London’s Metropolitan Police announced the arrests of two 17-year-old boys who are under questioning in relation to the hack and extortion of the Kido chain.
The Record from Recorded Future News – Read More
Our experts have detected a fraudulent email campaign on behalf of well-known airlines and airports. Since the beginning of September, our solutions have detected and blocked thousands of similar emails in which scammers posed as employees of Amsterdam Schiphol, Emirates Airlines, Etihad Airways, Lufthansa, Qatar Airways, and other well-known large aviation-related companies. Our experts then started discovering similar mailings exploiting the names of companies in the oil and gas sector. The attackers are imitating normal business correspondence, pretending to be looking for new partners and targeting companies of various sizes and from various industries. The essence of the scheme boils down to convincing the recipients of emails to transfer money to the fraudsters’ accounts.
Attackers try to draw the victim into a correspondence exchange. At the first stage, they send the victim a rather innocuous email on behalf of the procurement department of a major airline or airport, in which they announce the start of a partnership program for 2025/2026, and offer them mutually beneficial cooperation. If the recipient responds, the second stage begins: they send several documents to divert attention — registration forms for a new partner, non-disclosure agreements, and so on.
These emails don’t contain malicious attachments or links, and there are no hidden scripts in the documents, so basic defense mechanisms don’t always block such correspondence. Attackers use only social engineering techniques. In the next letter they ask to pay a certain “mandatory refundable deposit as an expression of interest” of around several thousand dollars. The purpose of this payment is supposedly to secure a priority place on the schedule for consideration of partnership proposals. And the authors of the email give assurances that once the partnership agreement is finalized the money will be returned.
The letters used in this campaign look very plausible, but some inconsistencies can still be detected with the naked eye. The first thing to look closely at is the sender’s e-mail address. It often contains the name of the organization whose employees the scammers are imitating. But if you search for the company’s real website and examine addresses listed at the contact section, you’ll see that the legitimate address of the airport or airline employees have a different domain name. Sometimes attackers don’t bother to keep the From field plausible at all, and simply write the name of the imitated organization in the displayed name field, so you can see a completely unrelated domain in the email address field.
The general rule for business correspondence that for some reason raises suspicion: if there are any doubts, you can write a letter to the address specified on the official website of the company and clarify whether an affiliate program mentioned in the emails really exists, whether the sender works for this company, and whether the address used in a suspicious email is their real email.
But the main red flag is the offer to make a deposit to “express interest”. Respectable companies don’t work that way. They choose partners, suppliers, and contractors after a serious and comprehensive business reputation check — not based on the ability to transfer a small (by their standards) amount of money.
Ideally, you should implement solutions that prevent fraudulent, phishing and malicious emails from reaching employee inboxes in the first place. We recommend installing strong protection at the corporate email gateway level.
Another important aspect of protecting your company from cyberthreats is to increase employee awareness of scammers’ tricks and other cyberthreats. Particular attention should be paid to training for finance, sales and procurement staff. Comprehensive training sessions can be conducted, for example, via our online Kaspersky Automated Security Awareness Platform.
Kaspersky official blog – Read More
Researchers warn of Shuyal Stealer, malware that gathers browser logins, system details, and Discord tokens, then erases evidence via Telegram.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Radiflow360 provides enhanced visibility, risk management, and incident response capabilities for mid-sized industrial enterprises.
The post Radiflow Unveils New OT Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More
October is Cybersecurity Awareness Month, and as the tech-savvy friend or family member, people probably come to you for advice. One of the most common questions is: “I clicked a suspicious link. What do I do now?”
Don’t worry — panic won’t help, but a calm, step-by-step response will. Share this guide with your loved ones so everyone knows exactly how to respond and stay safe.
If you clicked the link on a work device, immediately contact IT support and follow their instructions. Companies often have specific policies and tools to investigate and remediate security incidents. Quick reporting helps protect both you and your organization.
If it’s a personal device, here’s what to do next.
Clicking a malicious link can trigger automatic downloads, attempt to exploit browser vulnerabilities, or install malware without your knowledge.
Together, these steps help you catch and remove any threats before they cause harm, and keep you aware of follow-up attacks.
Entering credentials on a phishing site can give attackers access to your account, leading to unauthorized activity, identity theft or further phishing.
By following these steps, you limit the attacker’s access and protect your other accounts from being compromised.
Financial data can be quickly exploited for fraudulent transactions, identity theft, or even sold on the dark web.
These actions help you contain the risk, minimize financial losses, and alert your bank to potential fraud on your account.
Downloaded files from suspicious links can contain malware, ransomware, spyware or other harmful software that may steal your data or harm your device.
Phishing attacks are getting more sophisticated, but a little knowledge goes a long way. Share this guide with your friends and family so they’ll know what to do if they ever click a suspicious link.
Happy Cybersecurity Awareness Month from Cisco Talos!
Cisco Talos Blog – Read More
Hackers accessed user accounts and compromised names, addresses, phone numbers, email addresses, and other information.
The post DraftKings Warns Users of Credential Stuffing Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
HP’s OmniBook 5 is perfect for anyone who wants a lightweight laptop with a great screen. Over at Walmart, it’s almost 50% off
Latest news – Read More
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development.
