A nation-state attacker is using novel Airstalk malware in supply chain attacks to exfiltrate browser data. Airstalk misuses the AirWatch API. The post Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack appeared first on Unit 42.

With threat actors increasingly targeting credentials, accounts, and session cookies, security teams can benefit immensely from updating their defense to the modern cybercrime landscape. Prioritizing Identity Exposure Management (IEM) for your cybersecurity strategy would be a worthwhile 2026 budget priority with an ROI in saving security team time and resources, mitigating threats faster, and reducing […] The post How Security Teams Can Save Costs with Identity Exposure Management for 2026 Budgeting appeared first on Flare | Threat Exposure Management | Cyber Threat Intel.

CVE-2025-59287 is a critical RCE vulnerability identified in Microsoft’s WSUS. Our observations from cases show a consistent methodology. The post Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild appeared first on Unit 42.

In preparation for a talk, Jason Lang (@curi0usJack) and I were doing at MCTTP about mining TTPs from VX-underground, we both ended up doing research based on ideas we got from reading all the different reports. For me,…

Three criteria for assessing quality security data that enables faster responses and effective ROI storytelling

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. (https://blubrry.com/bhis/) We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: 🔗 Black Hills Information Security https://www.blackhillsinfosec.com/ 🔗 Antisyphon Training https://www.antisyphontraining.com/ #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Executive Summary AzureHound is a data collection tool intended for penetration testing that is part of the BloodHound suite. Threat actors misuse this tool to enumerate Azure resources and map potential attack paths, enabling further malicious operations. Here, we help defenders understand the tool and protect against illegitimate use of it. This look into AzureHound The post Cloud Discovery With AzureHound appeared first on Unit 42.

We’re breaking down three cybercrime stories: Leaky Weekly is taking a break from a podcast episode this week, but stay tuned for our recap on covering the 2025 Microsoft Digital Defense report soon. Neon App Neon is a new viral app that pays people to record their phone calls, which the company sells to AI […] The post Neon App, Discord User Data Leaked, Oracle EBS Breach by Cl0p appeared first on Flare | Threat Exposure Management | Cyber Threat Intel.

Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. In this blog, we recommend countermeasures and optimal controls across identity, endpoints, data apps, and network layers to help strengthen protection for enterprise Teams users. The post Disrupting threats targeting Microsoft Teams appeared first on Microsoft Security Blog.

Tampered Chef serves up a smorgasbord of suspicious activity in this month’s edition of Intelligence Insights

At ProjectDiscovery, our greatest strength is our community. Thousands of security researchers, bug bounty hunters, and vulnerability analysts who identify zero‑day vulnerabilities, trending CVEs, and actively exploited vulnerabilities (including those listed in CISA KEV).

Global smishing activity tracked by Unit 42 includes impersonation of many critical services. Its unique ecosystem allows attackers to quickly scale. The post The Smishing Deluge: China-Based Campaign Flooding Global Text Messages appeared first on Unit 42.

The Model Context Protocol (MCP) is a proposed open standard that provides a two-way connection for AI-LLM applications to interact directly with external data sources. It is developed by Anthropic and aims to simplify AI integrations by reducing the need for custom code for each new system. The post Model Context Protocol (MCP) appeared first on Black Hills Information Security, Inc..

Threat actors behind the gift card fraud campaign Jingle Thief target retail via phishing and smishing, maintaining long-term access in cloud environments. The post Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign appeared first on Unit 42.

Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics. The post Inside the attack chain: Threat activity targeting Azure Blob Storage appeared first on Microsoft Security Blog.

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. (https://blubrry.com/bhis/) We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com 00:00 - PreShow Banter™ — I think we’re live? 14:05 - BHIS - Talkin' Bout [infosec] News 2025-10-20 15:15 - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code https://www.bleepingcomputer.com/news/security/hackers-breach-f5-to-steal-undisclosed-big-ip-flaws-source-code/ 38:30 - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood https://www.politico.com/news/2025/10/13/california-law-online-age-checks-00606115?utm_source=chatgpt.com 52:00 - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space  https://cyberscoop.com/researchers-scan-satellites-find-massive-corporate-military-data-leaks/ 58:33 - Story #4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space https://gizmodo.com/jeff-bezos-has-a-plan-to-curb-ais-carbon-footprint-send-data-centers-to-space-2000668833 01:02:19 - Story #5: Still 'significant errors' for some services after outage, Amazon says, but underlying problem fixed https://www.bbc.com/news/live/c5y8k7k6v1rt 01:05:48 - Story #6: ‘I lost 25 pounds in 20 days’: what it’s like to be on the frontline of a global cyber-attack https://www.theguardian.com/technology/2025/oct/19/global-cyber-attack-russian-hack-solarwinds-stress-health?CMP=oth_b-aplnews_d-1 01:08:26 - CTF Winners Brought to you by: 🔗 Black Hills Information Security https://www.blackhillsinfosec.com/ 🔗 Antisyphon Training https://www.antisyphontraining.com/ #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics. The post Inside the attack chain: Threat activity targeting Azure Blob Storage appeared first on Microsoft Security Blog.

Unit 42 shares notable developments of cybercrime group Scattered LAPSUS$ Hunters. Learn how this group may operate in the future. The post The Golden Scale: Notable Threat Updates and Looking Ahead appeared first on Unit 42.

Password-spraying is a popular technique which involves guessing passwords to gain control of accounts. This automated password-guessing is performed against all users and typically avoids account lockout since the…

Copilot Studio links look benign, but they can host content to redirect users to arbitrary URLs. In this post, we document a method by which a Copilot Studio agent's login settings can redirect a user to any URL, including an OAuth consent attack.

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

A nation-state actor stole BIG-IP source code and information on undisclosed vulnerabilities from F5. We explain what sets this theft apart from others. The post Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities appeared first on Unit 42.

By going beyond version checks, you’ll reduce noise, speed up critical fixes, and keep engineering smiling.

In this blog, I’m going to walk you through how to get started with airodump-ng and some of the techniques that you can use to home in on access points of interest. The post Hunt for Weak Spots in Your Wireless Network with Airodump-ng from the Aircrack-ng Suite appeared first on Black Hills Information Security, Inc..