The KongTuke initial access broker group is exploiting Microsoft Teams for social engineering attacks, breaching corporate networks in as little as five minutes.
KongTuke, known for facilitating enterprise breaches, has shifted tactics to leverage Microsoft Teams as an attack vector. The group uses the platform to conduct social engineering campaigns targeting corporate employees.
Once inside a network, attackers establish persistent access rapidly—sometimes within minutes. This speed makes detection difficult before damage occurs.
Microsoft Teams' widespread adoption in enterprise environments makes it an attractive target. The platform's legitimacy within organizations allows attackers to blend in with normal business communications.
Security researchers tracking the group recommend organizations implement strict access controls, monitor Teams activity for suspicious behavior, and enforce multi-factor authentication across all accounts. Employee security awareness training focusing on social engineering tactics is also critical.
The shift highlights how threat actors continuously adapt to exploit tools already present in target environments, using familiarity and trust as weapons.
A new macOS malware called CrashStealer disguises itself as Apple's crash-reporting tool to steal credentials, keychain data, and cryptocurrency wallets from infected systems.
Security firm Jscrambler disclosed that attackers published a malicious version of its npm package, which was downloaded nearly 1,500 times before detection. The compromised package contained infostealer malware targeting developer systems.
Security researchers are turning prompt injection attacks into a defensive weapon. The technique, called "context bombing," forces malicious AI agents to shut down before causing damage.
The Los Angeles Police Department has allowed its contract with surveillance company Flock to expire, citing serious civil liberties and privacy concerns. The move marks a significant departure for one of Flock's largest government customers.