LockBit Leaks Expose Almost 200 Affiliates And Custom Malware

Cactus Ransomware Claims 1.5TB Of Schneider Electric Data

Code Injection Or Backdoor: A New Look At Ivanti's CVE-2021-44529

Websites Hacked Via Vuln In Bricks Builder WordPress Plugin

Law Enforcement Hacks LockBit Ransomware, Delivers Major Blow To Operation

FBI Most Wanted Cybergang Boss Pleads Guilty

Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns designed to steal intelligence, and information operations to turn public opinion against Israel. Iran

Feds Post $15 Million Bounty For Info On ALPHV/BlackCat Ransomware Crew

New Google Initiative To Foster AI In Cybersecurity

How To Weaponize LLMs To Auto-Hijack Websites

Mysterious MMS Fingerprint Hack Used By Spyware Firm NSO Group Revealed

Ex-Employee's Admin Credentials Used In US Gov Agency hack

Hackers Got Nearly 7 Million People's Data From 23andMe

Feds Want To Ban The World's Cutest Hacking Device. Experts Say It's A Scapegoat

Microsoft Confirms Windows Exploits Bypassing Security Features

Microsoft, OpenAI Reveal ChatGPT Use By State-Sponsored Hackers

Prudential Financial Discloses Data Breach

Ransomware Attack Hits Dozens Of Romanian Hospitals

Southern Water Cyberattack Expected To Hit Hundreds Of Thousands Of Customers

Azure Account Takeover Campaign Targets Senior Execs

JFK Airport Taxi Hackers Sentenced To Prison

Ivanti Discloses 5th Vulnerability, Doesn't Credit Researchers

Meet VexTrio, A Network Of 70K Hijacked Websites Crooks Use To Sling Malware, Fraud

Uncle Sam Sweetens The Pot With $15M Bounty On Hive Ransomware Gang Members

New macOS Backdoor Linked To Prominent Ransomware Groups

Should Tech Layoffs Worry Cybersecurity Pros?

Were 3 Million Toothbrushes Really Used For A DDoS Attack?

Iran-Backed Hackers Interrupt UAE TV With Deepfake News

Deepfake Face Swap Attacks On ID Verification Systems Up By 704% In 2023

Raspberry Pi Pico Cracks BitLocker In Under A Minute

US Says China's Volt Typhoon Hackers Pre-Positioning For Cyberattacks Against Critical Infrastructure

Crypto Ransom Attack Payments Hit Record $1 Billion In 2023

Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea

The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected systems, South Korean cybersecurity company S2W said in a new technical report. Troll

After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back

The threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity. KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the world, with one specific cluster acting as a covert data transfer system for other Chinese

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin

U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers

The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign. The existence of the botnet, dubbed KV-botnet, was first disclosed by the Black Lotus Labs team at

Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top Operatives

A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil said it served five temporary arrest warrants and 13 search and seizure warrants in the states of São Paulo, Santa Catarina, Pará, Goiás, and Mato Grosso. Slovak cybersecurity firm ESET, which provided additional

China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware

A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name Blackwood. It's said to be active since at least 2018. The NSPX30

North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor

Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example

Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware

The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google's Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection sequence. The lures are

Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts

High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. have been targeted by an Iranian cyber espionage group called Mint Sandstorm since November 2023. The threat actor "used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files," the

Crooks Pose As Researchers To Retarget Ransomware Victims

Babuk Tortilla Ransomware Decrypted After Hacker's Arrest

This AI Chatbot Is Trained To Jailbreak Other Chatbots

Bitcoin ETF Hopefuls Still Expect SEC Approval Despite Social Media Hack

Turkish Hackers Target Microsoft SQL Servers In Americas, Europe

LoanDepot Systems Offline Following Ransomware Attack

Hackers Can Infect Network-Connected Wrenches To Install Ransomware

Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe

Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. “The analyzed threat campaign appears to end in one of two ways, either the selling of ‘access’ to the compromised host, or the ultimate delivery of ransomware payloads,” Securonix researchers

British Library: Finances Remain Healthy As Ransomware Recovery Continues

After Injecting Cancer Hospital With Malware, Crims Threaten To Swat Patients

North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023

Threat actors affiliated with the Democratic People's Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023. The DPRK "was responsible for almost a third of all funds stolen in crypto attacks last year, despite a 30% reduction from the USD 850 million haul in 2022," blockchain analytics firm TRM Labs said last week. "Hacks

SpectralBlur: New macOS Backdoor Threat from North Korean Hackers

Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors. “SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the [

23andMe Told Victims Of Data Breach That Suing Is Futile, Letters Shows

Ukraine: Russia Hacked Webcams To Aid Missile, Drone Strikes On Kyiv

Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months

Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar's systems at least since May 2023. The development was first reported by Reuters. The incident, described as a "powerful hacker attack," first came to light last month, knocking out access to mobile and internet services

Estes Express Lines Says Personal Data Stolen In Ransomware Attack

Hacked Mandiant X Account Abused For Cryptocurrency Theft

SRLabs Develops Black Basta Ransomware Decryptor