Major Incidents or Breaches

  • Researchers have identified a new Android remote access trojan (RAT) named PlayPraetor, which has infected over 11,000 devices. The campaign primarily targets users in Portugal, Spain, France, and Morocco. Infection vectors include fake Google Play pages and malicious ads distributed via Meta platforms.

Notable Threat Actor Activity

  • Telnet and SSH logs have shown renewed activity involving the legacy username “pop3user,” suggesting threat actors are targeting outdated or legacy authentication mechanisms, possibly exploiting systems still using old POP3 configurations.

Trends, Tools, or Tactics of Interest

  • Microsoft has released PyRIT, an AI-powered reconnaissance tool for cloud red teaming. PyRIT automates information gathering against Azure environments and integrates GPT-4 for advanced reconnaissance capabilities. This reflects ongoing innovation in offensive security tooling for cloud environments.