Friday 26 June 2026 10:22:10 GMT+02:00

Netcrook

HomeManifesto
News
Corporate Security IncidentsCloud, SaaS & Identity SecurityIndustrial Cybersecurity & Critical InfrastructureCyber Intelligence, TrendsAI Security & Agentic SystemsCyber Intelligence & Threat TrendsCyber WarfareCyber Warfare & Nation-State OperationsCyber CriminalityBreaches & Data LeaksCybercrimeMalware & BotnetsRansomware & ExtortionSecurity Awareness & Social EngineeringLegal PolicyLegal, Policy & Government CybersecurityPrivacy, Regulation & ComplianceTechnology, InnovationTechnology, Innovation & Digital InfrastructureVulnerabilities Patch ManagementResearch, Exploits & Offensive SecurityVulnerabilities & Patch Management
Techcrook
Tutte le tecnologieIdentita e accessoFirewall e reteBackup e archiviazioneEnergia e continuitaPrivacy e sicurezza fisicaLaboratorio e prototipazioneStampa e tracciabilitaTecnologia quotidiana
Geocrook
AfricaAsiaEuropeMiddle EastNorth AmericaOceaniaSouth America
WikicrookTeamAppContact
EnglishItalianoArabic

#UNC1549

The Recruiter Trap Behind a Familiar Espionage Name

02 June 2026 10:23Cyber Warfare & Nation-State OperationsAGONY

A fake hiring site linked to Nimbus Manticore shows how job lures, impersonation, and cloud-friendly tradecraft can turn a simple message into a national-security risk.

#Nimbus Manticore | #UNC1549 | #LinkedIn phishing

Recruitment Became the Trap Door: Fake Job Lures Meet Malware Sideloading

02 June 2026 08:10Cyber Warfare & Nation-State OperationsMiddle East / IranAGONY

A campaign tied to the Nimbus Manticore label shows how hiring themes can be turned into an execution path, using deception first and Windows loader abuse second.

#fake jobs | #custom malware | #sideloading

When the Loader Betrays the App: A .NET Trick That Can Hide in Plain Sight

01 June 2026 16:28Cyber Warfare & Nation-State OperationsMiddle East / IranAGONY

A campaign tied to Screening Serpens shows how AppDomainManager abuse can turn a trusted .NET startup path into an early-stage hiding place for malware.

#AppDomainManager | #UNC1549 | #Iran APT

Search Results Became the Bait in a New Software-Download Ambush

25 May 2026 12:23Malware & BotnetsNorth America / USAIRONQUERY

A lure built around SQL Developer shows how a threat cluster can turn user search intent into a delivery channel for malware, without relying on email at all.

#SEO poisoning | #MiniFast | #UNC1549

Search Results as a Delivery Pipe: The Fake SQL Developer Lure Behind a New Poisoned-SEO Campaign

25 May 2026 10:24Cyber Warfare & Nation-State OperationsMiddle East / IranAGONY

A suspected nation-state-linked operation used search manipulation and a fake developer tool as the bait, showing how software discovery can become the first step in compromise.

#SEO poisoning | #Nimbus Manticore | #SQL Developer

MiniUpdate, Big Message: How Cloud Hostnames Became Cover for a Spyware Run

25 May 2026 10:19Cyber Warfare & Nation-State OperationsNorth America / USAAGONY

Researchers linked a MiniUpdate RAT campaign to Azure-hosted command channels, showing how attackers can abuse cloud infrastructure to support espionage operations.

#MiniUpdate RAT | #Azure C2 | #Screening Serpens