CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups

CTM360 reports that more than 4,000 malicious Google Groups and 3,500 Google-hosted URLs are being used in an active malware campaign targeting global organizations. The attackers abuse Google’s trusted ecosystem to distribute credential-stealing malware and establish persistent access on compromised devices. The activity is global, with attackers embedding organization names and industry-relevant keywords into posts […]

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets. The campaign relies on social engineering that promises large profits from a supposed Swapzone.io arbitrage exploit, but instead runs […]

One threat actor responsible for 83% of recent Ivanti RCE attacks

Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061. The security issues have been flagged as actively exploited in zero-day attacks in Ivanti’s security advisory, where the company also announced hotfixes. Both flaws received a critical severity […]

Snail mail letters target Trezor and Ledger users in crypto-theft attacks

Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks. These phishing letters claim recipients must complete a mandatory “Authentication Check” or “Transaction Check” to avoid losing access to wallet functionality, creating a sense of urgency […]

Turning IBM QRadar Alerts into Action with Criminal IP

Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface intelligence platform, is now integrated with IBM QRadar SIEM and QRadar SOAR. The integration brings external, IP-based threat intelligence directly into IBM QRadar’s detection, investigation, and response workflows, enabling security teams to identify malicious activity faster and prioritize response actions more effectively across SOC operations. […]

CISA flags critical Microsoft SCCM flaw as exploited in attacks

CISA ordered U.S. government agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks. Microsoft Configuration Manager (also known as ConfigMgr and formerly System Center Configuration Manager, or SCCM) is an IT administration tool for managing large groups of Windows servers and […]

Microsoft fixes bug that blocked Google Chrome from launching

Microsoft has fixed a known issue causing its Family Safety parental control service to block Windows users from launching Google Chrome and other web browsers. Family Safety helps parents monitor their children’s activity and provides screen time management, app controls, communication monitoring, content filtering, location tracking, and activity reports. Microsoft acknowledged the bug in late […]