attack tools

Attackers turn trusted OAuth apps into cloud backdoors

attack tools, automation, cloud security, Don't miss, enterprise, Hot stuff, Microsoft Entra ID, News, OAuth, privileged accounts, Proofpoint /

Attackers turn trusted OAuth apps into cloud backdoors 2025-10-22 at 15:43 By Zeljka Zorz Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or […]

React to this headline:

Loading spinner

Attackers turn trusted OAuth apps into cloud backdoors Read More »

Legit tools, illicit uses: Velociraptor, Nezha turned against victims

APT, attack tools, Cisco, Don't miss, Hot stuff, Huntress, News, open source, Ransomware, Sophos /

Legit tools, illicit uses: Velociraptor, Nezha turned against victims 2025-10-09 at 19:19 By Zeljka Zorz Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the latest additions to their attack toolbox. Velociraptor misuse A suspected China-based ransomware threat actor has

React to this headline:

Loading spinner

Legit tools, illicit uses: Velociraptor, Nezha turned against victims Read More »

Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs

attack lifecycle, attack tools, Don't miss, ESXi, Hot stuff, Incident Response, MITRE, MITRE ATT&CK, News, threat modeling /

Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs 2025-04-23 at 16:13 By Zeljka Zorz MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi hypervisors. About MITRE ATT&CK MITRE ATT&CK is a regularly

React to this headline:

Loading spinner

Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs Read More »

FIN7 sells improved EDR killer tool

attack tools, backdoor, cybercrime, cybercriminals, Don't miss, Hot stuff, Malware, News, Ransomware, SentinelOne /

FIN7 sells improved EDR killer tool 2024-07-18 at 15:46 By Zeljka Zorz The cybercrime-focused enterprise known as FIN7 (aka the Carbanak group) has come up with yet another trick to assure the effectiveness of its “EDR killer” tool, dubbed AvNeutralizer (i.e., AuKill) by researchers. By leveraging Windows’ built-in driver TTD Monitor Driver (ProcLaunchMon.sys), in conjunction

React to this headline:

Loading spinner

FIN7 sells improved EDR killer tool Read More »

Scroll to Top