Category: Cyber Threat Intelligence
-
Major Web Attacks: The Impact of the Shai-Hulud Worm
The Shai-Hulud Worm: What is it? How is it different? Shai-Hulud is a novel, self‑propagating software supply chain worm that targets the NPM (Node Package Manager) ecosystem and associated development, CI/CD, and cloud-connected environments. Historically, supply chain compromises required a human threat actor to breach a vendor, modify a product or update mechanism, and then Read more
-
Your Devices May Be Spying on You — And You Would Never Know
For anyone who frequently shops online, you may have noticed an increase in the number of electronic products sold by obscure, unheard of companies. Many of these products come with unbelievably, surprisingly affordable prices. A 4K projector with dual-band WiFi 6, 5G wireless, Bluetooth 5.2, and Android 13 for $54. What a deal. It almost Read more
-
Salesforce Breaches 2025
The second half of the year came with several waves of Salesforce-related breach incidents. Starting in August, researchers first linked the threat actors UNC6395/ShinyHunters. They were conducting a widespread campaign that targeted Salesforce environments by using compromised OAuth tokens linked to Salesloft’s Drift AI customer-engagement integration. The second wave can be considered more of a Read more
-
Artificial Intelligence Threat Landscape
Artificial Intelligence (AI) is one of the fastest-growing aspects of the tech industry. Whether for professional or personal use, AI is a part of almost everyone’s life, from Google searches to work applications. As AI capabilities expand and more use cases emerge, the risk of exploitation also increases. While AI is a tool that IT Read more
-
What is Email Bombing?
Email bombing is a disruptive tactic in which a threat actor deliberately floods a victim’s inbox with thousands of unsolicited or automated messages in a short period of time. Discovering your inbox under an email bombing attack requires fast, deliberate action. Threat actors use email bombing as a tool for disruption and facilitation of further Read more
-
Deepfakes (Voice and Video): DefendEdge Executive Brief Risks, Tools, Detection, and Client-Facing Guidance
Executive Summary Voice and video deepfakes are actively used to impersonate senior leaders and push payments, credentials, and malware in real time. Recent events include an attempted impersonation of WPP executives that staff blocked, and North Korea–aligned BlueNoroff using deepfaked Zoom calls to deliver macOS malware. The FBI’s Internet Crime Complaint Center (IC3) warned on Read more
-
The Truth Behind the “Brushing” Cyber Scam
Of the various forms of e-commerce fraud, one of the lesser-known yet prevalent kinds is the brushing scam. This scam appears harmless; receivers will simply get a package they never ordered. However, behind every “free gift” is a manipulative operation abusing personal data and online trust. Description:The goal behind brushing scams are to generate fake Read more
-
Session Hijacking
There are many different types of session hijacking, including session fixation, man-in-the-middle attacks, and active session hijacking. In active session hijacking, an attacker takes over a live session by stealing the session ID while the victim is already logged in. This can be done through methods such as network sniffing or cross-site scripting. The goal Read more
-
When AI Imitates the Voice of Someone You Trust
Imagine getting a call from someone who sounds exactly like your wife, boss, or grandson. They are in trouble and need your help. But here’s the trick: it’s not them. It is artificial intelligence (AI). According to the Identity Theft Resource Center (ITRC), the number of AI-based frauds has increased by 148 percent this year. Read more
-
Caller ID Spoofing
There are many different types of spoofing, from email spoofing to caller spoofing. The purpose behind spoofing is to deceive a system or person by impersonating a trusted source. The goal could be a variety of things, such as, gain unauthorized access, stealing information, bypass security controls, deliver malware, perform fraud and more. Description: Caller Read more