ReliaQuest stories

ReliaQuest says suspected former Black Basta operators are bombarding staff with emails and posing as IT support in Microsoft Teams to reach senior executives.

Attackers abuse trusted tools, remote support software and stolen SSO sessions to breach systems, ReliaQuest says.

ReliaQuest flags DeepLoad malware stealing live credentials in enterprise networks, with AI-style obfuscation, USB spread and hidden WMI persistence.

Corelight launches Agentic Triage, an AI-driven workflow to speed SOC investigations while exposing every step for transparent review.

Ransomware group LeakNet adopts ClickFix lures and a Deno-based fileless loader to scale attacks and evade traditional endpoint defences.

ShinyHunters shifts to subdomain-brand phishing and vishing on mobiles, bypassing domain checks to hijack SSO logins and SaaS sessions.

AI-fuelled hackers can now spread across corporate networks in as little as four minutes, outpacing human defenders by hours.

China-linked Warlock ransomware group exploits SmarterMail flaw for admin takeovers, chaining features to gain full Windows control.

Attackers are abusing Windows screensaver files in a spearphishing campaign to stealthily install remote access tools on business systems.

Ransomware gangs shrank in number but hit more victims in late 2025, with leak-site postings soaring despite fewer active groups.

Attackers are abusing LinkedIn private messages to deliver Python-based malware via booby-trapped archives, ReliaQuest has warned.

ReliaQuest warns BaoLoader and trust-based lures are surging, as attackers ditch zero-days for social engineering and valid certificates.

Storm-0249 hijacks trusted security and Windows tools to stealthily broker high-value network access for ransomware operators.

Chinese state-backed hackers mimic Microsoft Teams downloads in a false flag campaign to infect Chinese speakers and blame Russian actors.

ReliaQuest reveals identity compromises and process flaws, not zero-day exploits, drive most cloud breaches, with 99% of cloud identities still over-privileged.

Ransomware attacks hit a record in Q3 2025 as new alliances broaden targets to sectors like healthcare and critical infrastructure worldwide.

ReliaQuest reports cyber attackers cut breakout time to 18 minutes, with surging threats from Oyster malware and rising abuse of USB and IP-KVM devices.

ReliaQuest launches GreyMatter Transit, enabling real-time cybersecurity threat detection as data moves, cutting delays of traditional storage-based methods.

Phishing attacks using the Axios user agent surged 241% by August 2025, bypassing defences with Microsoft Direct Send to steal credentials at high rates.

Cybercriminal groups ShinyHunters and Scattered Spider have escalated phishing attacks on Salesforce and major firms like Google, signalling possible collaboration.