This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator also used several ChatGPT accounts to
The Hacker News – Read More
Hundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks.
The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek.
SecurityWeek – Read More
Building analyst expertise takes time, often too much…
Most new hires need over six months before they can handle complex incidents with confidence, leaving senior analysts to pick up the slack and slowing the entire SOC down.
Traditional training programs can’t keep pace with real attacks. Theories and simulations don’t prepare teams for fast, messy, real-world threats. To grow expertise faster, learning needs to happen in daily investigations, not in classrooms.
Let’s see how today’s top SOCs are building expertise faster and running 3x more efficiently.
To build lasting expertise, SOC leaders need to design workflows that teach as they protect. This means giving analysts room to explore, experiment, and learn from real data, without slowing operations or risking security.
A few principles make it work:
When continuous safe learning becomes part of SOC design, expertise doesn’t depend on a few individuals, it scales across the entire team.
That’s where ANY.RUN’s Interactive Sandbox brings these principles to life. It provides a safe, collaborative space where analysts, regardless of experience level, can analyze real threats, test detection ideas, and learn directly from live behavior.
Explore phishing analysis example
Instead of separating learning from daily operations, teams strengthen their skills through real investigations, turning each analysis into both a defensive action and a learning opportunity.
Getting new analysts up to speed is often one of the most time-consuming parts of SOC management. You can make it faster with the help of an intuitive, user-friendly interface that even junior specialists can start using right away.
Besides, the built-in guides and quick tutorials available help new team members understand how to navigate the sandbox, launch analyses, and interpret results in just a few steps. Try it yourself by navigating to the Tutorials tab on the FAQ page.
After completing the short onboarding flow, analysts can begin investigating real samples safely, without the risk of compromising systems or making critical mistakes.
This hands-on, accessible approach saves weeks of training time and allows teams to start real analysis work much sooner.
Analysts learn best when they can interact with live attacks instead of static examples. With ANY.RUN, they can launch, observe, and engage with threats safely and without complex setup. This helps them not only perform their job tasks but also grow skills with every new analysis.
The solution’s interactivity helps analysts perform steps like solving CAPTCHAs or launching payloads from email attachments to better understand multi-stage attacks, trace malware’s activities, and uncover hidden techniques such as malicious links behind QR codes.
This direct, hands-on experience helps them recognize attack patterns faster, make confident decisions, and strengthen their investigative instincts, turning everyday analysis into a learning opportunity.
To simplify analysis, the sandbox also shows all the malicious activities in real time, which can help junior staff understand better how different attacks are carried out.
ANY.RUN flags all the important events like data exfiltration and command and control connections as they happen. It also maps these activities to the MITRE ATT&CK matrix, giving you the actionable insights you need to contain the threat.
As a result, analysts can observe the full scope of the attack and its impact in seconds.
ANY.RUN’s sandbox also provides AI summaries to help analysts better understand malicious processes and improve decision-making under pressure.
Real-time explanations of malware’s behavior enhance threat analysis skills and turns investigations into opportunities for professional growth. By embedding insights into routine analysis, the AI creates a dynamic learning environment. It bridges theory and practice and reduces the learning curve for complex concepts.
Important insights often stay locked in personal notes or isolated investigations. ANY.RUN helps turn that scattered knowledge into a structured, shareable resource.
Analysts can access thousands of public analysis sessions performed daily by professionals worldwide, learn from real cases, and apply those insights to their own work.
Each public session is saved and can be studied to observe IOCs, behaviors, and MITRE ATT&CK mappings for the latest threats around the world, creating ready-to-use references for future investigations and onboarding.
Analysts can dive into this live library of real-world attacks to further their expertise. What one analyst discovers today becomes a learning resource for many others tomorrow.
Expertise grows faster when analysts learn together. ANY.RUN’s teamwork features allow analysts to share sessions, add comments, and review investigations side by side. Junior specialists learn directly from senior peers in real cases, while leaders can track progress and assign tasks that match each analyst’s skill level.
When analysts learn through real investigations, observing, testing, and reacting to live threats, the results reach far beyond individual growth. SOCs that apply this approach with ANY.RUN’s Interactive Sandbox build stronger teams, faster workflows, and measurable returns on every training hour.
Here’s what organizations are achieving in practice:
This hands-on approach turns each analysis into both a defense and a growth opportunity. With ANY.RUN, organizations develop in-house expertise that compounds over time, creating SOCs that not only respond faster but continuously get better with every threat they face.
Start building a high-performing SOC with ANY.RUN Enterprise Security Solutions today!
ANY.RUN is built to help security teams detect threats faster and respond with greater confidence. Our Interactive Sandbox delivers real-time malware analysis and threat intelligence, giving analysts the clarity they need when it matters most.
With support for Windows, Linux, and Android environments, our cloud-based sandbox enables deep behavioral analysis without the need for complex setup. Paired with Threat Intelligence Lookup and TI Feeds, ANY.RUN provides rich context, actionable IOCs, and automation-ready outputs, all with zero infrastructure burden.
The post How to Grow SOC Team Expertise for Ultimate Triage & Response Speed appeared first on ANY.RUN’s Cybersecurity Blog.
ANY.RUN’s Cybersecurity Blog – Read More