Spear-Phishing Campaign Uses Proton Drive Links and LNK Files to Deliver SpyGlace

The APT-C-60 threat actor has continued targeting Japanese organizations with a spear-phishing campaign that abuses Proton Drive, Windows shortcut files, trusted developer platforms, and native Windows utilities to deliver the SpyGlace malware. While the group retains several established tradecraft elements,…

Multifunction Windows backdoor, NSA revives TAO, urgent ShareFile warning

Windows backdoor stuffs multiple wipers and ransomware code into a single package NSA brings back Tailored Access Operations name for elite hacking unit Progress urges ShareFile customers to shut down storage zone controllers  Show notes: https://cisoseries.com/cybersecurity-news-multifunction-windows-backdoor-nsa-revives-tao-urgent-sharefile-warning/ Huge thanks to our…

Exposed Server Unmasks Evilginx Operators Stealing Microsoft 365 Sessions and OAuth Tokens

A misconfigured server in Budapest exposed a live phishing operation built to bypass Microsoft 365 multi-factor authentication and retain access to compromised accounts. The server, hosted at 185.163.204[.]7185.163.204[.]7185.163.204[.]7, was running python3 -m http.server 8080 with directory listing enabled, making its…