Velociraptor incident response tool abused for remote access
This approach represents an evolution from threat actors abusing remote monitoring and management tools
Similar Posts
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
Bys sGermany’s Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. The threat actor, who went by the alias UNKN, functioned as a representative of the group, advertising the ransomware in June 2019 on the XSS…
CISA orders federal agencies to patch Sitecore zero-day following hacking reports
Bys sJonathan Greig reports: Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug. Sitecore published a bulletin on Wednesday about CVE-2025-53690, which affects several of the company’s products. A key issue with the bug is the use of……
Marquette County Medical Care Facility discloses data breach
Bys sMarquette County Medical Care Facility (MCMCF) has issued a statement about a breach they discovered in March 2025. On March 3, 2025, MCMCF became aware of the business email compromise incident when contacts of MCMCF’s Human Resources director began receiving phishing emails from her Microsoft Office 365 (O365) account. The types of information involved included…
Singapore Facing ‘Serious’ Cyberattack by Espionage Group With Alleged China Ties
Bys sSingapore said Friday it was responding to a major cyberattack on its critical infrastructure carried out by an espionage group that security experts allege is linked to China. The Chinese embassy in Singapore described the allegations as “unwarranted smearing”. France 24 reports: Singapore is dealing with a “serious” cyberattack against its critical infrastructure by a highly sophisticated entity linked…
Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws
Bys sAmazon’s threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products as part of attacks designed to deliver custom malware. “This discovery highlights the trend of threat actors focusing on critical identity and network access control…
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
Bys sThree different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. “Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate…