Threats | KITEFALL

The vital role of NDR in enabling continuous security auditing 2025-05-15 02:40 iTWire This article shows how NDR helps organisations find and stop threats early. It also examines the technical foundations, operational benefits, and implementation strategies that make continuous auditing achievable. The Growing Need for Continuous Security …
Google exposes new Russian spyware virus LostKeys linked to FSB 2025-05-11 07:18 Ukrainska Pravda Stock photo: Getty Images Google has announced (via Android Headlines) the discovery of new Russian spyware called LostKeys, which is used by the ColdRiver hacker group linked to the Russian Federal Security Service (FSB). The software is designed to steal …
Google Uncovers 'LostKeys': New Russian Malware in Action 2025-05-10 19:22 Android Headlines The shadowy world of cyber espionage has a new player on the field: a sneaky piece of malware dubbed “LostKeys.” According to Google, a Russian state-backed malware crew known as COLDRIVER has been using LostKeys since the start of the year to snoop on …
Living Off the Land (LOTL) Attacks: How your tools are used against you? 2025-05-09 10:00 Security Boulevard Introduction A well-known organisation called SolarWinds was attacked in September 2019. In this attack, a hacker used a supply chain attack to inject malicious code into the system. More than 18,000 SolarWinds customers installed Updates containing the …
Cyberthreats surge against US logistics infrastructure 2025-05-08 21:51 FreightWaves Cybersecurity provider Trellix recently released its April “CyberThreat Report” revealing an alarming rise in cyberattacks targeting critical U.S. infrastructure, with the freight and logistics sectors now in the crosshairs of nation-state actors and …
Iranian Hackers Posing as Model Agency to Target Victims 2025-05-08 18:52 GBHackers Unit 42, the threat intelligence arm of Palo Alto Networks, has exposed a covert operation likely orchestrated by Iranian cyber actors. The campaign involves a fraudulent website, megamodelstudio[.]com, meticulously designed to impersonate the Hamburg- …
Russia’s Cold River Upgrades Arsenal with LOSTKEYS Malware 2025-05-08 12:13 Technology Org Russian digital espionage capabilities have evolved once again. Google’s Threat Intelligence Group has uncovered a sophisticated new weapon in the Cold River hacking arsenal – malware codenamed “LOSTKEYS.” This discovery, announced Wednesday, reveals how …
Iranian Hackers Impersonate as Model Agency to Attack Victims 2025-05-08 09:55 Cyber Security News In a sophisticated cyber espionage campaign, Iranian threat actors have deployed a fraudulent website impersonating a legitimate German modeling agency to gather intelligence and potentially target specific individuals. The operation, discovered in early …
HOA: The DA's case against the EE Amendment Act 2025-05-08 04:52 Politicsweb Thursday, 08 May 2025 08/05/25 DOCUMENTS HOA: The DA's case against the EE Amendment Act Democratic Alliance | 05 May 2025 The fixing of numerical targets, under threat of severe sanctions for non-compliance, is clearly unconstitutional IN THE …
Google identifies new malware linked to Russian hackers: ‘New development in the toolset’ 2025-05-07 23:13 New York Post Alphabet’s Google said on Wednesday it has identified new malware called “LOSTKEYS” tied to the Russian-based hacking group Cold River, which is capable of stealing files and sending system information to attackers. The malware “marks a new development in …
Google uncovers ‘LOSTKEYS’ malware linked to Russian-backed Cold River hackers 2025-05-07 17:30 Mint Google has uncovered a new strain of malware, dubbed "LOSTKEYS", believed to be the work of Cold River, a Russian-aligned hacking group reportedly connected to the country’s Federal Security Service (FSB), reported Reuters. According to a blog …
Google identifies new malware linked to Russia-based hacking group 2025-05-07 15:23 SRN News Google identifies new malware linked to Russia-based hacking group (Reuters) – Alphabet’s Google said on Wednesday it has identified a new malware called “LOSTKEYS” tied to the Russian government-backed threat group Cold River, which is capable of stealing …
Russian hackers tried to lure diplomats with wine tasting – sound familiar? It’s an update to a previous campaign by the notorious Midnight Blizzard group 2025-05-06 23:46 IT Pro Notorious Russian threat group Midnight Blizzard has been mixing up its attack methods in recent months, according to analysis from Check Point, including targeting European diplomats with the lure of luxury events. In a blog post detailing the campaign, …
New T1555.003 Technique Let Attackers Steal Passwords From Web Browsers 2025-05-06 11:43 Cyber Security News A sophisticated credential theft technique, identified as T1555.003 in the MITRE ATT&CK framework, has emerged as a significant threat to organizations worldwide. This technique enables adversaries to extract usernames and passwords directly from web …
