Cybercriminals Archives • Page 2 of 34 • Daily CyberSecurity

State-Sponsored Actors Operationalize ROADtools Framework in Cloud Campaigns ROADtools cloud attack toolkit

State-Sponsored Actors Operationalize ROADtools Framework in Cloud Campaigns

Do Son May 28, 2026

Security analysts have released a comprehensive analysis regarding specialized offensive tools in modern network breaches. Specifically, hackers...

New CypherLoc Scareware Kit Implements Sophisticated Browser Locks

Do Son May 28, 2026

Threat intelligence experts have uncovered a massive browser-manipulation campaign active across the global digital landscape. Specifically, researchers...

New Screening Serpens Cyberattacks Target Global Technology Professionals

Do Son May 27, 2026

Security researchers have discovered an aggressive cyber espionage campaign targeting multiple nations. Specifically, Unit 42 recently exposed...

FBI Issues Alert on Kali365 Phishing Platform Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

FBI Issues Alert on Kali365 Phishing Platform

Do Son May 27, 2026

The Federal Bureau of Investigation (FBI) recently issued an urgent public service announcement regarding a dangerous new...

Massive FreePBX Exploitation Campaign Deploys JOMANGY Webshell

Do Son May 27, 2026

Cyble Research & Intelligence Labs recently uncovered a highly aggressive FreePBX exploitation campaign. Analysts attribute this malicious...

Global Malicious AI Installer Campaign Targets Developer Workstations Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Global Malicious AI Installer Campaign Targets Developer Workstations

Do Son May 27, 2026

Cybercriminals are currently targeting software engineers with advanced social engineering tactics. Specifically, threat actors launched a highly...

Android Carrier Billing Fraud Campaign Exposed by zLabs

Do Son May 26, 2026

Security experts recently discovered a massive mobile cyberattack targeting smartphone users globally. Specifically, a massive Android carrier...

New Operation Dragon Whistle Phishing Campaign Targets Universities

Do Son May 26, 2026

Security researchers have discovered a highly sophisticated cyber threat targeting academic institutions. Specifically, Seqrite Labs recently uncovered...

Disrupted: How the “Trapdoor” Ad Fraud Ring Weaponized 455 Android Apps for 659 Million Daily Fake Bids Trapdoor Ad Fraud Pipeline HUMAN Satori Malware Disruption

Trapdoor Ad Fraud Pipeline HUMAN Satori Malware Disruption

Disrupted: How the “Trapdoor” Ad Fraud Ring Weaponized 455 Android Apps for 659 Million Daily Fake Bids

Do Son May 25, 2026

The Satori Threat Intelligence and Research Team at HUMAN has successfully disrupted a massive ad fraud and...

Microsoft Dismantles “Fox Tempest” Code-Signing Network Fueling Global Ransomware Fox Tempest Takedown Malware Signing as a Service

Microsoft Dismantles “Fox Tempest” Code-Signing Network Fueling Global Ransomware

Do Son May 25, 2026

Microsoft’s Digital Crimes Unit (DCU) has delivered a massive blow to the cybercrime underground. In May 2026,...

Operation Saffron: Authorities Smash ‘First VPN’ Cybercrime Network First VPN service takedown

Operation Saffron: Authorities Smash ‘First VPN’ Cybercrime Network

Do Son May 24, 2026

International law enforcement agencies have achieved a massive victory against underground ransomware networks. Specifically, authorities completely dismantled...

Storm-2949 Hijacks Azure Identity and Key Vaults in Catastrophic Cloud Campaign Storm-2949 Cloud Attack Azure Control Plane Compromise

Storm-2949 Hijacks Azure Identity and Key Vaults in Catastrophic Cloud Campaign

Do Son May 22, 2026

A sophisticated new threat actor is forcing corporate security leaders to re-evaluate their entire relationship with cloud...

Twill Typhoon Exploits CDN Masquerading and DLL Sideloading to Breach APJ Networks Twill Typhoon DLL Sideloading

Twill Typhoon Exploits CDN Masquerading and DLL Sideloading to Breach APJ Networks

Do Son May 22, 2026

A sophisticated, highly targeted cyber-espionage campaign is actively penetrating corporate and critical infrastructure networks across the Asia-Pacific...

KongTuke Abandoning “ClickFix” to Launch Direct Microsoft Teams Attacks KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

KongTuke Abandoning “ClickFix” to Launch Direct Microsoft Teams Attacks

Do Son May 21, 2026

Corporate collaboration platforms have officially moved to the top of the initial access broker playbook. A new...

Beyond Email: Attackers Hijack Microsoft Teams External Access to Launch Deep Network Compromise Microsoft Teams External Phishing Rapid7 Labs Incident Response

Microsoft Teams External Phishing Rapid7 Labs Incident Response

Beyond Email: Attackers Hijack Microsoft Teams External Access to Launch Deep Network Compromise

Do Son May 21, 2026

A newly detailed incident response investigation highlights a critical reality for corporate security teams: the perimeter of...

Inside UNC6671’s “BlackFile” Cloud Extortion Campaigns UNC6671 BlackFile Cloud Attacks AiTM MFA Bypass Okta Microsoft

Inside UNC6671’s “BlackFile” Cloud Extortion Campaigns

Do Son May 20, 2026

A sophisticated identity-centric threat actor operating under the brand “BlackFile” has spent the early months of 2026...

Resurgent Tycoon 2FA Adopts OAuth Device Code Phishing to Hijack Microsoft 365 Tycoon 2FA Phishing Kit OAuth Device Code Phishing

Resurgent Tycoon 2FA Adopts OAuth Device Code Phishing to Hijack Microsoft 365

Do Son May 19, 2026

Just weeks after a massive international law enforcement operation dismantled its primary server infrastructure, the notorious Tycoon...

AI “Vibe Coding” Fuels a Phishing Free-For-All: How EvilTokens Bypasses Microsoft 365 MFA Device Code Phishing EvilTokens PhaaS

AI “Vibe Coding” Fuels a Phishing Free-For-All: How EvilTokens Bypasses Microsoft 365 MFA

Do Son May 19, 2026

A once-obscure technique for bypassing multifactor authentication is exploding across the threat landscape, supercharged by AI “vibe...

SaaS-Style Cybercrime: Attackers Weaponize Langflow RCE and NATS Messaging for Ultra-Scalable C2 NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

SaaS-Style Cybercrime: Attackers Weaponize Langflow RCE and NATS Messaging for Ultra-Scalable C2

Do Son May 18, 2026

A sophisticated new command-and-control (C2) technique has emerged, revealing threat actors who operate more like modern SaaS...

Weaponized JPEG Payload Deploys Trojanized ScreenConnect for Covert Espionage axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Weaponized JPEG Payload Deploys Trojanized ScreenConnect for Covert Espionage

Do Son May 14, 2026

The threat intelligence team at CYFIRMA has uncovered a sophisticated multi-stage intrusion campaign. Attackers are currently leveraging...

Critical Alert