X-Industry

FortiGuard Labs recently identified a phishing campaign leveraging carefully crafted emails to deliver malicious URLs linked to convincing phishing pages.  These pages are designed to entice recipients into downloading JavaScript files that act as droppers for UpCrypter Malware that ultimately deploys various remote access tools (RATs).

The attack chain begins with a small, obfuscated script that redirects victims to a spoofed site personalized with the target’s email domain, enhancing credibili

A threat actor has been observed “patching” a vulnerability post exploitation, likely in a bid to lock out other adversaries and secure exclusive access.  The novel tactic was detected by Red Canary researchers in a cluster of activity targeting a flaw in Apache ActiveMQ, an open-source message broker, to gain persistent access on cloud-based Linux systems.  The critical vulnerability, CVE-2023-46604, allows for remote code execution (RCE) in Linux systems due to inadequate validation of throwab

A ransomware attack has forced drug research firm Inotiv to shut down critical systems, resulting in operational disruptions.  Inotiv is an analytical drug discovery and development service that works with various pharmaceutical companies.  It employs over 2,000 research specialists and reports an annual revenue of over $500 million.  According to a regulatory filing with the US Securities and Exchange Commission (SEC), Inotiv discovered the cyber attack on 8 August.  “On August 8, 2025, Inotiv,

Canada's cyber security agency is investigating a significant data breach at the national parliament caused by an unknown threat actor targeting employee information.  The Canadian House of Commons has informed employees of an information breach and the Commons said that a malicious hacker was able to exploit a known Microsoft vulnerability to get access to a database that contains data used to manage computers and mobile devices.

The unknown attackers has used an exploit known as CVE-2025-53770

Cybersecurity researchers are warning of a "significant spike" in brute-force traffic aimed at Fortinet SSL VPN devices.  The coordinated activity, per threat intelligence firm GreyNoise, was observed on 03 August 2025, with over 780 unique IP addresses participating in the effort.  As many as 56 unique IP addresses have been detected over the past 24 hours.  All the IP addresses have been classified as malicious, with the IPs originating from the United States, Canada, Russia, and the Netherlan

Why hack when hackers are willing to sell guaranteed access to breached networks?  Increasingly, cybercrooks agree they would rather outsource than bother with the tedium of actual network penetration, leading to a flourishing initial access market.  Remote access to a victim's network now retails for an average price of $2,700, although about 40% of what's being sold goes for much less $500 to $1,000, noted in a report from cybersecurity firm Rapid7.   Research is based on listings posted over

Cybersecurity researcher Jeremiah Fowler identified two unprotected, misconfigured databases containing nearly one million records linked to Ohio Medical Alliance LLC, a company better known under its brand name Ohio Marijuana Card.  Fowler, who reported the exposure to Website Planet, found that the databases were left open without encryption or password protection, allowing anyone with an internet connection to access names, Social Security numbers (SSN), dates of birth, home addresses, and hi

The US Federal Bureau of Investigation (FBI) is currently warning of a three-phase fraud scheme that uses tech support, bank, and government impostors to target elderly victims.  A cybersecurity expert warns of a scam that has been used to drain entire life savings or retirement accounts has become "devastating" for seniors.

The FBI in Los Angeles on 15 July posted a reminder on X about the Phantom Hacker Scam, which has cost Americans over $1 billion since at least 2024, according to the agency

Homeland Security Investigations (HSI), in partnership with US and international law enforcement agencies, has dismantled the infrastructure behind BlackSuit ransomware, a major cybercriminal group and successor to Royal ransomware, in a coordinated global operation.  The action targeted the backbone of the group's operations, including servers, domains, and digital assets used to deploy ransomware, extort victims, and launder proceeds.  According to US Immigration and Customs Enforcement (ICE),

Cybersecurity researcher Jeremiah Fowler identified two unprotected, misconfigured databases containing nearly one million records linked to Ohio Medical Alliance LLC, a company better known under its brand name Ohio Marijuana Card.  Fowler, who reported the exposure to Website Planet, found that the databases were left open without encryption or password protection, allowing anyone with an internet connection to access names, Social Security numbers (SSN), dates of birth, home addresses, and hi

A 20-year-old Florida man is at the center of a prolific cybercrime group known as “Scattered Spider” and was sentenced to 10 years in federal prison and ordered to pay roughly $13 million in restitution to victims.

