SentinelLABS has analyzed a data leak from TopSec (北京天融), a Chinese cybersecurity firm that offers services such as Endpoint Detection and response (EDR) and vulnerability scanning. The firm also provides boutique solutions that align with government initiatives and intelligence requirements. The data leak includes a document with 7,000+ work logs and code to orchestrate infrastructure for the firm’s DevOps practices and downstream customers. The leak also contains scripts that connect to severa
All Articles (2633)
Sort by
Surprisingly, the British and US governments refused to sign the international agreement on Artificial Intelligence (AI) at the global summit in Paris on the 10th and 11th of February 2025. The statement, which has been signed by dozens of countries, including France, China, and India, pledges an "open," "inclusive," and "ethical" approach to the technology's development.
In a brief statement, the British government said it had been unable to add its name to it because of concerns about national
Sewing machines are not needed in Thailand’s sweatshops. Up to 100,000 victims of human trafficking could be held in compounds in Myanmar, Thai police are warning, forced to operate round-the-clock cybercrime campaigns via workstations and call centers set up there.
Thai Police General Thatchai Pitaneelaboot, director of the Anti-Human Trafficking Center, reported that tens of thousands of kidnapped people are being held in captivity and forced to work the scams, which are run by 30 to 40 Chine
On 21 February 2025, hackers stole around $1.4 billion in Ethereum cryptocurrency from crypto exchange Bybit, in what is the largest crypto heist of all time. After the hack, several blockchain monitoring firms, as well as the well-known crypto investigator ZachXBT, have all pointed to the North Korean government hacking group known as Lazarus Group as the culprit.
ZachXBT was the first to point the finger of blame, just a few hours after he himself noticed the first signs of the hack. The res
Security researchers have reported on one of the fastest-growing and most formidable Ransomware-as-a-Service (RaaS) groups of 2025. Named “BlackLock” (aka El Dorado or Eldorado), the RaaS outfit has existed since March 2024, according to ReliaQuest, and has increased its number of data leak posts by an impressive 1425% quarter-on-quarter in Q4 of last quarter.
The threat intelligence vendor claimed that BlackLock could become the most active RaaS group in 2025. Although, like many other variants
A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a phishing link, leading them to provide sensitive information," Netskope Threat Labs researcher Jan Michael Alcantara said. The activity, which has bee
The threat actors behind the Darcula Phishing-as-a-Service (PhaaS) platform appear to be preparing a new version that allows prospective customers and cyber actors to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale. The latest iteration of the phishing suite "represents a significant shift in criminal capabilities, reducing the barrier to entry for bad actors to target any brand with
A global law enforcement effort has led to the arrest of two suspected leaders of an extremist online group accused of grooming and coercing minors into acts of violence and sexual exploitation. Authorities in the US arrested the individuals on 30 January 2025 as part of a broader Europol-coordinated crackdown on “The Com” organization, an international online network of child abusers and violent extremists.
According to investigators, the two arrested individuals, aged 23 and 41, were members o
On 20 February 2025, the US Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center published a joint Cybersecurity Advisory #StopRansomware: Ghost (Cring) Ransomware[1]. This advisory provides known Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs) associated with Ghost ransomware actors identified through FBI investigations.
Ghost actors conduct these widespread attack
Russian state-backed actors are increasingly targeting secure messaging applications like Signal to intercept sensitive communications, reveals a recent report by Google’s Threat Intelligence Group. These groups, often aligned with Russian intelligence services, are focusing on compromising accounts used by individuals of interest, including military personnel, politicians, journalists, and activists. While the initial focus appears to be related to the conflict in Ukraine, researchers believe
The first sample of the Lynx ransomware was made available on a publicly available file-scanning site in early July 2024, which coincides with other reports of its first availability.
Fortinet researchers found that the Lynx and INC ransomware, which first appeared in July 2023, look very similar.
However, INC offers fewer options at the execution phase. Researchers believe that INC ransomware is a predecessor to the Lynx ransomware. While INC ransomware is available for the Windows and ESXi pl
When Italian anti-mafia police surprised the Sicilian mob on 11 February 2025 their main aim was to stop them regrouping and creating a new governing body or cupola. But what has emerged from their wide-ranging investigation is an organized crime group having to adapt to modern realities and displaying a nostalgia for the loftier ambitions of the past. They don't produce mobsters like they used to, Giancarlo Romano told an associate in a wiretapped conversation before he was shot dead a year ago
A large-scale brute-force password attack involving nearly 2.8 million IP addresses daily attempts to compromise millions of VPN devices from various companies including Palo Alto Networks, Ivanti, and SonicWall. Brute force attacks involve threat actors attempting to guess username and password combinations until they find the correct one. The campaign is highly automated, suggesting the potential involvement of malware or botnets.
Ongoing password attack campaign targets VPN devices - The Sh
A roster of officials from government, academia and industry gathered in Munich Germany at a Security and Cyber Security Conference to discuss how future workforces must marry the power of artificial intelligence with expertise only a human can provide. “Looking at the next generation of national security professionals, I want policy people who can code and coders who can do policy,” said the former head of the National Security Agency (NSA) General Paul Nakasone at the Munich Cyber Security Co
Broadcom researchers recently reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups. “Tools that are usually associated with China-based espionage actors were recently deployed in an attack involving the RA World ransomware against an Asian software and services company,” reads the report published by Broadcom.
During the late 2024 attack, the attacker d
There have been many movie or TV shows that depict US Presidents. A new Netflix series is soon to be released dealing with cyber-security. Netflix has recently released the trailer for its new limited series “Zero Day,” which features an ensemble cast of Robert De Niro, Jesse Plemons, Lizzy Caplan, Connie Britton, Joan Allen, Matthew Modine and Angela Bassett. The six-episode technical thriller hits the streamer on 20 February 2025.[1]
According to an official logline, “Zero Day” follows “Ro
Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain, and the US Targets included the US Army, UN, NATO, and other agencies. Some of the breached organizations were the US Army, the United Nations, the International Civil Aviation Organization, the North Atlantic Treaty Organization, and multiple Spanish government agencies. “The suspect, who claimed responsibility for the intrusions into dark web forums, managed to access the comput
Cybercriminals are abusing a weakness in ASP.NET websites to remotely execute malicious code, according to Microsoft’s Threat Intelligence team, which has published an in-depth analysis of the new method. In the article, Microsoft explained threat actors were injecting malicious code through a method called ViewState code injection attacks.
ViewState is a feature in ASP.NET websites that helps remember user input and page settings when the page is refreshed. It stores this information in a hidd
Old media newspaper companies have long been feeling the negative effects of the new cyber age. Currently, a cyberattack is impacting on the availability of newspapers belonging to Lee Enterprises, one of the largest owners of local papers in the US. The company told Recorded Future News it is “working through technology issues that caused some disruption” to the company’s day-to-day work. “Our technology response team has been working with third-party specialists to fully restore our systems
Two weeks ago, Apple pushed a signature update to its on-device malware tool XProtect to block several variants of what it called the macOS Ferret family: FROSTYFERRET_UI, FRIENDLYFERRET_SECD, and MULTI_FROSTYFERRET_CMDCODES. This DPRK-attributed malware family was first described by researchers in December and further in early January and identified as part of the North Korean Contagious Interview campaign, in which threat actors lure targets to install malware through the job interview process
