Sunday , July 12 2026
Cloud intrusions

Cloud intrusions surged 136% H1 of 2025

Cloud intrusions increased significantly in the first half of 2025, rising 136% compared to all of 2024, as reported by CrowdStrike’s 2025 Threat Hunting Report.

Researchers noted that the data shows more attackers are learning to target cloud environments by exploiting misconfigurations, maintaining access, and moving laterally.

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

The explosion in cloud intrusions was partly driven by a 40% increase in Chinese-nexus actors exploiting these environments.

“China’s cyber espionage capabilities reached a critical inflection point over the past year, marked by increasingly bold targeting, stealthier tactics and expanded operational capacity,” the researchers wrote.

Two Chinese state-linked groups, Genesis Panda and Murky Panda, have proven skilled at operating in cloud environments over the past year.

Genesis Panda appears to act as a primary broker for future intelligence gathering. They have been noted for exploiting various web vulnerabilities to infiltrate cloud systems.

It effectively uses cloud services to increase access and maintain persistence, including targeting accounts of cloud service providers.

Murky Panda targets organizations in North America by exploiting cloud environments through trusted partnerships. They compromise suppliers to gain administrative access to the victim’s Entra ID tenant.

The group shows advanced skills, accessing rare malware like CloudedHope and rapidly exploiting zero-day vulnerabilities.

Enhanced Defense Evasion Techniques:

The CrowdStrike report, released on August 4 during Black Hat USA 2025, found that manual intrusions increased 27% year-over-year in H1 2025.

Threat actors are increasingly using manual navigation to find new ways to bypass outdated detection tools, enabling them to customize their tactics for specific targets.

This assists persistence and lateral movement in target systems, with the ultimate goal normally data exfiltration.

“Unlike automated attacks, interactive intrusions involve human operators who interact with systems in real time, adapting their tactics as need. They are typically more sophisticated and difficult to detect than automated attacks,” the researchers explained.

CrowdStrike OverWatch noted that five of the top 10 MITRE ATT&CK techniques used in the last year were for discovery. These techniques aid attackers in navigating a network while avoiding detection by security systems.

Defense evasion techniques like masquerading and tool modification were among the top 10 most used methods. They help attackers disguise their actions as normal network activity, facilitating other tactics like privilege escalation and credential access.

Scattered Spider Ramps Up Threat Activity:

CrowdStrike noticed the Scattered Spider cybercriminal gang increasing its activity in April 2025 after being mostly inactive from December 2024 to March 2025.

The actor is connected to several ransomware attacks on retail, aviation, and insurance sectors in the UK and US recently.

In June, UK authorities arrested four people for allegedly attacking three major British retailers associated with Scattered Spider.

Vishing attacks surged in H1 2025, surpassing all of 2024 in volume.

Scattered Spider actively uses voice phishing, often impersonating real employees to call an organization’s IT help desk and request password or MFA resets.

Researchers noted the advanced nature of this method, as Scattered Spider accurately provided the impersonated individuals’ employee IDs during identity verification at help desks.

“In one call where the adversary could not provide the impersonated employee’s ID, the threat actor offered to provide the employee’s date of birth and Social Security number as alternative verification credentials,” the researchers said.

Check Also

email

Data breach affects 14.2 million email logins across six ISPs

KDDI Corporation, a Japanese telecom company, revealed a data breach. Hackers got into one of …