security

soc

Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure

06.04.2026

Summary Note: This joint Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, 2025, joint fact sheet Primary Mitigations to Reduce Cyber Threats to Operational Technology and European Cybercrime Centre’s (EC3) Operation Eastwood, in which CISA, Federal Bureau of Investigation (FBI), Department of Energy (DOE), Environmental […]

Mehr lesen →

soc

CISA Shares Lessons Learned from an Incident Response Engagement

06.04.2026

Advisory at a Glance Executive Summary CISA began incident response efforts at a U.S. federal civilian executive branch (FCEB) agency following the detection of potential malicious activity identified through security alerts generated by the agency’s endpoint detection and response (EDR) tool. CISA identified three lessons learned from the engagement that illuminate how to effectively mitigate […]

Mehr lesen →

soc

Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System

06.04.2026

Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks. While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised […]

Mehr lesen →

soc

Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider

06.04.2026

Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp […]

Mehr lesen →

soc

Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations

06.04.2026

Summary The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint advisory to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with threat actors deploying the LummaC2 information stealer (infostealer) malware. LummaC2 malware is able to infiltrate victim computer networks and exfiltrate […]

Mehr lesen →

security

ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)

06.04.2026

Mehr lesen →

security

TeamPCP Supply Chain Campaign: Update 004 – Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)

06.04.2026

This is the fourth update to the TeamPCP supply chain campaign threat intelligence report,&#x26;#xc2;&#x26;#xa0;“When the Security Scanner Became the Weapon“&#x26;#xc2;&#x26;#xa0;(v3.0, March 25, 2026). Update 003 covered developments through March 28, including the first 48-hour pause in new compromises and the campaign&#x26;#39;s shift to monetization. This update consolidates intelligence from March 28-30, 2026 — two days […]

Mehr lesen →

security

DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)

06.04.2026

A lot of the information seen on DShield honeypots [1] is repeated bot traffic, especially when looking at the Cowrie [2] telnet and SSH sessions. However, how long a session lasts, how many commands are run per session and what the last commands run before a session disconnects can vary. Some of this information could […]

Mehr lesen →

security

ISC Stormcast For Monday, March 30th, 2026 https://isc.sans.edu/podcastdetail/9870, (Mon, Mar 30th)

06.04.2026

Mehr lesen →

security

TeamPCP Supply Chain Campaign: Update 003 – Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours, (Sat, Mar 28th)

06.04.2026

This is the third update to the TeamPCP supply chain campaign threat intelligence report, „When the Security Scanner Became the Weapon“ (v3.0, March 25, 2026). Update 002 covered developments through March 27, including the Telnyx PyPI compromise and Vect ransomware partnership. This update covers developments from March 27-28, 2026.

Mehr lesen →

📅 Kalender