attack tools

Low-skilled attacker used Claude, Codex to breach 14 companies

agentic AI, attack, attack tools, Claude Code, cybersecurity, Don't miss, Hot stuff, LLMs, News, research /

Low-skilled attacker used Claude, Codex to breach 14 companies 2026-06-17 at 18:43 By Zeljka Zorz Researchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report by OALABS (Open Analysis) researchers bears that out. After recovering and analyzing over 1,000 agent sessions from a compromised server […]

Low-skilled attacker used Claude, Codex to breach 14 companies Read More »

Google disrupts proxy network used by 550+ threat groups

Android, attack tools, Don't miss, Google, Hot stuff, News, Proxy, Windows /

Google disrupts proxy network used by 550+ threat groups 2026-01-29 at 18:27 By Zeljka Zorz Google has disrupted Ipidea, a massive residential proxy network consisting of user devices that are being used as the last-mile link in cyberattack chains. “In a single seven day period in January 2026, GTIG observed over 550 individual threat groups

Google disrupts proxy network used by 550+ threat groups Read More »

Okta users under attack: Modern phishing kits are turbocharging vishing attacks

attack tools, Don't miss, Google, Hot stuff, Microsoft 365, News, Okta, vishing /

Okta users under attack: Modern phishing kits are turbocharging vishing attacks 2026-01-23 at 15:31 By Zeljka Zorz Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time. At least

Okta users under attack: Modern phishing kits are turbocharging vishing attacks Read More »

Attackers turn trusted OAuth apps into cloud backdoors

attack tools, automation, cloud security, Don't miss, enterprise, Hot stuff, Microsoft Entra ID, News, OAuth, privileged accounts, Proofpoint /

Attackers turn trusted OAuth apps into cloud backdoors 2025-10-22 at 15:43 By Zeljka Zorz Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or

Attackers turn trusted OAuth apps into cloud backdoors Read More »

Legit tools, illicit uses: Velociraptor, Nezha turned against victims

APT, attack tools, Cisco, Don't miss, Hot stuff, Huntress, News, open source, Ransomware, Sophos /

Legit tools, illicit uses: Velociraptor, Nezha turned against victims 2025-10-09 at 19:19 By Zeljka Zorz Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the latest additions to their attack toolbox. Velociraptor misuse A suspected China-based ransomware threat actor has

Legit tools, illicit uses: Velociraptor, Nezha turned against victims Read More »

Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs

attack lifecycle, attack tools, Don't miss, ESXi, Hot stuff, Incident Response, MITRE, MITRE ATT&CK, News, threat modeling /

Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs 2025-04-23 at 16:13 By Zeljka Zorz MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi hypervisors. About MITRE ATT&CK MITRE ATT&CK is a regularly

Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs Read More »

FIN7 sells improved EDR killer tool

attack tools, backdoor, cybercrime, cybercriminals, Don't miss, Hot stuff, Malware, News, Ransomware, SentinelOne /

FIN7 sells improved EDR killer tool 2024-07-18 at 15:46 By Zeljka Zorz The cybercrime-focused enterprise known as FIN7 (aka the Carbanak group) has come up with yet another trick to assure the effectiveness of its “EDR killer” tool, dubbed AvNeutralizer (i.e., AuKill) by researchers. By leveraging Windows’ built-in driver TTD Monitor Driver (ProcLaunchMon.sys), in conjunction

FIN7 sells improved EDR killer tool Read More »

Scroll to Top