All Articles (2640)

Sort by

13477518696?profile=RESIZE_400x"There it goes," says Aditya K Sood as the remote dashboard for a solar power plant in India appears on his screen.  The US-based hacker is on a mission to educate on cybersecurity.  Speaking on a video call with media, he shows how easy it has been for him to log into a plant in southern India's Tamil Nadu region.  "You know, people deploy their devices and forget to actually change [default] passwords.  Or they have configured very weak passwords," Sood says as he's pointing to the system open

13469185070?profile=RESIZE_400xEven industry leaders can be the target of cyber-attacks. New York-based venture capital firm Insight Partners has confirmed a cyber-attack hit it in January 2025. In a public statement published on 18 February, the investment company said an unauthorized third party accessed some parts of its information systems through a “sophisticated social engineering attack.” The intrusion was detected on 16 January 2025. “As soon as this incident was detected, we moved quickly to contain, remediate, and s

13469181294?profile=RESIZE_400xCyber security risks, including ransomware, data breaches, and IT disruptions, remained the top business concern worldwide over the past year. A recent Report published by the International Underwriting Association (IUA) underscores the need for cyber business interruption (BI) risks to receive the same attention as information technology security controls and ransomware threats.

The new IUA guide also aims to help insurers navigate money-handling requirements in the European Union. Across the c

13466189058?profile=RESIZE_400xPorts Australia has called for action to further bulletproof Australia’s supply chain against cyber threats, including the establishment of a consultative forum.  Ports Australia CEO Mike Gallacher said that addressing cyber threats and improving response efficiency are crucial for Australia's economic stability and security.  "Cyber security at our ports remains a critical issue for Australian trade, and we need a collaborative approach to address growing threats," said Gallacher.  “Historicall

13472845675?profile=RESIZE_400xAn Android malware app called SpyLend has been downloaded over 100,000 times from Google Play, where it masqueraded as a financial tool but became a predatory loan app for those in India.  The app falls under a group of malicious Android applications called "SpyLoan," which pretend to be legitimate financial tools or loan services but instead steal data from devices for use in predatory lending.  These apps lure users with promises of quick and easy loans, often requiring little documentation an

Views: 28
Comments: 0

13472843492?profile=RESIZE_400xMicrosoft Threat Intelligence researchers identified North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new tactic. They are tricking targets into running PowerShell as an administrator and executing code provided by the attacker.  The Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, APT43) was first spotted by Kaspersky researchers in 2013. The group works under the control of the Reconnaissance General Burea

Views: 38
Comments: 0

13466171087?profile=RESIZE_400xAn ongoing PayPal email scam exploits the platform's address settings to send fake purchase notifications, tricking users into granting remote access to scammers.  For the past month, BleepingComputer and others have received emails from PayPal stating, "You added a new address.  This is just a quick confirmation that you added an address in your PayPal account."  The email includes the new address that was allegedly added to your PayPal account, including a message claiming to be a purchase con

13470505481?profile=RESIZE_400xSentinelLABS has analyzed a data leak from TopSec (北京天融), a Chinese cybersecurity firm that offers services such as Endpoint Detection and response (EDR) and vulnerability scanning. The firm also provides boutique solutions that align with government initiatives and intelligence requirements. The data leak includes a document with 7,000+ work logs and code to orchestrate infrastructure for the firm’s DevOps practices and downstream customers. The leak also contains scripts that connect to severa

13469179293?profile=RESIZE_400xSurprisingly, the British and US governments refused to sign the international agreement on Artificial Intelligence (AI) at the global summit in Paris on the 10th and 11th of February 2025. The statement, which has been signed by dozens of countries, including France, China, and India, pledges an "open," "inclusive," and "ethical" approach to the technology's development.

In a brief statement, the British government said it had been unable to add its name to it because of concerns about national

13466040490?profile=RESIZE_400xSewing machines are not needed in Thailand’s sweatshops.  Up to 100,000 victims of human trafficking could be held in compounds in Myanmar, Thai police are warning, forced to operate round-the-clock cybercrime campaigns via workstations and call centers set up there.

