Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

APT Lazarus Targets Engineers with macOS Malware

The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.

Black Hat and DEF CON Roundup

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

Messaging Apps Tapped as Platform for Cybercriminal Activity

Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.

Emerging H0lyGh0st Ransomware Tied to North Korea

Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530.

Journalists Emerge as Favored Attack Target for APTs

Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them.

U.S. Healthcare Orgs Targeted with Maui Ransomware

State-sponsored actors are deploying the unique malware--which targets specific files and leaves no ransomware note--in ongoing attacks.

Latest Cyberattack Against Iran Part of Ongoing Campaign

Iran's steel manufacturing industry is victim to ongoing cyberattacks that previously impacted the country's rail system.

‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade

Cyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad.

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

Elusive ToddyCat APT Targets Microsoft Exchange Servers

The threat actor targets institutions and companies in Europe and Asia.

China-linked APT Flew Under Radar for Decade

Evidence suggests that a just-discovered APT has been active since 2013.

State-Sponsored Phishing Attack Targeted Israeli Military Officials

Analysts have uncovered an Iran-linked APT sending malicious emails to top Israeli government officials.

DragonForce Gang Unleash Hacks Against Govt. of India

In response to a comment about the Prophet Mohammed, a hacktivist group in Malaysia has unleashed a wave of cyber attacks in India.

U.S. Water Utilities Prime Cyberattack Target, Experts

Environmentalists and policymakers warn water treatment plants are ripe for attack.

Feds Forced Travel Firms to Share Surveillance Data on Hacker

Sabre and Travelport had to report the weekly activities of former “Cardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.

Follina Exploited by State-Sponsored Hackers

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

Fronton IOT Botnet Packs Disinformation Punch

Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.

DOJ Says Doctor is Malware Mastermind

The U.S. Department of Justice indicts middle-aged doctor, accusing him of being a malware mastermind.

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.

Conti Ransomware Attack Spurs State of Emergency in Costa Rica

The threat group has leaked data that it claims was stolen in the breach and is promising more government-targeted attacks.

VHD Ransomware Linked to North Korea’s Lazarus Group

Source code and Bitcoin transactions point to the malware, which emerged in March 2020, being the work of APT38, researchers at Trellix said.

China-linked APT Caught Pilfering Treasure Trove of IP

A state-sponsored threat actor designed a house-of-cards style infection chain to exfiltrate massive troves of highly sensitive data.