Non classé

In what has been described as an « extremely sophisticated phishing attack, » threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google’s infrastructure and redirect message recipients to fraudulent sites that harvest their credentials.
« The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com, » Nick Johnson

In what has been described as an « extremely sophisticated phishing attack, » threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google’s infrastructure and redirect message recipients to fraudulent sites that harvest their credentials.
« The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com, » Nick Johnson

Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it’s also in the process of migrating the Entra ID signing service as well.
The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to

Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it’s also in the process of migrating the Entra ID signing service as well.
The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to

The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025.
« Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company, » the Symantec Threat Hunter Team said in a new report

The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025.
« Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company, » the Symantec Threat Hunter Team said in a new report

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access.
The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC).
« In some systems, initial access was gained through

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access.
The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC).
« In some systems, initial access was gained through

A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts.
The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to

A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts.
The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to

5 Reasons Device Management Isn’t Device Trust​

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. 

The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. 

The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device

⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

Can a harmless click really lead to a full-blown cyberattack?
Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,

Can a harmless click really lead to a full-blown cyberattack?
Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,

Cybersecurity researchers have disclosed a surge in « mass scanning, credential brute-forcing, and exploitation attempts » originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66.
The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week. 
« Net

Cybersecurity researchers have disclosed a surge in « mass scanning, credential brute-forcing, and exploitation attempts » originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66.
The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week. 
« Net

The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that’s targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER.
« While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool

The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that’s targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER.
« While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below –

node-telegram-utils (132 downloads)
node-telegram-bots-api (82 downloads)
node-telegram-util (73 downloads)

According to supply chain

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below –

node-telegram-utils (132 downloads)
node-telegram-bots-api (82 downloads)
node-telegram-util (73 downloads)

According to supply chain