惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
Help Net Security
Help Net Security
P
Privacy International News Feed
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tor Project blog
AWS News Blog
AWS News Blog
K
Kaspersky official blog
A
Arctic Wolf
Latest news
Latest news
T
Threat Research - Cisco Blogs
L
LINUX DO - 最新话题
P
Privacy & Cybersecurity Law Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
Google DeepMind News
Google DeepMind News
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
月光博客
月光博客
N
News and Events Feed by Topic
Jina AI
Jina AI
博客园 - 司徒正美
WordPress大学
WordPress大学
罗磊的独立博客
雷峰网
雷峰网
AI
AI
Hugging Face - Blog
Hugging Face - Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Security @ Cisco Blogs
博客园 - 三生石上(FineUI控件)
H
Heimdal Security Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
酷 壳 – CoolShell
酷 壳 – CoolShell
C
Cisco Blogs
博客园 - 【当耐特】
The Hacker News
The Hacker News
有赞技术团队
有赞技术团队
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Schneier on Security
Schneier on Security
博客园 - Franky
S
SegmentFault 最新的问题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Cloudbric
Cloudbric
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Secure Thoughts
Last Week in AI
Last Week in AI
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Know Your Adversary
Know Your Adversary
Google DeepMind News
Google DeepMind News

The Register - Special Features

23andMe inherits lawsuit over 'disturbing' DNA data breach Troops’ phones gave away location data to foreign adversaries Qualcomm picks bad time to pitch a $300 laptop platform AI agents get their own phone directory built atop DNS Carnival confirms ShinyHunters cruised off with 6M customer records after April breach Google engineer accused of turning Year in Search secrets into Polymarket payday Are we human? India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat Broadcom gets early start on WiFi 8 with next-gen wireless routing kit Are we human? Microsoft Excel champ proves he still has the formula Anthropic co-founder hallucinates ghost in the machine Anthropic co-founder hallucinates ghost in the machine NASA plans Moon Base buildout with rovers, drones, cargo landers MyPillow must decide whether to be firm or soft as ransomware crims demand pay Starship shows it can deploy satellites, but Moon mission clock still ticks Huawei's chip law looks less like Moore and more like marketing Experts pour cold borscht on Farage's Russian hack claim Logitech unveils a cushioned mouse for all-day use AI eyes scanning for bugs create a worrisome Linux security trend A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets AI datacenter boom collides with US grid reality Media giant settles for $930k amid user-snooping allegations AT&T sues to ditch Cali copper phone lines to save billions FBI warns of Kali365 as device code phishing soars Techie claims Trump Mobile website was leaking thousands of people's data BOFH: Vibe-coded solutions arrive for problems nobody has Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund' Google explains how it will infuse ads into AI answers AI is getting pricey, but relief is coming, but not for you Deus ex machina: Half of US Christians trust AI's spiritual advice Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach Apple adds AI smarts to Voice Control, VoiceOver and Magnifier ahead of Accessibility Day Microsoft open-sources agentic AI safety tools OpenAI wants upfront cash for guaranteed AI capacity Fedora: Microsoft is all aboard, but Deepin is dumped Bye-bye, Gemini CLI; Google nudges devs toward Antigravity Plex appeal fades as Lifetime Pass jumps to $750 AI sackings reach New Zealand, which will use it to eject 14 percent of government staff Anthropic’s Stainless steal tightens grip on AI dev tooling Are we human? Google touts tokenmaxxing, huge capex, and AI agents at I/O America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames Shadow AI invades the workplace, up 4x in the last year Microsoft refreshes Surface for Business lineup, starts AI PC upsell at $1,499 Broadcom finds a VMware customer willing to stick around: London Stock Exchange 468k records allegedly stolen from Portugal’s postal carrier Baidu says the quiet part out loud – you can’t build AI infrastructure, so clouds can cash in Shai-Hulud copycat worm infects yet another npm package Uncle Sam's next big super might not use GPUs Are we human? Datacenters slurping up so much juice they boosted prices 75% in largest US energy market MPs want social media treated more like unsafe toys than harmless apps Cerebras’ wafer-scale AI bet delivers blockbuster IPO Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data Anthropic tosses agents into the API billing pool Jen Easterly, cybersecurity's 'relentless optimist,' hopes feds come back to RSAC next year Jen Easterly, cybersecurity's 'relentless optimist' Voice phishing skyrockets as smooth crims talk their way in RSAC 2026: Uncle Sam backs out, AI agents everywhere RSAC 2026: Uncle Sam backs out, AI agents everywhere Decoding Nvidia's Groq-powered LPX and the rest of its new rack systems A closer look at Nvidia's Groq-powered LPX rack systems Nvidia slaps $20B Groq tech into massive new LPX racks to speed AI response time Nvidia slaps Groq into new LPX racks for faster AI response AI Burning Man happens next week – what to expect at Nvidia GTC 2026 Nvidia GTC 2026: What to expect at AI Burning Man Unaccounted-for AI agents are being handed wide access Unaccounted-for AI agents are being handed wide access Google to foist Gemini pane on Chrome users Google to foist Gemini pane on Chrome users Yes, you can build an AI agent – here's how, using LangFlow How to build an AI agent using LangFlow Clawdbot becomes Moltbot, but can’t shed security concerns Clawdbot becomes Moltbot, but can’t shed security concerns Gartner questions if Salesforce AI will stay all-you-can-eat Gartner questions if Salesforce AI will stay all-you-can-eat Claude supports MCP Apps, presents UI within chat window Claude supports MCP Apps, presents UI within chat window Cursor is better at marketing than coding Cursor is better at marketing than coding Feds skipping infosec industry's biggest conference, RSAC AI is rewriting how power flows through the datacenter All aglow about DCs, investors launch $300M at microreactor startup Radiant bags $300M-plus to commercialize its microreactors Why do bit barns keep bumping up our bills, Senators ask DC operators Senate trio questions DC operators over rising energy costs Building the AI factory datacenter Delays? What delays? Oracle insists its $300B cloud contract with OpenAI is on track Oracle insists its $300B contract with OpenAI is on schedule Salesforce willing to lose money on AI to lock in customers Salesforce willing to lose money on AI to lock in customers Galactic Brain space datacenter coming in 2027, pledges startup Aetherflux Galactic Brain space datacenter promised in 2027 Activist groups urge Congress to pause datacenter buildouts Activist groups urge Congress to pause datacenter buildouts Bezos-backed Unconventional AI addresses datacenter power Bezos-backed Unconventional AI addresses datacenter power AWS re:Invent keynote: Matt Garman bores, then thrills
Smooth criminals talking their way into cloud environments, Google says
2026-03-23 · via The Register - Special Features

