Threat actors are abusing virtual private servers (VPS) to compromise Software-as-a-Service (SaaS) accounts, according to an investigation by Darktrace. The cybersecurity vendor identified coordinated SaaS account compromises across multiple customer environments, all of which involved logins from IP addresses linked to various VPS providers. The compromised accounts were used to conduct follow-on phishing attacks, with threat actors taking steps to avoid detection and enable persistent access
All Articles (2640)
Sort by
They say necessity is the mother of invention. As our reliance on digital infrastructure has grown, we have demanded more from our networks: seamless access, automated processes, uninterrupted user journeys, and effortless interoperability. Each improvement has pushed us further toward a hyper-connected, “smarter” enterprise, but at a cost that rarely registers on the risk scale. In the background, facilitating all of this is a new type of workforce, an army of AI bots and agents that keep t
A recent court decision by the United States Sixth Circuit has upheld the Federal Communications Commission's (FCC) rules on data breach reporting, marking a significant development for the cybersecurity landscape.
The ruling means that telecommunications carriers are now explicitly required to report breaches involving both Customer Proprietary Network Information (CPNI) and Personally Identifiable Information (PII). The decision stems from a legal challenge brought by several industry groups,
Everyone likes farmer, Right? Apparently, hackers have decided to attack their insurance provider. Their job is tough enough, let alone worrying about the loss of their information. It is being reported that more than one million customers of Farmers Insurance and its subsidiaries were impacted by a cyberattack on a third-party vendor. Farmers Insurance, Farmers Insurance Exchange and several other affiliated companies filed breach notification documents in Maine, California and Massachusett
Over the past year, FortiGuard Labs has been tracking a stealthy malware strain exploiting a range of vulnerabilities to infiltrate systems. Initially disclosed by a Chinese cybersecurity firm under the name “Gayfemboy,” the malware resurfaced in July with new activity, targeting vulnerabilities in products from vendors such as DrayTek, TP-Link, Raisecom, and Cisco, and exhibiting signs of evolution in both form and behavior. This Fortinet research presents an in-depth analysis of Gayfemboy, r
Pharmaceutical company Inotiv has notified the US Securities and Exchange Commission (SEC) that its business operations took a hit after hackers compromised and encrypted its internal systems. The incident, the organization said in a Form 8-K filing, occurred on 08 August 2025, and prompted Inotiv to initiate containment and remediation processes. “The company’s preliminary investigation determined that a threat actor gained unauthorized access to, and encrypted certain of, the company’s system
A recent report by Salt Security highlights a critical warning: without proper Application Programming Interface (API) discovery, governance, and security, the very technology meant to drive smarter customer engagement could open the door to cyber-attacks or data leakage. The research also reveals an increasing trust gap between businesses that deploy agentic AI for external communications and consumers who are wary of sharing personal information due to security concerns.
Because APIs power AI
FortiGuard Labs recently identified a phishing campaign leveraging carefully crafted emails to deliver malicious URLs linked to convincing phishing pages. These pages are designed to entice recipients into downloading JavaScript files that act as droppers for UpCrypter Malware that ultimately deploys various remote access tools (RATs).
The attack chain begins with a small, obfuscated script that redirects victims to a spoofed site personalized with the target’s email domain, enhancing credibili
A threat actor has been observed “patching” a vulnerability post exploitation, likely in a bid to lock out other adversaries and secure exclusive access. The novel tactic was detected by Red Canary researchers in a cluster of activity targeting a flaw in Apache ActiveMQ, an open-source message broker, to gain persistent access on cloud-based Linux systems. The critical vulnerability, CVE-2023-46604, allows for remote code execution (RCE) in Linux systems due to inadequate validation of throwab
A ransomware attack has forced drug research firm Inotiv to shut down critical systems, resulting in operational disruptions. Inotiv is an analytical drug discovery and development service that works with various pharmaceutical companies. It employs over 2,000 research specialists and reports an annual revenue of over $500 million. According to a regulatory filing with the US Securities and Exchange Commission (SEC), Inotiv discovered the cyber attack on 8 August. “On August 8, 2025, Inotiv,
Canada's cyber security agency is investigating a significant data breach at the national parliament caused by an unknown threat actor targeting employee information. The Canadian House of Commons has informed employees of an information breach and the Commons said that a malicious hacker was able to exploit a known Microsoft vulnerability to get access to a database that contains data used to manage computers and mobile devices.