Thai Police General Thatchai Pitaneelaboot, director of the Anti-Human Trafficking Center, reported that tens of thousands of kidnapped people are being held in captivity and forced to work the scams, which are run by 30 to 40 Chine

13465999657?profile=RESIZE_400xOn 21 February 2025, hackers stole around $1.4 billion in Ethereum cryptocurrency from crypto exchange Bybit, in what is the largest crypto heist of all time.  After the hack, several blockchain monitoring firms, as well as the well-known crypto investigator ZachXBT, have all pointed to the North Korean government hacking group known as Lazarus Group as the culprit.

ZachXBT was the first to point the finger of blame, just a few hours after he himself noticed the first signs of the hack.  The res

13469176281?profile=RESIZE_400xSecurity researchers have reported on one of the fastest-growing and most formidable Ransomware-as-a-Service (RaaS) groups of 2025. Named “BlackLock” (aka El Dorado or Eldorado), the RaaS outfit has existed since March 2024, according to ReliaQuest, and has increased its number of data leak posts by an impressive 1425% quarter-on-quarter in Q4 of last quarter.

The threat intelligence vendor claimed that BlackLock could become the most active RaaS group in 2025. Although, like many other variants

13466023100?profile=RESIZE_400xA widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a phishing link, leading them to provide sensitive information," Netskope Threat Labs researcher Jan Michael Alcantara said. The activity, which has bee

13465755659?profile=RESIZE_400xThe threat actors behind the Darcula Phishing-as-a-Service (PhaaS) platform appear to be preparing a new version that allows prospective customers and cyber actors to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale.  The latest iteration of the phishing suite "represents a significant shift in criminal capabilities, reducing the barrier to entry for bad actors to target any brand with

13462392084?profile=RESIZE_400xA global law enforcement effort has led to the arrest of two suspected leaders of an extremist online group accused of grooming and coercing minors into acts of violence and sexual exploitation. Authorities in the US arrested the individuals on 30 January 2025 as part of a broader Europol-coordinated crackdown on “The Com” organization, an international online network of child abusers and violent extremists.

According to investigators, the two arrested individuals, aged 23 and 41, were members o

13463696299?profile=RESIZE_400xOn 20 February 2025, the US Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center published a joint Cybersecurity Advisory #StopRansomware: Ghost (Cring) Ransomware[1].  This advisory provides known Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs) associated with Ghost ransomware actors identified through FBI investigations. 

Ghost actors conduct these widespread attack

13462486067?profile=RESIZE_400xRussian state-backed actors are increasingly targeting secure messaging applications like Signal to intercept sensitive communications, reveals a recent report by Google’s Threat Intelligence Group.  These groups, often aligned with Russian intelligence services, are focusing on compromising accounts used by individuals of interest, including military personnel, politicians, journalists, and activists. While the initial focus appears to be related to the conflict in Ukraine, researchers believe

13463713261?profile=RESIZE_400xThe first sample of the Lynx ransomware was made available on a publicly available file-scanning site in early July 2024, which coincides with other reports of its first availability.

Fortinet researchers found that the Lynx and INC ransomware, which first appeared in July 2023, look very similar.

However, INC offers fewer options at the execution phase. Researchers believe that INC ransomware is a predecessor to the Lynx ransomware. While INC ransomware is available for the Windows and ESXi pl

13462389879?profile=RESIZE_400xWhen Italian anti-mafia police surprised the Sicilian mob on 11 February 2025 their main aim was to stop them regrouping and creating a new governing body or cupola. But what has emerged from their wide-ranging investigation is an organized crime group having to adapt to modern realities and displaying a nostalgia for the loftier ambitions of the past. They don't produce mobsters like they used to, Giancarlo Romano told an associate in a wiretapped conversation before he was shot dead a year ago

13459032282?profile=RESIZE_400xA large-scale brute-force password attack involving nearly 2.8 million IP addresses daily attempts to compromise millions of VPN devices from various companies including Palo Alto Networks, Ivanti, and SonicWall.  Brute force attacks involve threat actors attempting to guess username and password combinations until they find the correct one.  The campaign is highly automated, suggesting the potential involvement of malware or botnets.

Ongoing password attack campaign targets VPN devices - The Sh