Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks

Threat Score:
60
The Hacker News
20 hours ago

Overview

Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners. The threat activity clusters have been codenamedSoco404andKoskeby cloud security firms Wiz and Aqua, respectively. Soco404 "targets both Linux and Windows systems, deploying platform-specific malware," Wiz researchers Maor Dokhanian, Shahar Dorfman, and Avigayil Mechtingersaid. "They use process masquerading to disguise...

Related Articles

5 articles
1

2025-07-26 - Cluster AI Daily Threat Brief

ThreatCluster 6 hours ago

# Daily Threat Intelligence Brief - July 26, 2025 ## Executive Summary Today's threat landscape remains dynamic and increasingly complex, with a notable rise in attacks targeting critical infrastructure and enterprise services. The most pressing threats stem from **phishing campaigns**, **ransomware attacks**, and **vulnerabilities in widely-used platforms** such as Microsoft SharePoint and AWS. With global ransomware incidents reportedly down 43% in the second quarter, the threat actors are r

Score
76
Read more
2

Microsoft 365 Admin Center Outage Blocks Access for Admins Worldwide

Cybersecurity News 11 hours ago

Microsoft is currently facing an outage that affects the Microsoft 365 Admin Center, preventing administrators from accessing essential management tools. The issue, which emerged prominently on July 24, 2025, has persisted into the following day, marking the second such incident this week and raising concerns service reliability. As businesses rely heavily on Microsoft 365 […]

Score
72
Read more
3

New VOIP-Based Botnet Attacking Routers Configured With Default Password

Cybersecurity News 57 minutes ago

A sophisticated global botnet campaign targeting VOIP-enabled routers and devices configured with default credentials.  The discovery began when analysts noticed an unusual cluster of malicious IP addresses concentrated in rural New Mexico, leading to the identification of approximately 500 compromised devices worldwide. Key Takeaways1. Hackers are exploiting VOIP routers with default Telnet passwords to build […]

Score
70
Read more
4
Microsoft SharePoint Hackers Switch Gears to Spread Ransomware

Microsoft SharePoint Hackers Switch Gears to Spread Ransomware

TechRepublic Security 8 hours ago

Recent attacks targeting Microsoft SharePoint have escalated, with threat actors now deploying ransomware on vulnerable systems, according to Microsoft. This surge in malicious activity follows the release of multiple SharePoint security patches in July. Anupdate published to Microsoft’s blogreads, in part: “Expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware.” Detailing the attack At least

Score
70
Read more
5
The Ηоmоgraph Illusion: Not Everything Is As It Seems

The Ηоmоgraph Illusion: Not Everything Is As It Seems

Palo Alto Unit 42 9 hours ago

Threat Research Center Threat Research The Ηоmоgraph Illusion: Not Everything Is As It Seems By:Gal Guzman Gal Guzman Published:July 25, 2025 Categories:Business Email CompromiseMalwareThreat Research Malware Threat Research Tags:DocusignGenAIGooglePhishing Docusign GenAI Google Phishing Executive Summary Since the creation of the internet, email attacks have been the predominant attack vector for spreading malware and gaining initial access to systems and endpoints. One example of an effective

Score
69
Read more