Security LandDec 20

A sophisticated threat actor with possible links to Russian hybrid-threat groups impersonated Trend Micro security advisories to target defense contractors, energy companies, and cybersecurity firms.

#SecurityLand #ThreatHorizon #APT #TrendMicro #ShadowVoid042 #Cybercrime #SpearPhishing

Read More: https://www.security.land/shadow-void-042-cybercriminals-fake-security-alerts/

SHADOW-VOID-042: Cybercriminals Fake Trend Micro Alerts

A sophisticated threat actor with possible links to Russian hybrid-threat groups impersonated Trend Micro security advisories to target defense contractors, energy companies, and cybersecurity firms. The attack chain was stopped before final payload deployment.

Security Land | Decoding the Cyber Threat Landscape
Security LandDec 19

Chinese threat actor UAT-9686 has been compromising Cisco email security systems since late November with a custom backdoor called AquaShell. Organizations should immediately check Cisco Talos advisories for indicators and remediation guidance.

#SecurityLand #ThreatHorizon #Cisco #UAT9686 #EmailSecurity #APT #China

Read More: https://www.security.land/uat-9686-chinese-apt-cisco-email-gateway-attack/

UAT-9686 Chinese APT Targets Cisco Email Security Appliances

Chinese threat actor UAT-9686 deploys AquaShell backdoor on Cisco Secure Email Gateway appliances with custom persistence.

Security Land | Decoding the Cyber Threat Landscape
Security LandDec 18

Zscaler ThreatLabz documents BlindEagle APT's sophisticated attack on Colombian government infrastructure using steganography, compromised email accounts, and dual malware deployment (Caminho + DCRat). The September 2025 campaign demonstrates evolved tradecraft including Discord CDN abuse and fileless execution chains.

#SecurityLand #ThreatHorizon #Zscaler #BlindEagle #Colombia #Government #Ecuador #APT #RAT #Malware

Read More: https://www.security.land/blindeagle-colombian-government-caminho-dcrat-attack/

Security LandDec 18

Security researchers from Koi have uncovered 17 malicious Firefox extensions hiding multi-stage malware inside PNG logo files, affecting 50,000+ users. The sophisticated steganography-based campaign strips browser security protections and enables remote code execution while evading detection through probabilistic activation and delayed payloads.

#SecurityLand #ThreatHorizon #Steganography #Malware #PNG #BrowserSecurity #Cybersecurity

Read More: https://www.security.land/firefox-extensions-png-steganography-malware-ghostposter/

Firefox Extensions Hide Malware in PNG Files: 50K Users Hit

Security researchers discover 17 Firefox extensions using PNG steganography to hide multi-stage malware affecting 50,000+ users.

Security Land | Decoding the Cyber Threat Landscape
Security LandDec 15

New infrastructure analysis from Censys reveals how the pro-Russian hacktivist group NoName057(16) maintains DDoSia operations through rapid server rotation. Monitoring since mid-2025 shows an average of 6 control servers active simultaneously, but with a mean lifespan of only 2.53 days.

#SecurityLand #ThreatHorizon #Research #Censys #DDoSia #DDoS #DDoSAttack #NoName057 #Ukraine #Russia #Hacktivism

Read More: https://www.security.land/ddosia-infrastructure-censys-research-noname057/

Censys Reveals Rapid Server Rotation Behind NoName057(16) Attacks

Censys research reveals DDoSia control servers last avg 2.5 days, with 6 active at any time. Analysis of pro-Russian DDoS infrastructure.

Security Land | Decoding the Cyber Threat Landscape
Security LandSep 19, 2025

The notorious Lazarus Group, along with other North Korean hackers, has evolved their strategy beyond conventional exchange attacks on crypto organizations. Instead of breaking down digital walls, they’re now walking through the front door with fabricated credentials and compelling cover stories.

#SecurityLand #ThreatHorizon #Cybersecurity #Crypto #Scam #HumanFactor #NorthKorea #CryptoExchange

Read More: https://www.security.land/north-korean-hackers-infiltrate-crypto-companies-with-fake-job-applications/

North Korean Hackers Infiltrate Crypto Companies with Fake Job Applications | Security Land

North Korean hackers infiltrate crypto companies using fake resumes and job applications. Learn how to protect your firm.

Security Land
Security LandSep 15, 2025

VoidProxy phishing-as-a-service bypasses MFA & SSO for Microsoft 365/Google accounts. Okta Threat Intelligence reveals sophisticated AitM attacks defeating modern authentication. Enterprise security teams: reassess your defenses NOW.

#SecurityLand #ThreatHorizon #CyberSecurity #PhishingAttack #EnterpriseSecurity #AitM #Phishing #VoidProxy

Read More: https://www.security.land/voidproxy-emerges-as-advanced-phishing-as-a-service-platform-targeting-enterprise-authentication-systems/

VoidProxy Emerges as Advanced Phishing-as-a-Service Platform Targeting Enterprise Authentication Systems | Security Land

VoidProxy phishing platform bypasses MFA and SSO security, targeting Microsoft 365 and Google accounts through sophisticated AitM attacks.

Security Land
Security LandJun 20, 2025

ReversingLabs researchers have uncovered a sophisticated malware campaign by Banana Squad targeting developers through 67 compromised GitHub repositories. The threat group used advanced obfuscation techniques to disguise malicious Python tools as legitimate security software, successfully evading detection while compromising developer systems.

#SecurityLand #ThreatHorizon #CyberSecurity #GitHub #Malware #SupplyChain #BananaSquad

Read More: https://www.security.land/banana-squad-weaponizes-github-repositories-in-sophisticated-developer-targeted-malware-campaign/

Security LandMay 21, 2025

🚨 FBI & CISA issue joint advisory on LummaC2 malware targeting critical infrastructure. This sophisticated information stealer uses fake CAPTCHAs and software impersonation to steal financial credentials, crypto wallets, and MFA details. 71.7% increase in attacks reported. Organizations must implement comprehensive defense strategies immediately.

#SecurityLand #ThreatHorizon #Cybersecurity #Malware #LummaC2 #CriticalInfrastructure #FBI #CISA

Read More: https://www.security.land/lummac2-malware-poses-growing-threat-to-critical-infrastructure-across-multiple-sectors/

LummaC2 Malware Poses Growing Threat to Critical Infrastructure Across Multiple Sectors | Security Land

FBI and CISA warn of LummaC2 malware targeting critical infrastructure with sophisticated data theft and evasion capabilities.

Security Land
Security LandMay 13, 2025

A previously unknown ransomware group called Nova is making headlines with its bold entry into the cybercrime scene. Security researchers have just begun tracking the group after it claimed responsibility for multiple attacks β€” one of the most recent targeting the Municipality of Pisa.

#SecurityLand #ThreatHorizon #CyberThreat #Ransomware #NovaGroup #CyberSecurity #Pisa #EmergingThreats #Cybercrime

Read More: https://www.security.land/new-ransomware-group-nova-emerges-latest-target-municipality-of-pisa/

New Ransomware Group "NOVA" Emerges, Latest Target Municipality of Pisa | Security Land

New ransomware group NOVA active since March 2025. Learn about their tactics, affiliate model, and recent attack on Pisa.

Security Land