The unknown attackers has used an exploit known as CVE-2025-53770
Cybersecurity researchers are warning of a "significant spike" in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence firm GreyNoise, was observed on 03 August 2025, with over 780 unique IP addresses participating in the effort. As many as 56 unique IP addresses have been detected over the past 24 hours. All the IP addresses have been classified as malicious, with the IPs originating from the United States, Canada, Russia, and the Netherlan
Why hack when hackers are willing to sell guaranteed access to breached networks? Increasingly, cybercrooks agree they would rather outsource than bother with the tedium of actual network penetration, leading to a flourishing initial access market. Remote access to a victim's network now retails for an average price of $2,700, although about 40% of what's being sold goes for much less $500 to $1,000, noted in a report from cybersecurity firm Rapid7. Research is based on listings posted over
Cybersecurity researcher Jeremiah Fowler identified two unprotected, misconfigured databases containing nearly one million records linked to Ohio Medical Alliance LLC, a company better known under its brand name Ohio Marijuana Card. Fowler, who reported the exposure to Website Planet, found that the databases were left open without encryption or password protection, allowing anyone with an internet connection to access names, Social Security numbers (SSN), dates of birth, home addresses, and hi
The US Federal Bureau of Investigation (FBI) is currently warning of a three-phase fraud scheme that uses tech support, bank, and government impostors to target elderly victims. A cybersecurity expert warns of a scam that has been used to drain entire life savings or retirement accounts has become "devastating" for seniors.
The FBI in Los Angeles on 15 July posted a reminder on X about the Phantom Hacker Scam, which has cost Americans over $1 billion since at least 2024, according to the agency
Homeland Security Investigations (HSI), in partnership with US and international law enforcement agencies, has dismantled the infrastructure behind BlackSuit ransomware, a major cybercriminal group and successor to Royal ransomware, in a coordinated global operation. The action targeted the backbone of the group's operations, including servers, domains, and digital assets used to deploy ransomware, extort victims, and launder proceeds. According to US Immigration and Customs Enforcement (ICE),
Cybersecurity researcher Jeremiah Fowler identified two unprotected, misconfigured databases containing nearly one million records linked to Ohio Medical Alliance LLC, a company better known under its brand name Ohio Marijuana Card. Fowler, who reported the exposure to Website Planet, found that the databases were left open without encryption or password protection, allowing anyone with an internet connection to access names, Social Security numbers (SSN), dates of birth, home addresses, and hi
A 20-year-old Florida man is at the center of a prolific cybercrime group known as “Scattered Spider” and was sentenced to 10 years in federal prison and ordered to pay roughly $13 million in restitution to victims.
Noah Michael Urban of Palm Coast, FL pleaded guilty in April 2025 to charges of wire fraud and conspiracy. Florida prosecutors alleged Urban conspired with others to steal at least $800,000 from five victims via SIM-swapping attacks that diverted their mobile phone calls and text mes
SentinelLABS has identified widespread and ongoing cryptocurrency scams in which actors advertise a crypto trading bot that conceals a smart contract designed to steal the victim’s funds. The scams are marketed through YouTube videos that explain the purported nature of the crypto trading bot and how to deploy a smart contract on the Remix Solidity Compiler platform, a web-based integrated development environment (IDE) for Web3 projects. The video descriptions share a link to an external site
Google has announced a significant data breach that has hit its corporate Salesforce database, and Google sent email notifications to the affected users on 08 August 2025. Earlier, Google had said that one of its corporate Salesforce instances was compromised in June 2025 by the notorious cybercriminal group known as ShinyHunters, officially tracked as UNC6040 by the Google Threat Intelligence Group. “We believe threat actors using the 'ShinyHunters' brand may be preparing to escalate their ex
