X-Industry

Cybersecurity researchers have detailed the activities of an Initial Access Broker (IAB) named ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.

See:  https://redskyalliance.org/xindustry/cactus-ransomware-in-france

The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be used to create reverse shells an

Recent investigations by the Mexican military revealed that cybercriminals tied to the Cártel Jalisco Nueva Generación (CJNG) have attempted to infiltrate the networks of security agencies, including the Secretariat of Security and Citizen Protection, the National Intelligence Center, and state-run oil company Petróleos Mexicanos (Pemex).

Military sources familiar with the matter told local outlet Milenio that the Jalisco Cartel is recruiting young tech experts to breach the computer systems of

The practice of ransomware actors targeting healthcare organizations continues, as three big organizations in the sector suffered apparent or confirmed attacks.  DaVita, a dialysis firm that provides its services at approximately 3,000 outpatient centers worldwide, became aware of a ransomware incident on April 12 that affected and encrypted "certain on-premises systems," according to a dedicated incident response website.  The firm is currently responding to the incident and is relying on conti

France's foreign ministry explicitly accused Russia's GRU military intelligence agency on 29 April of mounting cyber-attacks on a dozen entities including ministries, defense firms and think tanks since 2021 to destabilize France.  The accusations, levelled at GRU unit APT28, which officials said was based in Rostov-on-Don in southern Russia, are not the first by a Western power, but it is the first time Paris has blamed the Russian state on the basis of its own intelligence.

The ministry said i

Defending against real-world threats is not just part of the job at Sentinel Labs; it is the reality of operating as a cybersecurity company in today’s landscape.  Real-world attacks against our environment serve as constant pressure tests, reinforcing what works, revealing what does not, and driving continuous improvement across our products and operations.  When you’re a high-value target like Sentinel, for some of the most capable and persistent adversaries out there, nothing less will do.

Di

Abilene, Texas, shut down systems after a cyberattack caused server issues. The incident occurred on April 18, 2025. Texas emergency services remained operational, and no financial irregularities were found. “On April 18, 2025, City officials received reports of unresponsive servers within our internal network and immediately began executing our incident response plan and disconnecting affected and critical assets to secure our systems,” reads the notice of security incident published by the co

Across every stage of the attack chain, automation is reshaping threat behavior.  In the reconnaissance phase, cybercriminals launched over 36,000 scans per second in 2024, a 16.7% global increase.  These scans are no longer just searching for exposed ports; they’re probing deep into operational technology (OT), cloud APIs, and identity layers. SIP-based VoIP systems, RDP servers, and industrial protocols like Modbus TCP are being mapped automatically and continuously.

Automation also extends to

Have you ever thought of becoming a cybercriminal?  There is no better time than now.  Cheap ransomware is being sold for one-time use on the Dark Web, allowing the most inexperienced amateur criminals to get involved with cyber-crime without any direct interaction with the makers.  Some of these kits that enable criminals with minimal tech skills to deploy malware to steal personal information, carry out identity theft and access bank accounts, are available for less than $25.

Such malware infe

A Chinese Advanced Persistent Threat (APT) Group has successfully exploited critical vulnerabilities in Ivanti Connect Secure VPN appliances to infiltrate organizations across 12 countries and 20 industries, according to the Taiwan cybersecurity firm TeamT5.  The campaign, active since late March 2025, exploits the stack-based buffer overflow flaws in CVE-2025-0282 and CVE-2025-22457, which have maximum CVSS (Common Vulnerability Scoring System) scores of 9.0, to deploy the SPAWNCHIMERA malware

A threat actor has advertised a zero-day exploit targeting FortiGate firewall products from Fortinet on a prominent Dark Web forum.  The exploit claims to enable unauthenticated remote code execution (RCE) and full configuration access to FortiOS, allowing attackers to seize control of vulnerable devices without needing credentials.

This alarming development has raised concerns among some users about the security of Fortinet firewalls, which are widely used in enterprises and government agencies

Politically motivated pro-Russian hackers Noname057(16) are ramping up distributed denial of service (DDoS) attacks against German organizations, disrupting the websites of banks, manufacturers, and other companies.   The Russia-aligned hacking group claims to have attacked Bayerische Landesbank, a major state-owned German bank; BayWa AG, a global agriculture, energy, and building materials company; COBUS Industries, a manufacturer of airport shuttle buses; and Aluminium Rheinfelden Alloys, a pr

Ransomware, as the name suggests, is malicious software designed to block access to a computer system or encrypt its data until a sum of money (a ransom) is paid.  These attacks have been carried out on both individuals and corporations.  “With ransomware groups leveraging increasingly sophisticated methods, companies in the region are all feeling the pressure as attackers exploit vulnerabilities in the increasingly complex corporate IT and network infrastructure,” said Adrian Hia, managing dire

According to Dutch military intelligence, Russia is increasing its hybrid attacks aimed at undermining society in the Netherlands and its European allies, and Russian hackers have already targeted the Dutch public service.  "We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine," MIVD director Peter Reesink said in the agency's annual report.  In the Netherlands, we saw the first (Russian) cyber sabotage act against a public service, wi

Whenever a new form of digital communication becomes prevalent, actors inevitably adopt it to send spam and try to profit from unsuspecting users. Email has been the perennial choice for spam delivery, but the prevalence of new communications platforms has expanded the spam attack surface considerably.

This report explores AkiraBot, a Python framework that targets contact forms and chat widgets on small to medium-sized business websites. AkiraBot is designed to post AI-generated spam messages ta

One of the new challenges in cybersecurity is the rise of AI-driven phishing campaigns. Recent findings from Hoxhunt https://noxhunt.com show that artificial intelligence is now outpacing human red teams in developing more sophisticated phishing attacks. As these attacks become more personalized and effective, it is crucial for organizations worldwide to understand the profound impact of AI on cyber threats. This understanding is vital for developing strategies to counteract these advanced threa

FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices.  Unlike previous malware targeting these devices, this variant is written in Rust, a programming language introduced by Mozilla in 2010.  Due to its Rust-based implementation, analysts have named the malware “RustoBot.”

Incidents - In January and February of 2025, FortiGuard Labs observed a significant increase in alerts related to attacking via TOTOLINK vulnerabilities.

TOTOLINK vulnerabilities often stem fro

Cybercriminals are constantly finding new ways to trick people, and one of the latest scams on the rise is called vishing, short for voice phishing. Unlike email scams (also known as phishing), vishing occurs over the phone. Recent studies have highlighted a dramatic escalation in vishing attacks.

See: https://redskyalliance.org/xindustry/let-s-talk-about-vishing

The 2025 CrowdStrike Global Threat Report documented a 442% surge in vishing incidents from the first to the second half of 2024. Addi

The Maritime Union of Australia (MUA) has claimed that DP World’s port automation plan at Melbourne, Sydney and Brisbane will make Australian container terminals become less productive, more costly and less safe.  In correspondence to the MUA, DP World has indicated plans to spend more than AU$600m (US$383m) on automated equipment within the Australian container terminal network.

The announcement has been made without fulfilling consultation requirements set out in the Enterprise Agreement signe

A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) was actively exploited within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites.

"The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to

On 16 April, US DHS CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability.

Found in CVE-2021-20035, this security flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices.  Successful exploitation can allow remote threat actors with low privileges to execute arbitrary code in low-complexity attacks.  "Improper neutralization of speci