All CosmicBytez Labs articles tagged #Threat Intelligence, across news, security advisories, how-to guides, and projects.
A threat actor has deployed an AI-generated ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response solutions, marking a new escalation in AI-assisted cybercrime.
Twenty years after Dark Reading launched, security leaders are looking beyond the assume-breach paradigm toward AI-native, hyper-segmented enterprise defense that orchestrates detection, response, and recovery with machine-speed precision.
Nation-states are racing to dominate the embodied AI and humanoid robotics market, but as governments and militaries integrate these systems, the cyber-physical attack surface is expanding in ways security experts warn could have severe consequences.
DDoS attacks are increasingly sold as subscription services with pricing tiers, reseller programs, and customer support. Flare's analysis reveals how the DDoS-as-a-Service market has matured from scattered tools into polished criminal attack platforms.
As OpenAI and Anthropic push frontier AI capabilities forward, SentinelOne argues that AI-native, machine-speed cyber defense is now essential — and that the gap between AI-powered attackers and legacy defenders is widening.
Anne Keast-Butler, head of the UK's GCHQ signals intelligence agency, has warned that artificial intelligence represents an unstoppable force in cyberspace — with nations including Russia already deploying AI in warfare, while GCHQ develops its own AI-powered cyber shield.
Western intelligence officials warn that Moscow's espionage apparatus is deploying cyber spies, hackers, and recruited middlemen to steal dual-use...
UK signals-intel chief warns AI is reshaping threats as an unstoppable force while Russia escalates hostile gray-zone activity below open conflict.
Nimbus Manticore, an Iranian advanced persistent threat group, has continued operations targeting aviation and software companies during and after the US.
The Belarus-aligned Ghostwriter APT (UAC-0057/UNC1151) has launched a new phishing campaign impersonating Prometheus, a Ukrainian e-learning platform, to...
This week's threat intelligence bulletin covers Linux rootkit campaigns, an actively exploited router zero-day, AI-assisted intrusions, new scam kit...
Threat actors have compromised the widely-used actions-cool/issues-helper GitHub Action, redirecting every existing tag to a malicious imposter commit...
Researchers at HUMAN Security uncovered Trapdoor, a sophisticated Android ad fraud and malvertising operation that used 455 malicious apps and 183...
Verizon's 2026 Data Breach Investigations Report reveals a landmark shift: vulnerability exploitation has surpassed credential abuse as the leading breach...
A Flare threat intelligence analysis breaks down the REMUS infostealer — a rapidly evolving credential theft tool built around stolen browser sessions and...
Adversaries are increasingly weaponizing CI/CD pipelines as a living-off-the-land vector — abusing trusted build infrastructure to execute attacks without...
Director of National Intelligence Tulsi Gabbard has appointed two officials to lead cross-agency monitoring of foreign threats targeting the 2026 U.S....
SecurityScorecard has acquired Driftnet to expand visibility into third-party ecosystems, addressing growing supply chain attack risks that continue to...
The hacking group TeamPCP has publicly released the source code for its Shai-Hulud supply chain worm, actively encouraging other threat actors to...
An OPSEC failure provides a rare window into the inner workings of The Gentlemen ransomware-as-a-service group, exposing their affiliate model, TTPs, and...
TeamPCP has expanded its supply chain attack campaign with a fresh Mini Shai-Hulud worm that compromised npm and PyPI packages from TanStack, UiPath,...
Google Threat Intelligence Group researchers say a zero-day exploit targeting a widely used open-source web administration tool was likely generated using...
Install and configure CrowdSec on Linux to detect and block attacks using crowdsourced threat intelligence, custom scenarios, and iptables/nftables bouncers.
Analysis of more than 25 million security alerts across enterprise SOCs reveals a troubling pattern: organizations are institutionalizing the practice of...
The RansomHouse threat group has claimed responsibility for the Trellix source code repository breach disclosed last week, leaking a set of proof images...
A newly discovered phishing-as-a-service toolkit called Bluekit is emerging on underground forums, offering threat actors an AI assistant for campaign...
When rival ransomware groups 0APT and KryBit turned on each other, they exposed infrastructure details, operational data, victim lists, and internal...
ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...
This week's ThreatsDay Bulletin covers the $290M KelpDAO DeFi hack tied to Lazarus Group, new macOS living-off-the-land attack techniques, ProxySmart SIM...
SentinelOne has discovered 'fast16', a 2005-era Lua-based cyber sabotage implant that predates Stuxnet by five years and targeted high-precision...
UNC6692 employs email bombing and Teams impersonation to deliver a three-component Snow malware suite — SnowBelt, SnowGlaze, and SnowBasin — enabling full...
Threat actors hijacked the official checkmarx/kics Docker Hub repository by overwriting existing image tags — including v2.1.20 and alpine variants — and...
Recently observed Trigona ransomware attacks are using a bespoke command-line exfiltration tool to steal data from compromised environments faster and...
Vercel has expanded its breach investigation tied to the Context.ai supply chain compromise and identified additional customer accounts with unauthorized...
Stolen credentials remain the dominant initial access vector in 2026 — no zero-days, no malware, just valid logins that blend in with normal activity...
The North Korean supply chain attack on Axios — a JavaScript library with 100 million weekly downloads — highlights why human-scale monitoring can no...
Following law enforcement disruption of the Tycoon 2FA platform, threat actors are reusing its tools and techniques across a wave of new phishing kits,...
Grinex, a Kyrgyzstan-based cryptocurrency exchange sanctioned by the U.S., U.K., and EU for facilitating sanctions evasion, has suspended all operations...
Kyrgyzstan-based cryptocurrency exchange Grinex has suspended all operations after a $13.7 million hack, with the platform controversially attributing the...
