ZCyberNews
中文

#initial-access

7 articles

The cryptocurrency and financial-services sectors faced a concentrated wave of high-severity initial-access attacks between April 14 and April 30, 2026, according to ZCyberNews reporting. Threat actor UNC6692 was observed targeting organizations in logistics and shipping as well. The ten articles covering this period include nine rated as high severity and one as medium, reflecting the focused nature of these intrusions.

UNC6692 Email Bombing Delivers Snow Malware for Persistent AccessHIGH
Threat Intel

UNC6692 Email Bombing Delivers Snow Malware for Persistent Access

UNC6692 bombards victims with thousands of emails, then poses as IT support to deploy Snowbelt, Snowglaze, and Snowbasin malware for persistent backdoor access. No CVEs involved.

3 min readUNC6692
Phishing Reclaims Top Initial Access Vector in Q1 2026, Cisco TalosHIGH
Threat Intel

Phishing Reclaims Top Initial Access Vector in Q1 2026, Cisco Talos

Cisco Talos found phishing accounted for over a third of initial access engagements in Q1 2026, surpassing exploitation of public-facing apps for the first time since Q2 2025.

2 min read
Identity-Based Attacks Dominate Breaches as Attackers Bypass ExploitsHIGH
Threat Intel

Identity-Based Attacks Dominate Breaches as Attackers Bypass Exploits

The Hacker News reports identity-based attacks, using stolen credentials and MFA bypass, are the dominant initial access vector in modern breaches, rendering sophisticated exploits unnecessary for initial entry.

3 min read
Threat Actors Impersonate IT Helpdesk via Microsoft Teams to Deploy Quick AssistHIGH
Threat Intel

Threat Actors Impersonate IT Helpdesk via Microsoft Teams to Deploy Quick Assist

Threat actors are using Microsoft Teams to impersonate IT helpdesk staff, tricking employees into installing Microsoft's own Quick Assist tool to grant attackers full remote control of corporate systems.

4 min read
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted AttacksHIGH
Malware

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Attacks

Threat actors are abusing the Obsidian note-taking app to deliver the novel PHANTOMPULSE RAT via malicious plugins, targeting individuals in finance and cryptocurrency sectors in a campaign tracked as REF6598.

4 min read
DHL-Themed Phishing Campaign Delivers Remote Access SoftwareHIGH
Threat Intel

DHL-Themed Phishing Campaign Delivers Remote Access Software

A new phishing campaign impersonates DHL to trick recipients into installing legitimate remote access software, which attackers then use as a foothold to deploy additional malware, including ransomware.

4 min read
Attackers Shift from Phishing to Social Engineering for Okta CompromiseHIGH
Threat Intel

Attackers Shift from Phishing to Social Engineering for Okta Compromise

Threat actors are bypassing email security by using phone-based social engineering to target IT help desks and compromise Okta identity systems, enabling initial access to corporate networks.

4 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.