-
XRed Malware Campaign Targets Multinational Organizations : 10 December 2025
Key Points Malware campaign impersonating the Indian Ministry of Finance and Income Tax Department Low-volume, strategically targeted campaign predominantly spanning financial services, professional services, and corporate services sectors across UK and US businesses with entity in India VBS script downloads and executes…
-
Holiday Party Invitations Deliver Remote Access Tools : 5 December 2025
Key Points Threat actors are leveraging the holiday season by impersonating legitimate party invitation services like Punchbowl to distribute remote monitoring and management (RMM) tools Targeting US businesses predominately in the Finance, Professional Services (Accounting, Legal) and Real Estate industries Links within…
-
Holiday Party Invitations Deliver Remote Access Tools : 5 December 2025
Key Points Threat actors are leveraging the holiday season by impersonating legitimate party invitation services like Punchbowl to distribute remote monitoring and management (RMM) tools Targeting US businesses predominately in the Finance, Professional Services (Accounting, Legal) and Real Estate industries Links within…
-
HR Bonus-Themed QR Code Phishing Campaign Exploiting Year-End Corporate Processes : 21 November 2025
Key Points Threat Type: Credential harvesting via QR code phishing Brand Impersonated: DocuSign, company HR departments Primary Vector: Compromised email accounts sending PDF attachments with embedded QR codes Campaign Overview The Mimecast Threat Research team has identified an active credential harvesting campaign…
-
New Employee Phishing Campaign Targets Microsoft 365 Credentials : 05 November 2025
Key Points Credential harvesting campaign impersonating new employee notifications across multiple organizations Multi-stage attack flow utilizing fake verification pages and CAPTCHA to evade detection Leverages FlowerStorm phishing-as-a-service platform with Adversary-in-the-Middle capabilities to bypass MFA Campaign…
-
Common Social Engineering Lures Used to Deploy Remote Monitoring Management Tools for Initial Access
10 October 2025 Key Points Continued shift from traditional malware delivery to abuse of legitimate Remote Monitoring and Management (RMM) tools for initial access Campaigns targeting organizations across multiple industries using social engineering lures including fake payment receipts, meeting invitations, and tax…
-
10 Emerging Cyber Threats To Watch Closely In 2026
Good day Community - I found this article in Cyber Management Alliance and wanted to share it and get your thoughts: no surprise AI is on the list 😎 "Emerging cyber threats are racing through blind spots that didn’t even exist a year ago. What used to be a “rare exploit” is now a Tuesday afternoon. And the problem is that…
-
Mimecast Global Threat Intelligence Report – Policy Recommendations
Essential Mimecast Configurations Based on 2025 Global Threat IntelligenceThe cybersecurity landscape continues to evolve at breakneck speed, and our 2025 Global Threat Intelligence Report reveals concerning trends that demand immediate attention. Advanced business email compromise attacks are becoming more sophisticated,…
-
IT workers in video game space need to be aware of security risks, solutions
Chris Anley, a chief scientist with research firm NCC Group, told IT Brew that security issues in games run the gamut from platform-related concerns like social engineering to standard cyberattacks like ransomware. Those threats aren’t ignored, even if they’re not front-and-center for the IT pros and developers working on…
-
Services Australia Impersonation Drives Year-Round Credential Theft Operation : 17 October 2025
Key Points MCTO3001 - Threat operation with Services Australia and Centrelink impersonation campaigns across multiple sectors Infrastructure abuse of legitimate email services (SendGrid, Mailgun, Office 365) with Australian Gov display name Campaign objective: Credential harvesting and data theft through government…