X-Industry

Securonix threat researchers have been tracking a stealthy campaign targeting the hospitality sector that uses click-fix social engineering, fake captchas, and fake blue screens of death to trick users into pasting malicious code.  It leverages a trusted MSBuid.exe tool to bypass defenses and deploys a stealthy, Russian-linked DCRat payload for full remote access and the ability to drop secondary payloads.[1]

An ongoing malware campaign tracked as PHALT#BLYX has been identified as a multi-stage

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associat

New England is known for lobster.  But lately, it is known for the lobsters that went missing.  Thieves allegedly stole a truckload of lobster valued at $400,000 from a Massachusetts facility earlier in December.  The scheme was complex, according to Dylan Rexing, chief executive of Rexing Companies, the logistics firm that was coordinating the shipment.

The first part allegedly involved a phishing scam, and not of the seafood kind.  According to Rexing, a culprit ever-so-slightly altered the em

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

In the modern digital ecosystem, subscribing to a calendar series has become a routine convenience.  Whether it is a retailer sharing dates for upcoming sales, a sports association like FIFA publishing match schedules, or a government body listing public holidays, the standard ‘ICS’ web calendar format, also known as iCalendars, allows third parties to integrate events directly into a user’s device.  A new report indicates that this functionality is being weaponized by cybercriminals to distribu

The automobile dealership sector continues to evolve digitally with connected vehicles, cloud-based dealership management systems (DMS), online financing, and electronic sales workflows. But the newly released CDK State of Dealership Cybersecurity 2025 report shows a sector still struggling to keep pace with threat actors who increasingly target these high-value, high-data retail environments.   Despite gains in awareness and investment, dealerships face widening gaps in employee readiness, thir

If you manage Facebook advertising for a small or medium-sized business, open your inbox with suspicion, because attackers have been sending highly convincing invites that appear to come straight from Meta.

Researchers at Check Point found that the attackers used Facebook Business pages and the platform’s invitation feature to send messages that appear to come from the real @facebookmail.com domain, making them much harder to spot with automated filters and human instincts alike.[1]

The campaign

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. (including all significant vessel keys words).  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observe

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot.  "The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents," Aryaka Threat Research Labs researchers Aditya K Sood and Varadharajan K said in a report shared with The Hacker News. "When opened,

Professionals have ignored cybersecurity on their phones.  Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and breaches in half.  Enterprise cybersecurity risks from employees using their personal phones for work are rising, but companies aren't adopting solutions quickly enough to account for them.  The data collected in Verizon Business' 2025 Mobile Security Index (MSI) paints a clear picture

Microsoft’s Digital Defense Report 2025[1] warns of a marked increase in identity-based attacks, driven in part by the growing use of artificial intelligence to craft convincing social engineering lures.  The company says its systems analyze more than 100 trillion security signals every day and that identity attacks rose 32% in the first half of 2025 compared with the previous period.[2]

Microsoft emphasizes that password attacks remain the primary vector: more than 97% of observed identity-base

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

WhatsApp has become one of the most popular applications, with over 2 billion users using it for communication with friends and family. Unfortunately, this makes WhatsApp an easy target for cybercriminals to exploit unsuspecting individuals. Since the app is used for friendly methods, many assume that contact via WhatsApp can be trusted. It cannot, and users must be cautious.[1]

Threat actors have elevated their tactics from the traditional style of email phishing to utilizing WhatsApp. They app

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

FortiGuard Labs recently identified a phishing campaign leveraging carefully crafted emails to deliver malicious URLs linked to convincing phishing pages.  These pages are designed to entice recipients into downloading JavaScript files that act as droppers for UpCrypter Malware that ultimately deploys various remote access tools (RATs).

The attack chain begins with a small, obfuscated script that redirects victims to a spoofed site personalized with the target’s email domain, enhancing credibili

Remote Access Trojans, also known as RATs, have been around for years, although their prevalence in the market has surged recently.  RATs are digital skeleton keys, giving an attacker remote control over a system, often without the user ever knowing.  This kind of access often starts with someone clicking a malicious link or opening a rogue attachment in a phishing email or messaging app.  From there, the attacker can move laterally, steal data, monitor activity, or trigger ransomware.

RATs have

The legal market segment has been a prime target for cybercriminals due to the highly sensitive and confidential data it holds.  A recent report from the International Legal Technology Association (ILTA) and Fenix24, "Security at Issue: State of Cybersecurity in Law Firms," reveals a crucial shift in the threat landscape.  The report, based on a survey of 60 law firms, indicates that while awareness and investment are rising, fundamental vulnerabilities persist, and human-operated attacks are no

In early July 2025, a new DarkCloud campaign was observed in the wild by Fortinet’s FortiGuard Labs team.  It began with a phishing email containing an attached RAR archive. Fortinet subsequently investigated this campaign and conducted a step-by-step analysis.  DarkCloud is a known stealthy Windows-based information-stealer malware that was first identified in 2022. It is designed to steal sensitive information from the victim’s computer, including saved login credentials, financial data, conta

A leading cybersecurity, privacy, and data protection firm, Vipre Security Group, has released its Q2 2025 Email Threat Landscape Report, highlighting a significant shift in cybercriminal tactics.  The report, based on an analysis of global real-world data, uncovers a growing reliance on hyper-personalized, AI-driven phishing techniques that exploit human vulnerabilities rather than traditional technological tricks.  This evolution in email-based threats is raising alarms for organizations world

The Fortinet/FortiMail Workspace Security team recently identified a targeted intrusion campaign impacting multiple Israeli organizations.  The adversary leveraged compromised internal email infrastructure to distribute phishing messages across the regional business landscape.  These emails initiated a multi-stage, PowerShell-based infection chain that culminated in the delivery of a remote access trojan (RAT), executed entirely through PowerShell.

Key characteristics include:

• Full PowerShell-b