tldrdailynews.com logo
Tag

Threat Intelligence

All articles tagged with #threat intelligence

AI-enabled hacking erupts into industrial-scale threat, Google warns
technology17 days ago

AI-enabled hacking erupts into industrial-scale threat, Google warns

Google warns that AI-powered hacking has become an industrial-scale threat, with criminal and state-backed actors using commercial AI models (Gemini, Claude, OpenAI tools) to accelerate testing, scale attacks, and exploit near-zero-day flaws; the report notes related developments like OpenClaw experiments and references Mythos as a separate powerful model. Experts caution that AI could aid defense but productivity gains remain uncertain, underscoring the need for long-term, uncertainty-aware evaluation of AI's public-sector impact.

via The Guardian|
#ai#cybercrime#cybersecurity
technology18 days ago

AI-Fueled Zero-Day Exploit Detected by Google, First of Its Kind

Google’s Threat Intelligence Group says hackers used an AI model to create a zero-day vulnerability—the first known instance of AI-driven exploit development—signaling a new phase in cybercrime as AI tools from Anthropic and OpenAI are being tested; Mythos was unlikely involved, a patch was issued after disclosure, and researchers warn this could enable faster, larger-scale attacks and prompt regulatory scrutiny.

via Politico|
#ai#cybersecurity#technology
Week in Security: Acrobat Zero-Day, AI Exploit Engines and Global Intrusions Unfold
cybersecurity1 month ago

Week in Security: Acrobat Zero-Day, AI Exploit Engines and Global Intrusions Unfold

This week’s security recap flags a widespread Adobe Acrobat Reader zero-day (CVE-2026-34621) under active exploitation, AI-enabled vulnerability discovery and exploit tooling (Anthropic Mythos), and a wave of state-sponsored and criminal activity—from Iran- and North Korea-linked campaigns targeting ICS and crypto infrastructure to fileless malware, new RATs, and a Windows kernel rootkit (RegPhantom). It also highlights fiber-optic eavesdropping research, a major botnet takedown, and notable security tools and frameworks (MITRE F3, Betterleaks, etc.). Patch quickly, monitor for AI-driven threats, and watch for phishing and supply-chain risks.

via The Hacker News|
#ai-security#cybersecurity#malware
Tech and retail giants unite to curb online fraud with shared intel
technology2 months ago

Tech and retail giants unite to curb online fraud with shared intel

Eleven major tech and retail companies, including Google, Amazon and OpenAI, signed a voluntary Industry Accord Against Online Scams & Fraud to share threat intelligence, deploy AI-driven defenses, tighten verification for financial transactions, and establish reporting channels while coordinating with governments and law enforcement to counter scams online.

via Axios|
#ai-based-fraud-detection#cross-industry-collaboration#industry-accord
Cloud breaches pivot to new flaws as credential abuse wanes
technology2 months ago

Cloud breaches pivot to new flaws as credential abuse wanes

Google’s threat intelligence shows cloud intrusions are increasingly driven by exploiting freshly disclosed third-party software flaws, shrinking the window to weaponize exploits to days. Weak credentials have declined as an attack vector while remote code execution flaws like React2Shell (CVE-2025-55182) and XWiki (CVE-2025-24893) are frequently exploited. Attacks often begin via phishing or stolen identities, with Iran-, China-, and North Korea–linked campaigns maintaining long-term access to steal data, crypto, and credentials. OpenID Connect abuse, supply-chain incidents, and insider threats also feature prominently, underscoring the need for automated, rapid incident response as cloud threats accelerate into 2026.

via BleepingComputer|
#apt#cloud-security#data-exfiltration
AI-Driven Threats Blur the Line Between Daily Activity and Breach
technology3 months ago

AI-Driven Threats Blur the Line Between Daily Activity and Breach

ThreatsDay flags AI-enhanced threats accelerating breaches and blurring into everyday activity: Kali Linux now integrates Claude via MCP for natural-language command execution; campaigns include Bitpanda phishing, four-minute lateral movement, and Mac/WinRAR exploits, aided by ad cloaking, typosquatting, and social engineering, as threat actors fragment post-RAMP and increasingly use AI-driven tactics.

via The Hacker News|
#ai#cybersecurity#phishing
DNS-Driven ClickFix: nslookup-based staging delivers Windows malware payloads
technology3 months ago

DNS-Driven ClickFix: nslookup-based staging delivers Windows malware payloads

Microsoft reveals a new DNS-based variant of the ClickFix social-engineering tactic that tricks users into running commands via the Windows Run dialog to perform a DNS lookup with a hard-coded external server. The output’s Name: field becomes the second-stage payload, followed by a ZIP download from azwsappdev[.]com that leads to a Python script, a VBScript launcher for ModeloRAT, and persistence through a startup LNK. The campaign Fos’s broader ecosystem includes loaders and stealers (CastleLoader, Lumma Stealer, RenEngine Loader, Hijack Loader) across Windows and macOS, leveraging fake CAPTCHA pages, social-engineering lures, and aged domains to blend into normal traffic and evade detections.}

via The Hacker News|
#cybersecurity#dns#malware
Week in Cybersecurity: Proxy Botnet Disrupted, Office Zero-Day Patched, MongoDB Extortion Surges
cybersecurity3 months ago

Week in Cybersecurity: Proxy Botnet Disrupted, Office Zero-Day Patched, MongoDB Extortion Surges