RSAC 2026 Voice phishing surged last year to become the second most common method used by cybercriminals to gain initial access to their victims' IT estate – and the No. 1 tactic used when breaking into cloud environments.

Groups like ShinyHunters and Scattered Lapsus$ Hunters increasingly used this and other types of interactive social engineering tactics that involve a human steering the conversation in real time in their 2025 attacks, according to Jurgen Kutscher, VP of Mandiant Consulting at Google Cloud.

"It's the interactive ones, the voice based ones, that are really creating a new challenge," he told The Register in an interview about the security shop's annual M-Trends report, based on data collected from Mandiant's more than 500,000 hours of incident response engagements conducted around the world last year.

The report found attackers used voice-based phishing as the initial infection vector in 11 percent of attacks last year, making it the second-most common method of gaining illicit access to systems. Exploiting vulnerabilities topped the charts for a sixth year, accounting for 32 percent of successful attacks.

Non-interactive lures like phishing emails, however, declined, at just six percent of 2025 intrusions.

"What we've seen in 2025 is certain threat actors calling IT help desks to, for example, register attacker-controlled devices for MFA to try and reset passwords," Kutscher said. "They're building a number of different scenarios to trick IT help desks, and an IT help desk, by default, tries to help. That's part of the reason why the social engineering attacks that are interactive are so powerful."

Don't click the 'fix'

Scammers aren't only targeting IT help desks with interactive social engineering scams, as Google – along with other security researchers – also documented a spike in ClickFix attacks over the past year as well.

ClickFix is an extremely popular social engineering tactic in which the attackers trick the users into running malicious commands on their own computers, usually by clicking a fake computer problem fix or an I-am-not-a-robot prompt.

Google's threat-intelligence arm documented "dozens" of criminals using this technique last year, and especially threat clusters focused on widespread initial access operations.

"We see the threat actors being extremely creative in these types of attacks," Kutscher said. "And they're doing this by directly establishing interactive contact with victims, which is a new level of sophistication. But the return clearly justifies the investment."

Extreme timelines

Another trend highlighted in the 102-page report involves "extremes" in the attackers' timelines, according to Kutscher.

Mandiant's investigations show an increasing number of what it calls "hand-offs," where one individual or crew gains initial access, and then they hand-off that access to a second threat group – typically a ransomware or data theft and extortion gang. Oftentimes this hand-off happens in under 30 seconds.

"And then on the other end of the spectrum, you have, this extreme level of sophistication of stealth that threat actors have gained" that allows them to remain hidden in victims' environments without being detected, sometimes for hundreds of days, Kutscher said.

Attackers on this end of the spectrum – typically espionage groups and North Korean scam IT workers – do this by targeting network edge devices like firewalls, routers, and VPNs, generally by exploiting zero-day bugs. Operators of edge devices don't often protect them with endpoint security products, so attacks running the machines often evade defenders. Miscreants can therefore stay hidden while they go about their evil business.

Kutscher calls this trend "living on the edge," and first started talking about it two years ago. "What is interesting is the evolution of how they're leveraging these edge devices," he told us.

Miscreants are no longer just using the edge device for access into IT environments. "Now they're also leveraging the core functionalities available on these edge devices, and living on these edge devices, intercepting network traffic, being able to intercept clear-text passwords, etc," Kutscher said.

In some cases, this means the attackers don't even need to move onto the internal network because they are able to steal secrets and other sensitive data from the edge device itself.

"That is an extremely powerful persistence mechanism, and why we've seen now some threat actors with dwell times of 400 days, and the median dwell time going from 11 to 14 days," Kutscher said.

Remember Brickstorm?

Mandiant investigated "numerous" incidents in 2025 in which a suspected Chinese government spy crew tracked as UNC6201 broke into edge devices that didn't support endpoint security products, deployed a backdoor called Brickstorm to maintain long-term access, and captured valid credentials from its position on the appliance. The snoops then used these credentials to access victims' VMware environments.

They remained undetected, on average, for 393 days.

These scenarios challenge network infosec teams. The exceedingly short hand-off time from initial access to ransomware infections, for example, means defenders must "operate at machine speed," Kutscher said. "When an attack life cycle takes place in seconds, human speed is probably not going to be sufficient to stop these types of attacks."

Of course, Google, a security and AI vendor, has a whole suite of products it would like to sell you to help with that.

"You also have to realize that a low-impact incident may turn into a high-impact incident within seconds," Kutscher said. "From an investigative perspective, you can no longer just classify something as low-impact and dismiss it for later. You have to look at all of these events and understand what could be a stage-one attack and could lead to a potential catastrophic consequence for the enterprise." ®