Evilginx Tool (Still) Bypasses MFA
Based on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens.
Coverage of named threat actors and intrusion sets examines reported incidents, infrastructure, disruption, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Coverage under this tag concerns a named threat actor or intrusion set: an individual, group, or organized operation assessed to be responsible for malicious cyber activity. Reports may describe incidents, malware, attack infrastructure, disruption efforts, or analyst assessments. Attribution is often provisional, so actor names and reported links should be treated as intelligence judgments rather than established identity, nationality, sponsorship, or motive.
For defenders, such reporting can help connect incidents and prioritize monitoring, but indicators and techniques may be reused or become obsolete. Validate reported infrastructure, hashes, and behaviors against local telemetry; use confirmed weaknesses to guide vulnerability remediation and access controls. If activity is suspected, preserve relevant logs and evidence, contain affected accounts or systems, and coordinate investigation without relying on an actor label alone.
Based on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens.
The attack hit the Kuala Lumpur airport over the weekend, and it remains unclear who the threat actors are and what kind of information they may have stolen.
Security experts worry the company's Chapter 11 status and aim to sell its assets could allow threat actors to exploit and misuse the genetic information it collected.
The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia.
Raspberry Robin breaks into organizations and sells access to Russian threat actors, including the military cyber unit behind attempted coups, assassinations, and influence operations throughout Europe.
A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.