Azerbaijan blames Russian state hackers for cyberattacks on local media 2025-05-05 16:38 The Record Azerbaijani officials claimed that the Russian state-sponsored hacker group APT29 was behind a cyberattack on several local media outlets earlier this year. The likely motive, according to Ramid Namazov, head of the Azerbaijani parliament's commission …
Cyberattacks Targeting US Increased by 136% 2025-05-05 07:11 Security Magazine Steve Johnson via Unsplash A report from Trellix provides insights and intelligence on current cyber threats (specifically between October 1, 2024 and March 31st, 2025). Particularly, the report analyzes the tools, techniques, and intentions of nation- …
TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise 2025-05-04 10:12 GBHackers Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the notorious financially motivated threat actor Golden Chickens, also known as Venom Spider. Active between January and April 2025, these tools signal a …
15 Video Game Bosses That Take Forever To Kill 2025-05-03 19:20 DualShockers Boss fights are an ultimate test of skill as you face a larger-than-life opponent in an epic battle. They're meant to be tough, hit hard, and intimidate you with their very presence. While some can be laughably easy to defeat, these bosses are anything …
ANY.RUN Expands Coverage of Recent Cyber Threats and Simplifies Security Integrations via SDK 2025-05-01 13:00 EIN Presswire DUBAI, DUBAI, UNITED ARAB EMIRATES, May 1, 2025 /⁨EINPresswire.com⁩/ -- ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has published its April 2025 service updates that helps businesses speed up …
⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More 2025-04-28 19:48 The Hacker News Apr 28, 2025Ravie LakshmananCybersecurity / Hacking News What happens when cybercriminals no longer need deep skills to breach your defenses? Today's attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing …
NSFOCUS APT Monthly Briefing – March 2025 2025-04-27 15:20 Security Boulevard Regional APT Threat Situation Overview In March 2025, the global threat hunting system of NSFOCUS Fuying Laboratory discovered a total of 19 APT attack activities. These activities were mainly distributed in South Asia, East Asia, Eastern Europe, and South …
Cyberattacks surged in 2025, with third party attacks seeing a huge rise 2025-04-24 16:06 TechRadar Pro Cybercriminals are increasingly using vulnerable companies to target their partners and peers The number of third-party incidents doubled year-on-year, Verizon's new report shows The attacks are used to gain access to target organizations New research …
Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp 2025-04-23 15:06 The Hacker News Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly …
Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign 2025-04-23 15:06 The Hacker News The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned …
Malware-free attacks: The threat to businesses 2025-04-23 09:20 IT Pro Attackers often use malware to target business systems. But recently, ‘malware-free’ attacks – which see adversaries instead abuse existing tools to target devices – are growing in popularity. The figures are concerning. According to CrowdStrike’s 2025 …
⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More 2025-04-21 15:05 The Hacker News Apr 21, 2025Ravie LakshmananCybersecurity / Hacking News Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that's exactly what we saw in last week's activity. Hackers are getting better at hiding inside …
Russian Hackers Target European Diplomats with ‘Wine-Tasting’ Phishing Scams 2025-04-21 11:35 eSecurityPlanet eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. A Russian state-linked hacking group is ramping up its cyberattacks against diplomatic targets across …
Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware 2025-04-21 09:09 Security Affairs Russia-linked APT29 targets European diplomatic entities with GRAPELOADER Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. Check Point Research team reported that Russia-linked …
Week in review: LLM package hallucinations harm supply chains, Nagios Log Server flaws fixed 2025-04-20 10:40 Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) Apple has released emergency security updates for iOS/iPadOS, …
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures 2025-04-20 07:07 The Hacker News The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed …
Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats 2025-04-19 22:01 Hackread Midnight Blizzard (APT29/Cozy Bear) targets European embassies and Ministries of Foreign Affairs with sophisticated phishing emails disguised as wine tasting invitations. Learn about the new GrapeLoader malware and the updated WineLoader backdoor …
