DOJ takes action against 22-year-old running RapperBot Botnet

DOJ takes action against 22-year-old running RapperBot Botnet

DOJ takes action against 22-year-old running RapperBot Botnet DOJ charges 22-year-old Ethan Foltz of Oregon for running RapperBot, a DDoS botnet behind 370K+ attacks in 80+ countries since 2021. The U.S. DOJ charged 22-year-old Ethan Foltz of Oregon for running the RapperBot botnet, used in over 370,000 DDoS-for-hire attacks since 2021. The criminal service is … Ler mais

Perplexity’s Comet AI browser tricked into buying fake items online

Prompt injection examples

A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts. Agentic AI browsers can autonomously browse, shop, and manage various online tasks (like handling email, booking tickets, filing forms, or controlling accounts). Perplexity’s Comet … Ler mais

TRM Launches Industry-Wide Platform to Fight Crypto Crimes

TRM Launches Industry-Wide Platform to Fight Crypto Crimes

In an industry-first, TRM Labs has launched Beacon Network, an intelligence-sharing platform designed to prevent illicit funds from leaving the blockchain and build a real-time crypto crime response network. The initiative was announced on August 20 on the heels of new TRM Labs data that showed that at least $47bn in cryptocurrency has been sent … Ler mais

Os atores de ameaças exploram as plataformas de genai para criar ataques de phishing sofisticados e realistas

Threat Actors Use GenAI to Launch Phishing Attacks Mimicking Government Websites

A proliferação de plataformas generativas de IA (GENAI) revolucionou os serviços baseados na Web, permitindo assistência rápida de código, processamento de linguagem natural, implantação de chatbot e construção automatizada de sites. No entanto, os dados de telemetria revelam uma evolução preocupante no ecossistema de Genai, onde os atores de ameaças estão explorando cada vez mais … Ler mais

Mule Operators in META Adopt Advanced Fraud Schemes

Mule Operators in META Adopt Advanced Fraud Schemes

Security researchers have revealed how mule operators across the Middle East, Turkeyand Africa (META) region have evolved from basic internet-masking tricks to sophisticated multi-layer fraud networks that now blend digital deception with physical logistics. According to a new report by Group-IB, two years ago, mule actors relied on simple VPN and proxy tools to mask … Ler mais

Hackers steal Microsoft logins using legitimate ADFS redirects

Picus Red Report 2025

Hackers are using a novel technique that combines legitimateoffice.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins. The method lets attackers bypass traditional URL-based detection and the multi-factor authentication process by leveraging a trusted domain on Microsoft’s infrastructure for the initial redirect. Legitimacy of … Ler mais

Lobo escamosa desencadeando ataques para expor segredos ocultos das organizações

Scaly Wolf Unleashing Attacks to Expose Organizations' Hidden Secrets

A gangue Scouly Wolf Advanced Persent Ameaça (APT) mais uma vez direcionou uma empresa de engenharia russa em um sofisticado ataque direcionado que foi descoberto pelos analistas do Doctor Web. Isso mostra que o grupo está determinado a obter segredos corporativos. Esse incidente, ocorrendo em meados de 2025, ecoa um ataque semelhante em 2023, onde … Ler mais

Major password managers can leak logins in clickjacking attacks

Major password managers can leak logins in clickjacking attacks

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. Threat actors could exploit the security issues when victims visit a malicious pageor websites vulnerable to cross-site scripting (XSS) or cache poisoning, where attackers … Ler mais

Microsoft investigates outage impacting Copilot, Office.com

Picus Red Report 2025

Microsoft is investigating an ongoing issue preventing users across North America from accessing Office.com and the company’s Copilot AI-powered assistant. According to user reports on DownDetector, this incident began impacting Microsoft’s services almost two hours ago and is currently triggering server connection problems and causing issues when trying to log into accounts. “Impact is specific … Ler mais

Why email security needs its EDR moment to move beyond prevention

Picus Red Report 2025

Security leaders today are rethinking email security, not because traditional methods have failed outright, but because the threat landscape and business needs have evolved beyond what legacy approaches can handle. A surprising but apt analogy keeps surfacing: email security is stuck where antivirus (AV) was a decade ago, and it’s time it evolved like AV … Ler mais