My IBM Log in Subscribe

IBM X-Force

Explore the latest on critical threats, vulnerabilities and incident response to help strengthen your offensive and defensive security practices — curated by X-Force’s team of hackers, responders and researchers.
Cloud Think Hub Banner

3 June 2025

IBM X-Force Threat Analysis: DCRat presence growing in Latin America

IBM X-Force has been monitoring phishing email campaigns from Hive0131 pretending to be The Judiciary of Colombia and using fake notifications to Colombians of criminal proceedings to deliver malwa...

2 June 2025

Weaponized SVGs: Inside a global phishing campaign targeting financial institutions

Since the start of 2025, IBM X-Force has been tracking a phishing campaign targeting financial institutions worldwide, using weaponized Scalable Vector Graphics (SVG) files to initiate multi-stage ...

20 May 2025

Oh non! Spear phishing campaign targets users in France using their leaked data, 160K+ victims

Since late March 2025, IBM Security has been closely monitoring a sophisticated spear phishing campaign designed to steal Amazon and Amazon Prime credentials and primarily targeting residents of Fr...

15 May 2025

Hive0154 targeting US, Philippines, Pakistan and Taiwan in suspected espionage campaign

IBM X-Force is tracking a suspected espionage campaign activated by Hive0154, using weaponized ZIP archives to distribute Pubload and Toneshell backdoors. Learn more about the threat.

15 May 2025

Detecting and preventing deepfake attacks in the wild

According to the IBM Threat Intelligence Index 2025, generative AI is growing in popularity as a tool for threat actors, especially those creating deepfakes. Learn more about the dangers of deepfak...

14 May 2025

Operationalizing browser exploits to bypass Windows Defender Application Control (WDAC)

Previously discovering a method for bypassing even the strictest WDAC policies by backdooring trusted Electron applications, the IBM X-Force Red team continued their research and can now bypass the...

28 April 2025

News

IBM X-Force Red releases m-Ray, an open-source mainframe vulnerability scanner

Kyri Lea and Elizabeth Christensen have developed m-Ray, an automated vulnerability scanner for IBM mainframes running the z/OS operating system.

22 April 2025

Powering up: Abusing Power Apps to compromise on-prem servers

The X-Force Red team was able to breach a hardened external perimeter and gain code execution to an on-premises SQL server, resulting in full Active Directory compromise. Learn how they did it, and...

17 April 2025

X-Force Threat Intelligence Index 2025 highlights attackers steal, and sell, user identities at scale

The 2025 X-Force Threat Intelligence Index is out, and it shows that attackers are still actively stealing and selling user identities. Learn more about that and other relevant threats.

15 April 2025

News

IBM X-Force Threat Analysis: Hive0148 observed targeting Mexico and Costa Rica

IBM X-Force observed Hive0148 spreading the Grandoreiro banking trojan to users in Mexico and Costa Rica. Learn more about this phishing and Malware-as-a-Service campaign.

8 April 2025

News

RemoteMonologue: Weaponizing DCOM for NTLM authentication coercions

The IBM X-Force Red team covers the fundamentals of COM and DCOM, dives into the RunAs setting and why authentication coercions are impactful and introduces a new credential harvesting tool - Remot...

25 March 2025

News

IBM X-Force discovers new Sheriff Backdoor used to target Ukraine

IBM X-Force discovered a set of previously unknown malware used in a cyber espionage attack against an entity within Ukraine’s defense sector in the first half of 2024. Unpack the analysis.

25 March 2025

News

Fileless lateral movement with trapped COM objects

New research from IBM X-Force Red has led to the development of a proof-of-concept fileless lateral movement technique by abusing trapped Component Object Model (COM) objects. Get the details.

18 March 2025

News

Bypassing Windows Defender Application Control with Loki C2

Microsoft offers a bug bounty for qualifying bypasses into Windows Defender Application Control. Learn how IBM's X-Force team found a bypass using Loki C2.

4 March 2025

News

FYSA: VMware Critical Vulnerabilities Patched

Broadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise.

No results found