Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East.
The activity, assessed to be ongoing,...
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
Ravie LakshmananApr 02, 2026Cybersecurity / Hacking News
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just...
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Ravie LakshmananMar 30, 2026Malware / Network Security
Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private...
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
Ravie LakshmananMar 30, 2026Threat Intelligence / Browser Security
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to...
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
Ravie LakshmananMar 27, 2026Threat Intelligence / Vulnerability
A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the...
We Are At War
Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it.
Introduction:...
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Ravie LakshmananMar 27, 2026Ransomware / Malware
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report...
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive...
ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More...
Ravie LakshmananMar 26, 2026Cybersecurity / Hacking News
Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many...
Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world...
