executes-ddos-attacks/179734/

A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.

https://threatpost.com/chaos-onyx-and-yashma-ransomware/179730/

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.

https://threatpost.com/verizon-dbir-report-2022/179725/

Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.

https://threatpost.com/fronton-botnet-disinformation/179721/

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

https://threatpost.com/snake-keylogger-pdfs/179703/