This weekly cybersecurity digest flags a busy threat landscape: Google disrupted the IPIDEA residential proxy network, shrinking attackers’ exit nodes; Microsoft patched a critical Office zero-day (CVE-2026-21509) and Ivanti fixed EPMM flaws (CVE-2026-1281/1340); CERT Polska linked destructive attacks on wind/solar facilities to Static Tundra; new campaigns include Operation Bizarre Bazaar targeting exposed AI endpoints and a surge of MongoDB extortion against over 1,400 exposed databases; other notes cover Exfil Out&Look via Outlook add-ins, PyRAT’s cross‑platform capabilities, TA584’s evolving attack chain with Tsundere Bot and XWorm, and related cybercrime trends.

via The Hacker News|
#artificial-intelligence#cybersecurity#ransomware
WinRAR CVE-2025-8088 Seized by State and Criminal Actors After Patch
technology4 months ago

WinRAR CVE-2025-8088 Seized by State and Criminal Actors After Patch

Google’s Threat Intelligence Group reports active exploitation of WinRAR CVE-2025-8088 by both state-backed and financially motivated actors, even after a patch (WinRAR 7.13, July 30, 2025). The flaw is used for initial access via a path-traversal method that drops a malicious LNK in the Windows Startup folder/ADS, with campaigns tied to RomCom/UNC4895, UNC2596 (Cuba ransomware), Sandworm, Gamaredon, Turla, and a China-based actor delivering Poison Ivy, deploying payloads such as SnipBot, AsyncRAT, and XWorm and even browser extensions for Brazilian banking sites. The widespread activity underscores an active underground market for exploits and persistent defense gaps, with a separate flaw CVE-2025-6218 also being exploited by multiple groups.

via The Hacker News|
#cve-2025-8088#malware#ransomware
Oracle Releases Emergency Patch for CVE-2025-61882 Amid Cl0p Data Theft Attacks
threat-intelligence7 months ago

Oracle Releases Emergency Patch for CVE-2025-61882 Amid Cl0p Data Theft Attacks

Oracle released an emergency patch for a critical vulnerability (CVE-2025-61882) in its E-Business Suite, which has been exploited by the Cl0p ransomware group in recent data theft attacks. The flaw allows remote code execution without authentication, and indicators suggest involvement of the LAPSUS$ group. Organizations are advised to check for compromises, as exploitation has already occurred.

via The Hacker News|
#cl0p#cve-2025-61882#data-theft
Chinese Hacker Groups Exploit SharePoint Vulnerabilities in Global Cyberattacks
threat-intelligence10 months ago

Chinese Hacker Groups Exploit SharePoint Vulnerabilities in Global Cyberattacks

Microsoft has linked recent exploits of SharePoint Server vulnerabilities to three Chinese hacker groups—Linen Typhoon, Violet Typhoon, and Storm-2603—who are leveraging these flaws to gain unauthorized access and deploy web shells, with ongoing risks for unpatched on-premises SharePoint systems. The company urges immediate security updates and mitigations to prevent further attacks.

via The Hacker News|
#chinese-hacker-groups#linen-typhoon#microsoft-sharepoint-vulnerabilities
"Global Organizations Under Siege: Microsoft Exposes APT29 Espionage and Midnight Blizzard Hacking Spree"
threat-intelligence-cyber-attack2 years ago

"Global Organizations Under Siege: Microsoft Exposes APT29 Espionage and Midnight Blizzard Hacking Spree"

Microsoft warns that APT29, a Russian state-sponsored threat actor, has been targeting global organizations, primarily in the U.S. and Europe, using tactics such as compromised accounts and OAuth applications to gather sensitive information. The scale of the campaign may be larger than previously thought, with the threat actor using diverse initial access methods and residential proxies to obfuscate connections. Organizations are advised to defend against rogue OAuth applications and password spraying.

via The Hacker News|
#apt29#cyber-attack#espionage
"CISA Urges Immediate Action on Ivanti Zero-Day Exploits for Federal Agencies"
network-security-threat-intelligence2 years ago

"CISA Urges Immediate Action on Ivanti Zero-Day Exploits for Federal Agencies"

CISA has issued an emergency directive to Federal agencies to address actively exploited zero-day flaws in Ivanti Connect Secure and Ivanti Policy Secure products, allowing threat actors to execute arbitrary commands and compromise information systems. Ivanti is expected to release an update next week, but has provided a temporary workaround. Organizations are urged to apply mitigations, run integrity checks, and take additional security measures. Cybersecurity firms have observed attacks exploiting the flaws, with as many as 2,100 devices compromised globally. The initial attack wave has been attributed to a Chinese nation-state group, with indications of opportunistic exploitation for financial gain by other threat actors.

via The Hacker News|
#cisa#cybersecurity#ivanti
"CISA Identifies High-Severity Exploited Vulnerabilities in Apple, Apache, Adobe, D-Link, Joomla, and Apache Superset"
cybersecurity2 years ago

"CISA Identifies High-Severity Exploited Vulnerabilities in Apple, Apache, Adobe, D-Link, Joomla, and Apache Superset"

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified six known exploited vulnerabilities, including high-severity flaws affecting Apple, Apache, Adobe, D-Link, and Joomla, with evidence of active exploitation. These vulnerabilities pose risks such as remote code execution and improper access control. CISA has urged federal agencies to apply patches to secure their networks against these active threats by January 29, 2024.

via The Hacker News|
#cisa#cybersecurity#exploitation