Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Carnival confirms ShinyHunters cruised off with 6M customer records after April breach
May 28, 2026
Carnival Corporation – the world’s largest cruise operator – has confirmed a digital heist, a month after hacking crew ShinyHunters claimed to have stolen millions of customers’ records. The breach, Carnival confirmed, stemmed from an April 14 social engineering attack on an employee, though the company declined to comment on the scale or name ShinyHunters. Read more… Source: ...
- Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup
May 27, 2026
The FBI is issuing this Public Service Announcement (PSA) to warn the public that cyber threat actors are conducting spoofing attacks against the Fédération Internationale de Football Association (FIFA) website in advance of the 2026 FIFA World Cup. A spoofed website is designed to pose as a legitimate website, with branding, product listings, etc., and malicious ...
- UK Visa Portal exposed thousands of applicants’ passports and selfies — then called the lawyers on us
May 27, 2026
A website called UK Visa Portal publicly exposed thousands of passports and selfie photos of applicants who paid the site to obtain a U.K. immigration visa. An anonymous person notified TechCrunch about the security lapse, saying that the website was exposing at least 100,000 documents from people who uploaded their passports and selfies to the website ...
- Ghost CMS flaw hijacked to target hundreds of websites with ClickFix attacks
May 26, 2026
A critical-severity vulnerability that reportedly was patched three months ago is being exploited in a massive ClickFix campaign, researchers have claimed. In mid-February 2026, a critical SQL injection vulnerability was found in Ghost CMS, a popular open-source Content Management System (CMS) currently used by more than 57,000 websites, including the likes of 404 Media, The Canadian ...
- Industrial robots targeted by malware, which could open them up to hacking
May 25, 2026
A critical command injection vulnerability has been discovered in Universal Robots PolyScope 5, the operating system whucg powers the company’s collaborative robots. The flaw, tracked as CVE-2026-8153, carries a CVSS score of 9.8 and affects all software versions prior to PolyScope 5.25.1. This vulnerability could lead to complete compromise of the robot controller, affecting the confidentiality, integrity, and availability ...
- Another major Linux security flaw revealed — nine-year old issue could spell disaster for users
May 23, 2026
Security researchers Qualys discovered a major flaw in the Linux operating system (OS) that could let any ordinary user, or malicious actor, gain full admin access on vulnerable endpoints. This bug lingered in Linux systems since 2016, and affects the default installations of several major distributions, including Red Hat, SUSE, Debian, Fedora, AlmaLinux, CloudLinux, and others. Read more… Source: TechRadar News Sign up ...