Huntress is warning that threat actors are actively exploiting three privilege escalation vulnerabilities in Microsoft Defender — codenamed BlueHammer,...
Citizen Lab has documented how an Israeli surveillance company called Cobwebs Technologies built an advertising-based global geolocation platform named...
UK communications regulator Ofcom has warned tech executives they face criminal prosecution and imprisonment if their platforms fail to adequately combat...
Bitcoin Depot, one of North America's largest Bitcoin ATM operators, has filed an SEC disclosure revealing a cyberattack in which threat actors gained...
Cybercriminals are stealing millions from Russian companies by compromising accountants' computers and disguising fraudulent transfers as routine salary...
This week's ThreatsDay Bulletin from The Hacker News covers 20 active threats including a hybrid P2P DDoS botnet, a 13-year-old Apache ActiveMQ RCE flaw...
Microsoft says the financially motivated cybercrime group Storm-1175, linked to China, has exploited N-day and zero-day vulnerabilities in high-velocity...
Microsoft has formally attributed Medusa ransomware zero-day attacks to Storm-1175, a China-based financially motivated cybercriminal group that has...
Cybersecurity researchers discovered 36 malicious npm packages disguised as Strapi CMS plugins that abused Redis and PostgreSQL connections to harvest...
Modern ransomware has evolved far beyond simple file encryption. Multi-extortion tactics — combining encryption, data theft, and public leak threats —...
Microsoft Defender researchers have documented a stealthy PHP web shell technique that uses HTTP cookies as a covert command-and-control channel on Linux...
The North Korean threat actor UNC1069 used a sophisticated, targeted social engineering campaign against the Axios npm package maintainer Jason Saayman to...
As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are taking credit and creating a murky attribution...
Threat actors are weaponizing vacant properties as drop addresses for mail interception, blending physical access with digital fraud. A Flare threat...
The Drift Protocol DeFi platform lost at least $280 million after a sophisticated threat actor executed a planned governance attack, seizing control of...
Google's Threat Intelligence Group has formally attributed the supply chain compromise of the popular Axios npm package to UNC1069, a financially...
Security researchers at multiple firms are sounding alarms over a supply chain attack against Axios, an npm package with 100 million weekly downloads....
Security researchers have identified a newly discovered malicious implant named RoadK1ll that leverages WebSocket connections to silently move from an...
This week's cybersecurity roundup covers long-running telecom espionage operations reaching courtrooms, resurging LLM jailbreak techniques, Apple's UK age...
New research shows AI is dramatically accelerating how quickly threat actors can weaponize vulnerabilities, with 92% of security professionals expressing...
Proofpoint has attributed a targeted email campaign to Russian state-sponsored threat actor TA446, which is leveraging the recently disclosed DarkSword...
The TeamPCP threat actor — behind previous supply chain attacks on Trivy, KICS, and litellm — has now compromised the telnyx Python package on PyPI,...
Deploy CrowdSec on a Linux server to get community-powered intrusion prevention — block brute-force attacks, credential stuffing, and vulnerability...
A newly discovered .NET infostealer dubbed Speagle repurposes compromised Cobra DocGuard servers for C2 and data exfiltration, targeting organizations...
The Interlock ransomware gang has been actively exploiting a CVSS 10.0 insecure deserialization flaw in Cisco Secure Firewall Management Center since late...
The LeakNet ransomware gang is using ClickFix social engineering for initial access and a Deno-based malware loader to execute fileless payloads from...
The GlassWorm self-propagating worm campaign has compromised 72 Open VSX extensions using invisible Unicode Private Use Area characters and a Solana...
Microsoft-tracked threat actor Velvet Tempest is deploying Termite ransomware via a ClickFix social-engineering chain that loads DonutLoader and installs...
Deploy a full deception technology stack using T-Pot and OpenCanary to capture real attacker behaviour, generate threat intelligence, and sharpen your...
Cloudflare's inaugural threat intelligence report reveals its network blocks 230 billion cyber threats daily, with DDoS attacks doubling to 47.1 million...
Amazon's threat intelligence team has documented how a Russian-speaking, financially motivated actor used multiple commercial generative AI tools to...
A Russian-linked phishing operation dubbed Diesel Vortex has stolen over 1,649 credentials from major freight and logistics companies across the US and...
Multiple industry reports warn that 2026 marks the emergence of agentic AI threats — autonomous systems capable of planning and executing multi-step...
With 91 publicly disclosed ransomware attacks in January 2026 alone, the ransomware landscape is shifting toward data-only extortion while healthcare...
Security researchers discover a new Linux botnet named SSHStalker that leverages the legacy IRC protocol for C2 operations, marking a return to old-school...
The 2026 International AI Safety Report confirms AI systems can assist attackers across multiple stages of the cyberattack chain, with vulnerability...
This week: state-backed espionage campaigns across 155 countries, China-linked router hijacking, ransomware surge, new security tools, and site updates.
Palo Alto Unit 42 reveals a state-aligned group designated TGR-STA-1030 compromised government and critical infrastructure targets in 37 countries using...
A structured approach to open-source intelligence gathering covering domain reconnaissance, email enumeration, social media profiling, and infrastructure...
Security experts predict autonomous AI systems will be responsible for at least one major enterprise breach within months, as threat actors weaponize...
Security researchers identify 14 active RaaS platforms operating sophisticated affiliate programs, with entry costs as low as $40 per month lowering the...
Threat intelligence reports show 8 active ransomware groups claimed 26 victims on February 2nd alone, with major corporations including BASF and Honeywell...
Ransomware attacks against healthcare organizations have increased 67% in the first month of 2026, with multiple hospital systems reporting service disruptions.
Microsoft reveals adversaries using AI for automated vulnerability discovery, phishing campaigns, and malware generation. AI-crafted phishing emails...