CTI roundup: Shanya, GrayBravo, Storm-0249
Shanya PaaS spreads among ransomware groups, GrayBravo expands its footprint, and Storm-0249 exploits EDR processes to hide malicious activity.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Ransomware Remediation Tactics That Help You Recover Fast
Ransomware attacks have grown stronger in the last few years. Attackers are now stealing data before locking it. They also pressure victims by posting stolen files on the internet. There are groups that sell ransomware kits, making these attacks easy to run. This has made things worse for businesses all around the world. Teams are looking for ransomware remediation tactics that help them recover fast and reduce the chance of the attacker returning.
Intel Chat: React2Shell, GeminiJack vulnerability, proRussia hacktivist arrested & Warp Panda [276]
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Original CrowdStrike article. CISA BRICKSTORM Backdoor breakdown. Analysis report PDF. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
2025 cloud security roundup: How attackers abused identities, supply chains, and AI
In 2025, many of the long-standing cloud security concerns remained, but new areas of focus also developed. The significant increase in AI adoption enabled organizations to deliver features faster but also introduced new attack surfaces, such as untrusted or unpredictable user input for large language model (LLM) applications. At the same time, long-lived credentials and vulnerabilities in third-party packages continued to expose cloud environments to risk.
Unleash Agents. Not Risk.
AI agents can increase productivity, but without proper governance and centralized oversight, they can cause destruction. Now more than ever, organizations urgently need a control layer for AI agents as a part of their rollout strategy. Rubrik Agent Cloud is designed to monitor and audit agent actions, enforce real-time policies and guardrails, and undo agent mistakes. Built on the Rubrik Platform that uniquely combines data, identity, and application contexts, Rubrik Agent Cloud will deliver security, accuracy, and efficiency as they transform with AI.
All things AI and malware with Randy Pargman
Join us for this week's Defender Fridays as we explore the reality of AI-powered malware threats with Randy Pargman, Senior Director of Threat Detection at Proofpoint. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
CTI roundup: Hybrid 2FA phishing, RomCom, MuddyWater
Hybrid 2FA phishing threatens enterprises, RomCom uses SocGholish to deploy Mythic Agent malware, and MuddyWater targets critical infrastructure with evolving tactics.
Stealc Infostealer: A Deep Dive into Its Evolution, Operations, and Threat Landscape
Stealc, an information-stealing malware operating as Malware-as-a-Service (MaaS), has emerged as a potent tool in the cybercriminal arsenal since its debut in early 2023. Advertised on Russian-speaking underground forums. Established stealers such as Vidar, Raccoon, Mars, and RedLine, offering customizable data exfiltration for browsers, cryptocurrency wallets, and applications. Its non-resident design minimizes footprints, enabling stealthy theft of credentials, cookies, autofill data, and files.
The Resurgence of Mirai: Jackskid Botnet and Escalating IoT Threats in November 2025
The Mirai botnet, first unleashed in 2016, continues to evolve into increasingly sophisticated variants, posing severe risks to the Internet of Things(IoT) ecosystem. This report examines the Jackskid Botnet—a newly identified Mirai derivative—characterized by its aggressive propagation via zero-day exploits and brute-force attacks, resulting in daily active bot IPs surpassing 40,000 as of late November 2025.
Shai-Hulud v2: The "Second Coming" of the npm Worm
In September, we covered the Shai-Hulud worm, a self-replicating attack that exposed just how fragile the npm supply chain can be. But as we know, successful malware rarely stays static. Late November marked the arrival of Shai-Hulud v2, or as its authors rather dramatically titled it, “The Second Coming”. This isn’t just a rerun; it’s a remaster. The new iteration is stealthier, more aggressive, and significantly more dangerous. While v1 was a wake-up call, v2 is a fire drill.