CVE fallout: The splintering of the standard vulnerability tracking system has begun 2025-04-18 10:38 The Register Comment The splintering of the global system for identifying and tracking security bugs in technology products has begun. Earlier this week, the widely used Common Vulnerabilities and Exposures (CVE) program faced doom as the US government discontinued …
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download 2025-04-18 08:35 The Hacker News Apr 18, 2025Ravie LakshmananWindows Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) …
European diplomats targeted by Russian phishing campaign promising fancy wine tasting" target="_self" data-before-rewrite-localise="/pro/security/european-diplomats-targeted-by-russian-phishing-campaign-promising-fancy-wine-tasting 2025-04-17 14:19 TechRadar Security researchers spotted a new phishing campaign targeting diplomats in Europe The targets are invited to an upmarket wine tasting event However the emails distribute a new loader called GRAPELOADER Russian scammers are using diplomats’ love for wine …
Russia-linked APT29 targets European diplomats with new malware 2025-04-17 00:57 CSO Cyberespionage group known as APT29 and linked to Russia’s foreign intelligence service (SVR), has added a new malware loader to its toolset. Used for fingerprinting, persistence and payload delivery, the new loader was observed in a recent phishing …
APT29 Hackers Employs GRAPELOADER in New Attack Against European Diplomats 2025-04-16 20:03 Cyber Security News A sophisticated phishing campaign by Russian-linked threat group APT29 has been actively targeting European diplomatic entities since January 2025, according to a recent security report. The campaign, believed to be a continuation of previous operations …
APT29 Hackers Use GRAPELOADER in New Attack Against European Diplomats 2025-04-16 10:44 GBHackers Check Point Research (CPR) has uncovered a new targeted phishing campaign employing GRAPELOADER, a sophisticated initial-stage downloader, launched by the notorious Russian-linked hacking group APT29, known alternatively as Midnight Blizzard or Cozy Bear. …
Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries 2025-04-16 05:04 Information Security Buzz APT29—also known as “Cozy Bear,” a notorious threat actor linked to Russia’s Foreign Intelligence Service (SVR)—has launched a new phishing campaign aimed at European diplomatic missions. This was revealed in a new report from Check Point Research. This …
Threat Actors Weaponize Shell Techniques to Maintain Persistence and Exfiltrate Data 2025-04-14 16:25 Cyber Security News Shells provide crucial command-line interfaces to operating systems. While legitimate for system administration tasks, when weaponized by threat actors, shells transform into dangerous avenues for unauthorized access, system control, and data theft across …
APT32 Hackers Weaponizing GitHub to Attack Cybersecurity Professionals & Enterprises 2025-04-11 21:35 Cyber Security News The APT32 (OceanLotus) has launched a novel campaign weaponizing GitHub repositories to distribute malware to cybersecurity researchers and enterprises. This operation represents a strategic shift from the group’s historical focus on Southeast Asian …
APT32 Turns GitHub into a Weapon Against Security Teams and Enterprise Networks 2025-04-10 10:55 GBHackers Southeast Asian Advanced Persistent Threat (APT) group OceanLotus, also known as APT32, has been identified as employing GitHub to conduct a sophisticated poison attack against Chinese cybersecurity professionals. The ThreatBook Research and Response Team …
Germany links cyberattack on research group to Russian state-backed hackers 2025-04-09 22:06 The Record German authorities suspect that Russian state-backed hackers were behind a recent cyberattack on a prominent Berlin-based research institute focused on Eastern Europe, the second such incident involving the organization in recent months. The German …
NCSC issues warning over Chinese Moonshine and BadBazaar spyware 2025-04-09 00:49 Computer Weekly The UK’s National Cyber Security Centre (NCSC), the US’s National Security Agency (NSA) and the FBI, alongside Five Eyes partner agencies from Australia, Canada and New Zealand, and the German cyber authorities, have issued a series of advisories warning …
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine 2025-04-08 13:24 The Hacker News The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self- …
YouTube’s Algorithm: Dictators’ New Weapon 2025-04-08 00:41 The Times of Israel EXCLUSIVE: How Authoritarian Regimes Exploit YouTube’s Algorithms and Features to Silence Independent Media As authoritarian regimes intensify their digital warfare to silence dissenting voices, independent media channels operating abroad have increasingly …
How Real is the Netflix Series Zero Day? New Research Says Very. 2025-04-07 10:59 Information Security Buzz The Netflix series Zero Day has Americans wondering how feasible an attack on critical infrastructure is. The simple answer? Very. While the show’s impeccably coordinated scenario is unprecedented, research confirms that in 2024, threat actors from Russia, …
