CTI roundup: SantaStealer, BlackForce, Ink Dragon
SantaStealer spreads via Telegram and underground forums, the BlackForce phishing kit targets major brands, and Ink Dragon launches new attacks.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
What Is the Shai Hulud npm Worm and How to Protect Against It
Shai Hulud didn’t invent a new supply chain weakness. It took advantage of something most teams already struggle with: long-lived credentials sitting on developer laptops and CI runners. Once it landed in a workstation or pipeline, it went hunting for secrets, then moved into GitHub, npm, and cloud environments. The damage is huge.
How CrowdStrike's Malware Analysis Agent Detects Malware at Machine Speed
At Fal.Con 2025, CrowdStrike introduced Threat AI, an agentic threat intelligence system of autonomous agents that reason across data, hunt for threats, and take action. As part of our vision for the agentic SOC, these AI-powered agents automate complex intelligence workflows so defenders can keep up with AI-powered adversaries while staying in control of every decision.
Digital Security Risks During Separation or Divorce: Protecting Your Privacy When Relationships Break Down
During separation or divorce, the breakdown of a relationship often brings unexpected digital risks alongside emotional and financial challenges. Many couples spend years sharing passwords, devices, and online accounts without a second thought. However, when trust erodes, this shared digital access can quickly turn into a serious cybersecurity and privacy concern. Understanding how digital exposure happens and how to manage it responsibly is becoming an essential part of modern family disputes.
LevelBlue SpiderLabs: Ransomware Attacks Up 17% in 2025
Ransomware attacks increased by 17.2% percent year-over-year in 2025, with the group Qlin dominating the threat landscape, according to data generated by the LevelBlue SpiderLabs team. These attacks focused primarily on the manufacturing and technology sectors, with the US by far being the most targeted nation. 2025 continued the trend of yearly increases; however, over the last few years, the rate of attacks has somewhat slowed.
Most Parked Domains Lead Users to Scams or Malware
Over 90% of parked domains now direct users to malicious content, compared to less than 5% a decade ago, according to researchers at Infoblox. “Parking threats are fueled by lookalike domains,” Infoblox explained. “No domain is immune. When one of our researchers tried to report a crime to the FBI’s Internet Crime Complaint Center (IC3), they accidentally visited ic3gov. Their phone was quickly redirected to a false “Drive Subscription Expired” page.
The Holiday Whisper: Shai-Hulud 3.0
The end-of-year holiday period is traditionally a time for code freezes and quiet rotations; however, it is also a favored window for opportunistic attackers. Threat actors love the holidays; they know that with development teams out of the office and response times naturally lagging, a small window opens for them to test new exploits without immediate detection. Recently, a security researcher discovered a new, contained variant of Shai-Hulud, dubbed "The Golden Path" (v3.0).
New Stealthy C# RAT NoobsaibotRAT Targets Windows with Advanced Features
Remote Access Trojans (RATs) continue to be one of the most actively traded malware categories across dark web forums. Their appeal lies in flexibility: a single framework can support espionage, credential theft, ransomware staging, or long-term persistence. Recently our team Identified a dark web actor advertised a tool called“noobsaiBOT”, claiming it to be a fully custom, stealth-focused RAT with source code included, priced at$20,000 and offered as a one-time exclusive sale.
Understanding Ransomware Email Threats
The Ransomware-as-a-Service (RaaS) ecosystem has changed the look and shape of modern day ransomware attacks. Malicious actors typically view their cybercrimes as a business, hoping to make the most amount of money with the least amount of effort. For example, according to research, AI-automated phishing attacks performed similarly to human generated ones and 350% better than the ones sent to the control group.
How PPC Campaign Vulnerabilities Can Lead to Ransomware Attacks
In the US, search ad spend was expected to reach $124.59 billion in 2024. Those big pay-per-click (PPC) advertising budgets are attracting the attention of cybercriminals. Click fraud is a well-known hazard in marketing circles. However, a more insidious threat lurks in the background.