Fortgale Blog » Emerging Threats Emerging Threats

March 25, 2026 ·Emerging Threats

TeamPCP: The Rise of Cloud-Native Extortion and Supply Chain Attacks

TeamPCP: The Rise of Cloud-Native Extortion and Supply Chain Attacks TeamPCP is an emerging cybercriminal collective that became active in late 2025, distinguishing itself through a specialized focus on massive attacks against cloud-native infrastructures. Unlike traditional Advanced Persistent Threat (APT) groups that often prioritize deep persistence on specific endpoints, TeamPCP utilizes high-level automation to scale … Read more

Read the analysis

September 4, 2024 ·Emerging Threats · Featured

Behind the Wheel: Unveiling the Supercar Phishing Kit Targeting Microsoft 365

UPDATES: 27.11.2024: As mentioned by TrustWave, “Supercar Phishing Kit” has an high level of overlapping with the most recent update of “Rockstar 2FA Phishing-as-a-Service” 26.09.2024: As mentioned by Any.Run, “Supercar Nebula” has an high level of overlapping with “Storm-1575“ In August 2024, Fortgale identified and analyzed an extensive phishing campaign employing a previously publicy undocumented … Read more

Read the analysis

September 20, 2023 ·Emerging Threats

Cyber Attack Risk: Follina

Risks and Solutions How to protect and how to react The identification of this type of compromise can occur on different levels: Fortgale recommends performing proactive threat hunting activities to identify this type of compromise potentially undetected by the systems mentioned above. Choose the solution that best fit your company

Read the analysis

September 20, 2023 ·Emerging Threats

New Malspam campaign to deploy FickerStealer Malware

Over the last week (26th of July 2021), CERT-AGID observed a malspam campaign whose intent was to spread the FickerStealer malware via the Hancitor loader to steal the credentials present on the victim’s machine. The emails, themed “Pagamenti“, contained an attached Word or Excel document, within which macros were recorded for downloading and executing the … Read more

Read the analysis

September 20, 2023 ·Emerging Threats

CloudMensis: Spyware hitting MacOS

A new backdoor for MacOS systems has been discovered in recent days by ESET researchers. The goal of the malware is to exfiltrate information from the victim system by exploiting cloud storage services.The Backdoor, named by CloudMensis researchers, recovers information such as documents, email messages and attachments, files on removable devices, screenshots and the sequence … Read more

Read the analysis

April 15, 2022 ·Emerging Threats

Microsoft RCE — April 2022 patches

Come ogni secondo Martedì del mese, Microsoft ha rilasciato una serie di aggiornamenti (patch) di sicurezza per i propri sistemi operativi.

In questo mese sono state rilasciate 117 patch per altrettante vulnerabilità, di queste:

Read the analysis

March 14, 2022 ·Emerging Threats

Malware Qakbot — March 2022 Compromises

In recent weeks, consistent with previously documented activity (background), we have observed a general increase in compromise activity across monitored environments. Criminal groups deploy malware for multiple objectives: Ransomware execution, sensitive data exfiltration, and credential harvesting. Qakbot — documented in detail under MITRE ATT&CK S0650 — is consistently used for all three. Unlike previous campaigns, … Read more

Read the analysis

February 25, 2022 ·Emerging Threats

Russia | Ukraine: Cyber Attacks

Resoconto riguardante le operazioni offensive informatiche condotte dalla Russia nei confronti di infrastrutture ucraine durante l’avvio del conflitto.

Read the analysis

February 15, 2022 ·Emerging Threats

SIM-Swapping Attacks to Access Bank Accounts

In a press release, Spanish authorities announced the arrest of a criminal group of 8 individuals who carried out SIM-Swapping attacks to access the bank accounts of unsuspecting victims. SIM-Swapping is an attack technique that enables criminals to seize control of a victim’s phone number. The captured number is then used to intercept SMS-based 2FA … Read more

Read the analysis

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie & Privacy