ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the Da
TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed
Microsoft 365 Copilot und Edge: Schwachstelle ermöglicht Offenlegung von Informationen und Manipulation von Daten
Es existiert eine Schwachstelle in Microsoft 365 Copilot und Microsoft Edge für Android und iOS. Durch einen Fehler können Angreifer überzeugende Phishing-Inhalte innerhalb der vertrauenswürdigen Zusammenfassungsschnitts
Microsoft Teams phishing targets employees with backdoors
Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. [...]
Dutch govt warns of Signal, WhatsApp account hijacking attacks
Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. [...]
APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. "The attack chain initiat
Gravierende RCE-Schwachstelle in Claude Desktop Extension
Nutzer der Claude Desktop Extension sind von einer kritischen Zero-Click-Sicherheitslücke betroffen. Sicherheitsforscher von Layerx haben eine RCE-Anfälligkeit entdeckt, die die vollständige Kompromittierung des Systems
1-Click-Schwachstelle in Videoüberwachungssystem
Eine kritische 1-Click-Sicherheitslücke im Idis ICM Viewer erlaubt Spear-Phishing-Angriffe, die direkt Code auf dem Host-Gerät ausführen. Ein unbedachter Klick genügt, um das Netzwerk zu gefährden. Nutzer sollten dringen
New XWorm RAT Campaign Uses Themed Phishing Lures and CVE‑2018‑0802 Excel Exploit to Evade Detection
A new phishing campaign has been observed delivering an updated variant of XWorm, a Remote Access Trojan (RAT) that can give attackers full remote control of infected Microsoft Windows systems. First tracked in 2022, XWo
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the ac
Germany warns of Signal account hijacking targeting senior figures
Germany's domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. [...]
Apple Pay phish uses fake support calls to steal payment details
This Apple Pay phishing campaign is designed to funnel victims into fake Apple Support calls, where scammers steal payment details.
Phishing and OAuth Token Flaws Lead to Full Microsoft 365 Compromise
Modern web applications frequently introduce unforeseen attack surfaces through seemingly harmless features designed for user engagement, such as newsletter signups, contact forms, and password resets. While individual v
Beware of Fake Traffic Ticket Portals that Harvest Your PII and Credit Card Data
A sophisticated phishing campaign targeting Canadian citizens has emerged, using fake traffic ticket payment portals to steal personal and financial information. The attackers employ SEO poisoning techniques to manipulat
Phishing mit Deepfakes: Unternehmen müssen sich vorbereiten
<p>Cyberkriminalität im Zusammenhang mit Deepfakes nimmt zu, da Kriminelle KI nutzen, um ahnungslose Opfer, darunter auch Anwender in Unternehmen, zu täuschen und zu betrügen. Deepfakes verwenden <a title="Deep Learning"
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mech
PhantomVAI Custom Loader Uses RunPE Utility to Attack Users
A sophisticated custom loader named PhantomVAI has emerged in global phishing campaigns, delivering various stealers and remote access trojans (RATs) to compromised systems. This malware loader operates by masquerading a
False Negatives Are a New SOC Headache. Here’s the Fast Way to Fix It
False negatives are becoming the most expensive “quiet” failure in SOCs. In 2026, AI-generated phishing and multi-stage malware chains are built to look clean on the outside, behave normally at first, and only reveal int
Threat Actors Abuse Microsoft & Google Platforms to Attack Enterprise Users
Enterprise security teams are facing a sophisticated new challenge as cybercriminals increasingly exploit trusted cloud platforms to launch phishing attacks. Instead of relying on suspicious newly registered domains, thr
Phishing: Falsche Cloud-Speicher-Warnung nachverfolgt
Phishing-Mails zielen nicht nur direkt auf Zugangsdaten ab, sondern bringen Opfer öfter zu Affiliate-Marketing-Seiten.