Hacking Democracy: Russia’s Digital War on German and European Elections 2025-04-03 23:18 Vsquare Russia’s disinformation machine didn’t just meddle in Germany’s 2025 elections — it built an entire fake media ecosystem to do it. Through a network of over 100 bogus news sites and psychological operations like Storm-1516, the Kremlin sowed chaos, …
New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows 2025-04-03 00:24 Security Affairs New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems. The threat actor FIN7, also known as …
Optimise organisational armour, focus less on soft underbelly of the organisation 2025-04-02 15:26 ITWeb Luke Cifarelli, Cymulate. Advanced exposure management, enhanced with AI and automation, enables organisations to cut complexity and alleviate cyber security mitigation workloads, while continuously improving their cyber security posture. This is according …
Malware in Lisp? Now you're just being cruel 2025-03-29 12:32 The Register Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell. Computer scientists affiliated with the University of Piraeus and Athena Research Center in Greece and Delft University of Technology in the …
PERSPECTIVE: 25 Years of Evolving Information Sharing Into Actionable Intelligence 2025-03-21 21:26 Homeland Security Today The IT-ISAC is celebrating its 25th Anniversary this year. This has caused me to reflect on the new challenges we continue to face as a cybersecurity community. When I first joined the IT-ISAC in 2005, a leader of another ISAC (information sharing and …
FBI Warned of Cyber Threats Last Year 2025-03-21 14:46 Texas Border Business The Federal Bureau of Investigation (FBI) repeatedly warned the public throughout 2024 about an escalating wave of cyber threats. Image for illustration purposesTexas Border Business Texas Border Business The Federal Bureau of Investigation (FBI) …
CLEO Delivers Commercial Development Milestone 2025-03-19 00:32 Investing News Network - Amgen (NASDAQ:AMGN) today announced new data from the Phase 3, registrational MINT trial evaluating the efficacy and safety of UPLIZNA ® (inebilizumab-cdon) in adults living with generalized myasthenia gravis (gMG). The results demonstrated durable and …
“My Vas Pokhoronim!” 2025-03-18 13:10 Security Boulevard On November 18, 1956, Soviet leader Nikita Khrushchev met with Western ambassadors at a reception at the Polish Embassy on Klimashkina Street in Moscow. He told the assembled ambassadors, “Whether you like it or not, history is on our side. We will bury …
What is an APT and how are they tracked? 2025-03-17 13:21 IT Pro Advanced persistent threat (APT) is a term used to describe a sophisticated cyber attack, campaign of cyber attacks, or threat group behind these attacks looking to establish long-term persistence on a target network. Breaking the acronym down, advanced …
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches 2025-03-17 10:22 Cyber Security News Welcome to this week’s Cybersecurity Newsletter, where we provide you with the latest updates and essential insights from the rapidly changing field of cybersecurity. Staying informed is crucial in today’s fast-paced digital environment. Our goal is to …
Blind Eagle Attacking Organizations With Weaponized .url Files To Extract User Hash 2025-03-13 17:40 Cyber Security News The cybersecurity landscape has witnessed a concerning development as the threat actor group known as Blind Eagle (also tracked as APT-C-36) has launched a sophisticated campaign targeting organizations primarily in South America with a novel attack vector …
Blind Eagle Targets Organizations with Weaponized .URL Files to Steal User Hashes 2025-03-13 17:32 GBHackers In a significant development in the cybersecurity landscape, APT-C-36, more commonly known as Blind Eagle, has intensified its operations targeting Colombian governmental, financial, and critical infrastructure organizations. Active since 2018, this …
Fully Undetected Anubis Malware Enables Hackers to Execute Remote Commands 2025-03-12 15:45 GBHackers A recent alert has highlighted the emergence of the AnubisBackdoor, a Python-based backdoor attributed to the Savage Ladybug group, which is reportedly linked to the notorious FIN7 cybercrime gang. This malware is designed to provide remote access, execute …
Blind Eagle Hackers Leveraging Google Drive, Dropbox & GitHub To Bypass Security Defenses 2025-03-11 23:37 Cyber Security News A series of ongoing, targeted cyber campaigns by Blind Eagle (APT-C-36), one of Latin America’s most dangerous threat actors primarily targeting Colombia’s justice system, government institutions, and private organizations were recently unveiled by Check …
