Author: Kirsten Doyle

Morphisec Threat Labs has uncovered cunning new delivery techniques used by ValleyRAT, a sophisticated multi-stage malware attributed to the Silver Fox APT.   The malware, which primarily targets key roles in finance, accounting, and sales, has evolved with updated tactics, techniques, and procedures (TTPs), including the reuse of URLs and the exploitation of gaming binaries for payload injection. Targeted Attack Strategies The Silver Fox APT uses a host of distribution methods to achieve its nefarious goals, including phishing emails, malicious websites, and IM platforms. The latest attacks also reveal a strategic shift, by targeting more high-value roles within organizations to access…

A recent security analysis conducted by Qualys, using its QualysTotalAI solution, has raised significant concerns about DeepSeek-RI’s risks, particularly in enterprise and regulatory settings.  The newly released large language model (LLM) has captured global attention with its promise of high efficiency and accessibility. Developed by the Chinese startup DeepSeek, the model promises competitive performance while draining fewer computational resources than its Western counterparts. DeepSeek-R1: A New AI Contender DeepSeek has introduced multiple distilled versions of DeepSeek-R1, leveraging Llama and Qwen as base models. These variations cater to different use cases, from lightweight models optimized for efficiency to larger, more powerful…

Malware designed to steal credentials from password stores now accounts for 25% of all malware activity—a dramatic threefold increase in this type of threat.  This was one of the findings of Picus Security’s annual cybersecurity analysis, The Red Report 2025. This is the first time that credentials theft has ranked among the top 10 techniques in the MITRE ATT&CK framework. The report, based on an extensive review of over one million malware samples collected throughout 2024, also highlights how only 10 MITRE ATT&CK techniques were responsible for 93% of all malicious actions observed last year. “SneakThief” Malware Bad actors are…

2024 was a brutal year for data security, with some of the world’s biggest companies suffering breaches that exposed millions of sensitive records.   The attacks were carried out by well-known cybercriminal groups, including Alphv/BlackCat, Qilin, and Rhysida, and shone a light on the ongoing vulnerabilities the industry faces every day – cloud platforms, financial institutions, healthcare systems – no one is safe. Here’s Arctic Wolf’s breakdown of the most significant breaches of the year and recommendations to avoid similar incidents in the future.   Ransomware Attack Impacts a Third of the US Population An affiliate of Alphv/BlackCat targeted Change Healthcare in…

Malicious actors have exploited the rising popularity of DeepSeek AI to distribute two malicious infostealer packages through the Python Package Index (PyPI), impersonating legitimate developer tools for the AI platform.   Researchers at Positive Technologies discovered and reported the campaign, which targeted developers, machine learning engineers, and AI enthusiasts integrating DeepSeek AI into their systems. A Prime Target The malicious campaign was detected and mitigated by the Supply Chain Security team at the Threat Intelligence department of the Positive Technologies Expert Security Center (PT ESC). PyPI serves as the default package repository for popular package managers such as pip, pipenv, and…

A new threat actor, dubbed Tangerine Turkey by Red Canary’s intelligence team, is attracting attention thanks to its sophisticated use of a Visual Basic Script (VBScript) worm that delivers a crypto mining payload.   First seen in November last year, Tangerine Turkey’s malicious activity is evolving, and by December 2024, it had cracked Red Canary’s top 10 threat rankings. The worm, which spreads via USB devices, is part of a much broader and growing crypto-mining campaign that has targeted victims worldwide. What is Tangerine Turkey? Tangerine Turkey uses a series of technical steps to execute its payload: Research into the execution…

Security leaders often have a narrow view of human-element breaches, thinking of them as either social engineering or human error, but there’s more to it than that. Breaches that start with a person can be divided into broader categories, including security culture, insider threats, and emerging attack methods such as phishing and data exfiltration.  This was one of the findings in Forrester’s new research report, Deconstructing Human-Element Breaches, which takes a look at the multifaceted risks posed by and to humans in cybersecurity. It also highlights how these long-standing challenges continue to affect security teams, and offers a structured framework…

The US Department of Justice (DoJ) and the Dutch National Police have seized 39 domains linked to a Pakistan-based cybercrime network operated by a group known as Saim Raza, or HeartSender. The sites sold malicious tools to transnational organized crime groups. According to an affidavit supporting the seizures, the Saim Raza network had been active since at least 2020, peddling phishing toolkits and other fraudulent resources to malefactors who used them to target victims in the States. The DoJ estimates that these activities have resulted in more than $3 million in financial losses. The seized domains acted as dark marketplaces…

As artificial intelligence (AI) continues to transform industries, governments worldwide are racing to implement regulations that ensure its safe and ethical use. From the OECD AI Principles to the EU AI Act, new frameworks set new expectations for transparency, accountability, and risk management. However, when it comes to businesses integrating AI into their cybersecurity strategies, compliance is anything but straightforward.  We spoke to industry experts to explore how organisations can align their AI-driven cybersecurity practices with evolving global regulations. We also asked what challenges businesses face when navigating compliance across multiple jurisdictions and how AI regulations can help mitigate the…

Chinese artificial intelligence (AI) startup DeepSeek, which has taken the market by storm, has temporarily limited new user registrations following a large-scale cyberattack that disrupted its services.   According to Reuters, the attack coincided with the company’s AI assistant becoming the top-rated free application on Apple’s App Store in the United States. The attack affected the registration process for new users, although current users were able to carry on accessing the platform as usual. The company said that it had resolved issues related to its application programming interface (API) and user login problems, marking the longest service outage in around 90…