WeLiveSecurity

Webworm: New burrowing techniques

EchoCreep, which uses Discord for C&C communication, and GraphWorm, which uses Microsoft Graph API for the same purpose. The ...

ESET uncovers the expanded arsenal of China-aligned Webworm; European governments targeted

ESET Research uncovered and analyzed the latest activities and arsenal of China-aligned Webworm advanced persistent threat ...
Dark Reading

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments

The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.
Windows Report

Microsoft Warns Storm-2949 Is Stealing Data From Microsoft 365 And Azure

Microsoft says Storm-2949 targets Microsoft 365 and Azure environments using MFA abuse, password resets, and cloud data theft ...

Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

Kore.ai Launches Artemis, the New Generation of the Kore.ai Agent Platform for Building, Governing, and Optimizing Enterprise AI

Agent Blueprint Languageâ„¢ (ABL) compounds returns and compresses agent delivery from months to daysSAN MATEO, ...
Infosecurity Magazine

China-Linked Webworm APT Evolves Tactics, Expands to European Targets

China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage ...

New Shai-Hulud malware wave compromises 600 npm packages

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...

Microsoft Reveals How One Hacked Identity Triggered a Massive Cloud-Wide Breach

Microsoft says Storm-2949 used one hacked identity to infiltrate cloud systems, steal sensitive data, and spread across Azure ...

BeyondTrust Named an Overall Leader in 2026 KuppingerCole Analysts Leadership Compass for Privileged Access Management for Sixth Consecutive Year

Recognized as a Leader across Product, Innovation, and Market Leadership categoriesHighlighted for advanced JIT and ephemeral ...