Blind Eagle Targets Colombian Government with Malicious .url Files 2025-03-11 20:54 Infosecurity Magazine A new cyber-threat campaign targeting Colombian government institutions and organizations since November 2024 has been linked to the threat group Blind Eagle, also known as APT-C-36. The attackers have been distributing malicious .url files that mimic the …
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks 2025-03-11 18:03 The Hacker News The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government …
1,600 Victims Hit by South American APT’s Malware 2025-03-11 15:30 SecurityWeek A South American cyberespionage group has delivered malware to over 1,600 victims in Colombia in a recent campaign, Check Point reports. Tracked as Blind Eagle and APT-C-36, and active since 2018, the advanced persistent threat (APT) actor is known for …
Blind Eagle Hackers Exploit Google Drive, Dropbox & GitHub to Evade Security Measures 2025-03-11 14:09 GBHackers In a recent cyber campaign, the notorious threat actor group Blind Eagle, also known as APT-C-36, has been leveraging trusted cloud platforms like Google Drive, Dropbox, GitHub, and Bitbucket to distribute malware and evade traditional security defenses. …
APT 'Blind Eagle' Targets Colombian Government 2025-03-10 19:38 Dark Reading Check Point Research has observed a threat actor "long suspected" to originate from South America targeting Colombian institutions and government entities in a series of cyberattacks. That's according to research published on March 10 …
Rapid7’s Chief Scientist Warns Australian Businesses to Prioritise their Ransomware Policies 2025-03-07 00:53 iTWire Australian companies need to establish clear ransomware policies and improve their understanding of their attack surface to enhance their cyber security, says a visiting global expert. Raj Samani, the Chief Scientist at NASDAQ listed cyber security giant …
Hackers exploit botnet to attack Microsoft 365 accounts 2025-03-06 22:10 SecurityBrief A newly identified botnet comprising over 130,000 compromised devices is systematically targeting Microsoft 365 accounts using password spraying attacks, according to findings from cybersecurity firm SecurityScorecard. The attacks exploit Non-Interactive …
'Crafty Camel' APT Targets Aviation, OT With Polygot Files 2025-03-06 12:35 Dark Reading A sophisticated advanced persistent threat (APT) that's likely aligned with Iran has been deploying a convincing business email compromise (BEC) attack to deliver two-faced polyglot files, which quietly dropped a simple but diligently concealed …
Suspected Iran-backed hackers target UAE with newly discovered 'Sosano' malware 2025-03-04 23:10 The Record A relatively unknown threat actor targeted several organizations in the United Arab Emirates, — including those involved in aviation, satellite communications and critical transportation infrastructure — with a newly discovered backdoor that researchers …
What is Identity Attack Surface Management (IASM) 2025-03-04 06:40 Security Boulevard Organizations rely heavily on digital identities for access and authorization. This reliance has led to a significant increase in identity-based attacks, making it crucial for organizations to prioritize identity security. Identity Attack Surface …
U.S. Halts Cyber Operations Targeting Russia 2025-03-04 02:47 Cyber Security News The United States has paused offensive cyber operations against Russia under an order from Defense Secretary Pete Hegseth, causing debates over geopolitical strategy and domestic cybersecurity priorities. While U.S. Cyber Command—a Unified Combatant …
Russia’s Evolving Strategy to Undermine the West: From Soviet Terror to Cyberwar 2025-03-01 15:33 Kyiv Post In the 1970s and 1980s, Soviet-backed terrorists carried out attacks across Europe that left civilians both horrified, puzzled, and asking, “Why commit terrorism if no one understands why you are doing it?” Terrorism, by definition, has an ideological …
CrowdStrike enhances identity security for hybrid clouds 2025-02-27 06:55 SecurityBrief CrowdStrike has announced that its Falcon Cloud Security for Microsoft Entra ID is now generally available, providing enhanced security measures for government entities working in GovCloud environments. The Falcon platform is designed to unify real-time …
Top 12 Must-Watch Anime for Bleach Fans Seeking Intense Battles and Supernatural Thrills 2025-02-27 02:57 OtakuKart Enjoying a shonen anime is one thing, but truly appreciating the intricate designs, gripping narratives, and well-crafted combat is another. Bleach masters all these aspects, making it a standout in the genre. The series follows Ichigo Kurosaki, an …
CrowdStrike launches Falcon Identity Protection for Microsoft Entra ID 2025-02-27 02:35 ETCIO Southeast Asia CrowdStrike today announced the general availability of CrowdStrike Falcon Identity Protection for Microsoft Entra ID, setting a new standard in identity security by unifying prevention, detection and response to identity-based attacks across hybrid …