Incident Response Archives • Daily CyberSecurity

State-Sponsored Actors Operationalize ROADtools Framework in Cloud Campaigns ROADtools cloud attack toolkit

State-Sponsored Actors Operationalize ROADtools Framework in Cloud Campaigns

Do Son May 28, 2026

Security analysts have released a comprehensive analysis regarding specialized offensive tools in modern network breaches. Specifically, hackers...

Beyond Email: Attackers Hijack Microsoft Teams External Access to Launch Deep Network Compromise Microsoft Teams External Phishing Rapid7 Labs Incident Response

Microsoft Teams External Phishing Rapid7 Labs Incident Response

Beyond Email: Attackers Hijack Microsoft Teams External Access to Launch Deep Network Compromise

Do Son May 21, 2026

A newly detailed incident response investigation highlights a critical reality for corporate security teams: the perimeter of...

The Missed Token: Grafana Labs Suffers Source Code Theft via Shai-Hulud npm Worm Campaign CVE-2023-1550 Grafana Labs Cyberattack Mini Shai-Hulud npm Worm

CVE-2023-1550 Grafana Labs Cyberattack Mini Shai-Hulud npm Worm

The Missed Token: Grafana Labs Suffers Source Code Theft via Shai-Hulud npm Worm Campaign

Do Son May 20, 2026

Grafana Labs has broken its silence regarding a targeted corporate cyberattack that culminated in the theft of...

The Negotiator Turned Traitor: Insider Betrayal in the BlackCat Ransomware Ring NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

The Negotiator Turned Traitor: Insider Betrayal in the BlackCat Ransomware Ring

Do Son April 21, 2026

A Florida man has admitted to playing both sides of the ransomware fence. Angelo Martino, 41, a...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

CISA Issues Urgent Warning Following Global Cyberattack on Stryker

Do Son March 19, 2026

In a move to protect the nation’s critical infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA) has...

Trojan Horse in the Server Room: Muddled Libra’s Rogue VM Strategy Exposed Muddled Libra Rogue VM

Trojan Horse in the Server Room: Muddled Libra’s Rogue VM Strategy Exposed

Do Son February 13, 2026

A new investigation by Unit 42 has pulled back the curtain on the operations of Muddled Libra,...

The Database Was the Door: A Ransomware Attack Began with an Exposed Oracle Serve Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

The Database Was the Door: A Ransomware Attack Began with an Exposed Oracle Serve

Do Son September 22, 2025

Yarix’s Incident Response Team (YIR) has published an in-depth analysis of a targeted intrusion that leveraged an...

DOJ Probes Ex-Ransomware Negotiator Over Alleged Collusion With Hackers AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

DOJ Probes Ex-Ransomware Negotiator Over Alleged Collusion With Hackers

Do Son July 5, 2025

The U.S. Department of Justice has recently launched a criminal investigation into a former ransomware negotiation specialist,...

Kaspersky Exposes Hidden Dangers: Are Your Containers Truly Secure? Container Security

Kaspersky Exposes Hidden Dangers: Are Your Containers Truly Secure?

Do Son June 5, 2025

As containers become the backbone of modern software deployment, many organizations still misjudge their isolation guarantees —...

How to Detect Microsoft 365 Phishing Attacks on Your Business Microsoft 365 Phishing, Interactive Sandbox

How to Detect Microsoft 365 Phishing Attacks on Your Business

Do Son June 3, 2025

What if one fake login page could give an outsider access to your company’s most sensitive data?...

Commvault Updates Security Advisory After Nation-State Threat Actor Activity in Azure Commvault, nation-state threat

Commvault Updates Security Advisory After Nation-State Threat Actor Activity in Azure

Do Son April 30, 2025

Commvault has issued a crucial update to its March 7, 2025, security advisory following the detection of...

Critical Alert 1 Active Exploit Detected Today