Velociraptor incident response tool abused for remote access
This approach represents an evolution from threat actors abusing remote monitoring and management tools
Similar Posts
Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute
Bys sAnthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a “supply chain risk.” “This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance…
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
Bys sA previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and
CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
Bys sThe Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data. The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links…
Overcoming Risks from Chinese GenAI Tool Usage
Bys sA recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from security teams. The study, conducted by Harmonic Security, also identifies hundreds of instances in which sensitive data was uploaded to platforms hosted in China,…
Aflac notifies SEC of breach suspected to be work of Scattered Spider
Bys sOn June 20, Aflac notified the SEC of unauthorized access to its network: On June 12, 2025, Aflac Incorporated, a Georgia corporation (the “Company”), identified unauthorized access to its network. The Company promptly initiated its cybersecurity incident response protocols and believes that it contained the intrusion within hours. The Company’s business remains operational, and its…
Critical Infrastructure Ransomware Attack Tracker Reaches 2,000 Incidents
Bys sTemple University’s Critical Infrastructure Ransomware Attacks (CIRA) database now contains over 2,000 entries. The post Critical Infrastructure Ransomware Attack Tracker Reaches 2,000 Incidents appeared first on SecurityWeek.