Hacker

Sucuri uncovers stealthy PHP code injections in WordPress theme files (functions.php) exploiting weak permissions and outdated plugins to fetch obfuscated JS from brazilc[.]com, enabling pop-ups, redirects, and Cloudflare-mimicking iframes—update themes, tighten permissions, and monitor scripts to secure sites.

Microsoft alerts on cybercriminals and state actors abusing Teams' messaging, calls, and sharing for full attack lifecycle—from reconnaissance with TeamsEnum to exfiltration via GraphRunner and extortion by Octo Tempest. Harden identities, monitor anomalies, and train users to mitigate.

Check Point uncovers Iranian-aligned Nimbus Manticore's (UNC1549) spear-phishing campaign hitting defense, telecom, and aviation in Denmark, Sweden, Portugal. Fake job portals deliver MiniJunk backdoor and MiniBrowse stealer via advanced DLL side-loading—boost phishing defenses now.

Cybercriminals leverage Dynamic DNS services to evade detection and build persistent command-and-control networks, abusing 70,000+ domains with minimal oversight. APT groups like Fancy Bear and Chinese hackers use obfuscation and rotations—defenders face growing challenges in mitigation.

Microsoft exposes AI-driven phishing campaign targeting US organizations: attackers use AI to craft verbose, business-jargon code in SVG attachments disguised as PDFs, hiding credential-stealing payloads behind invisible dashboards and evading antivirus detection.

Threat actors use vulnerable Windows 8.1 WerFaultSecure.exe on patched Windows 11 24H2 to dump unencrypted LSASS memory via PPL bypass, extracting NTLM hashes and passwords for escalation. Zero Salarium details evasion tactics; defenders urged to monitor WER tools and anomalous PPL activity.

Threat actors use in-memory PE loaders to download and run malicious executables (e.g., RATs) via Windows APIs like VirtualAlloc and LoadLibraryA, evading file-based EDR like Microsoft Defender/Sophos. Learn the technique's steps, red team success, and need for memory/behavioral defenses.

CISA details threat actors exploiting CVE-2024-36401 in GeoServer for initial access to a U.S. federal network on July 11, 2024, using webshells, dirtycow escalation, and lateral movement—undetected until July 31. Key lessons: Immediate KEV patching, enhanced IR plans, and continuous EDR monitoring.

Cybercriminals abused compromised AWS credentials to hijack Amazon SES, sending 50,000+ phishing emails daily by bypassing sandbox limits. Learn how to detect and prevent SES abuse.

Cybercriminals register deceptive domains mimicking FIFA World Cup sites to steal data and distribute malware ahead of the 2026 tournament. Learn about the attack methods and protection strategies.