Noah Michael Urban of Palm Coast, FL pleaded guilty in April 2025 to charges of wire fraud and conspiracy. Florida prosecutors alleged Urban conspired with others to steal at least $800,000 from five victims via SIM-swapping attacks that diverted their mobile phone calls and text mes

SentinelLABS has identified widespread and ongoing cryptocurrency scams in which actors advertise a crypto trading bot that conceals a smart contract designed to steal the victim’s funds.  The scams are marketed through YouTube videos that explain the purported nature of the crypto trading bot and how to deploy a smart contract on the Remix Solidity Compiler platform, a web-based integrated development environment (IDE) for Web3 projects.  The video descriptions share a link to an external site

Google has announced a significant data breach that has hit its corporate Salesforce database, and Google sent email notifications to the affected users on 08 August 2025.  Earlier, Google had said that one of its corporate Salesforce instances was compromised in June 2025 by the notorious cybercriminal group known as ShinyHunters, officially tracked as UNC6040 by the Google Threat Intelligence Group.  “We believe threat actors using the 'ShinyHunters' brand may be preparing to escalate their ex

A panel discussion at DEF CON 33 recently, titled “Adversaries at war: Tactics, technologies, and lessons from modern battlefields”, offered several thought-provoking points, as well as a clear takeaway: while digital tactics such as misinformation and influence campaigns are useful in modern conflict, they are not going to win a war.  That is because when bombs start dropping and the physical elements of war are under way, the misinformation spreading through digital channels becomes less impor

Think your shiny new electric vehicle keeps your secrets safe?  Think again.  Researchers from Massachusetts Institute of Technology (MIT) recently proved that the innocent-looking battery gauge on your dashboard can betray your personal details to anyone tech-savvy enough to look.  Simply put, the way your EV uses power isn't just about range anxiety, it's broadcasting your location and driving habits in surprising detail. 

How Battery Power Patterns Betray Drivers - MIT researchers demonstrate

Remote Access Trojans, also known as RATs, have been around for years, although their prevalence in the market has surged recently.  RATs are digital skeleton keys, giving an attacker remote control over a system, often without the user ever knowing.  This kind of access often starts with someone clicking a malicious link or opening a rogue attachment in a phishing email or messaging app.  From there, the attacker can move laterally, steal data, monitor activity, or trigger ransomware.

RATs have

A recent surge in fraudulent “AI-powered” trading platforms has been observed exploiting deepfake technology and fabricated online content to deceive investors.  According to a new investigation by Group-IB, scammers are deploying convincing fake videos, phony reviews and targeted online ads to lure victims into fraudulent investment schemes.  At the heart of these campaigns are AI-generated deepfake videos featuring public figures, such as Dutch politician Geert Wilders, endorsing fictional tra

The legal market segment has been a prime target for cybercriminals due to the highly sensitive and confidential data it holds.  A recent report from the International Legal Technology Association (ILTA) and Fenix24, "Security at Issue: State of Cybersecurity in Law Firms," reveals a crucial shift in the threat landscape.  The report, based on a survey of 60 law firms, indicates that while awareness and investment are rising, fundamental vulnerabilities persist, and human-operated attacks are no

There’s at least one expert who believes that “the singularity,” the moment when artificial intelligence surpasses the control of humans; could be just a few years away.  That’s a lot shorter than current predictions regarding the timeline of AI dominance, especially considering that AI dominance is not exactly guaranteed in the first place.

Ben Goertzel, CEO of SingularityNET, who holds a Ph.D. from Temple University and has worked as a leader of Humanity+ and the Artificial General Intelligenc

The US Cybersecurity and Infrastructure Security Agency (CISA) on 13 August 2025 added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.  N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure their clients' Windows, Apple, and Linux endpoints from a single, unified platform.[1]

The vulnerabilit