Scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service. Guidepoint Security first reported the phony ransom notes today, and BleepingComputer later received a scan of the note from a CEO who received the same letter. The envelopes for these ransom notes claim to be from the "BIANLIAN Group" and have a return address in an office building in Boston, Massachusetts.
The letter shared with BleepingCompu
All Articles (2423)
Sort by
Cybersecurity is on the brink of major shifts. As new technologies emerge and threats evolve, staying sharp and adaptable is non-negotiable, especially when it comes to preparing your people for what’s next. This year, cyber resilience will take center stage, with the human element playing a defining role in the fight against cyber threats.
With human error contributing to the majority of incidents and the global average cost of cyberattacks reaching a record-high $4.88 million in 2024, the hi
Upstream Security’s 2025 Automotive & Smart Mobility Cybersecurity Report revealed a sharp increase in cyber threats within the automotive industry in 2024. Despite regulatory scrutiny, cybercriminals are evolving faster than the industry can respond, increasing the gap between regulatory measures and the skills of hackers.
In 2024, cybersecurity incidents surged to 409, which is up from 295 in 2023. The report highlighted that the rising number of ransomware cyberattacks is one of the most si
"There it goes," says Aditya K Sood as the remote dashboard for a solar power plant in India appears on his screen. The US-based hacker is on a mission to educate on cybersecurity. Speaking on a video call with media, he shows how easy it has been for him to log into a plant in southern India's Tamil Nadu region. "You know, people deploy their devices and forget to actually change [default] passwords. Or they have configured very weak passwords," Sood says as he's pointing to the system open
Even industry leaders can be the target of cyber-attacks. New York-based venture capital firm Insight Partners has confirmed a cyber-attack hit it in January 2025. In a public statement published on 18 February, the investment company said an unauthorized third party accessed some parts of its information systems through a “sophisticated social engineering attack.” The intrusion was detected on 16 January 2025. “As soon as this incident was detected, we moved quickly to contain, remediate, and s
Cyber security risks, including ransomware, data breaches, and IT disruptions, remained the top business concern worldwide over the past year. A recent Report published by the International Underwriting Association (IUA) underscores the need for cyber business interruption (BI) risks to receive the same attention as information technology security controls and ransomware threats.
The new IUA guide also aims to help insurers navigate money-handling requirements in the European Union. Across the c
Ports Australia has called for action to further bulletproof Australia’s supply chain against cyber threats, including the establishment of a consultative forum. Ports Australia CEO Mike Gallacher said that addressing cyber threats and improving response efficiency are crucial for Australia's economic stability and security. "Cyber security at our ports remains a critical issue for Australian trade, and we need a collaborative approach to address growing threats," said Gallacher. “Historicall
An Android malware app called SpyLend has been downloaded over 100,000 times from Google Play, where it masqueraded as a financial tool but became a predatory loan app for those in India. The app falls under a group of malicious Android applications called "SpyLoan," which pretend to be legitimate financial tools or loan services but instead steal data from devices for use in predatory lending. These apps lure users with promises of quick and easy loans, often requiring little documentation an
Microsoft Threat Intelligence researchers identified North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new tactic. They are tricking targets into running PowerShell as an administrator and executing code provided by the attacker. The Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, APT43) was first spotted by Kaspersky researchers in 2013. The group works under the control of the Reconnaissance General Burea
An ongoing PayPal email scam exploits the platform's address settings to send fake purchase notifications, tricking users into granting remote access to scammers. For the past month, BleepingComputer and others have received emails from PayPal stating, "You added a new address. This is just a quick confirmation that you added an address in your PayPal account." The email includes the new address that was allegedly added to your PayPal account, including a message claiming to be a purchase con
SentinelLABS has analyzed a data leak from TopSec (北京天融), a Chinese cybersecurity firm that offers services such as Endpoint Detection and response (EDR) and vulnerability scanning. The firm also provides boutique solutions that align with government initiatives and intelligence requirements. The data leak includes a document with 7,000+ work logs and code to orchestrate infrastructure for the firm’s DevOps practices and downstream customers. The leak also contains scripts that connect to severa
Surprisingly, the British and US governments refused to sign the international agreement on Artificial Intelligence (AI) at the global summit in Paris on the 10th and 11th of February 2025. The statement, which has been signed by dozens of countries, including France, China, and India, pledges an "open," "inclusive," and "ethical" approach to the technology's development.
In a brief statement, the British government said it had been unable to add its name to it because of concerns about national
Sewing machines are not needed in Thailand’s sweatshops. Up to 100,000 victims of human trafficking could be held in compounds in Myanmar, Thai police are warning, forced to operate round-the-clock cybercrime campaigns via workstations and call centers set up there.
Thai Police General Thatchai Pitaneelaboot, director of the Anti-Human Trafficking Center, reported that tens of thousands of kidnapped people are being held in captivity and forced to work the scams, which are run by 30 to 40 Chine
On 21 February 2025, hackers stole around $1.4 billion in Ethereum cryptocurrency from crypto exchange Bybit, in what is the largest crypto heist of all time. After the hack, several blockchain monitoring firms, as well as the well-known crypto investigator ZachXBT, have all pointed to the North Korean government hacking group known as Lazarus Group as the culprit.
ZachXBT was the first to point the finger of blame, just a few hours after he himself noticed the first signs of the hack. The res
Security researchers have reported on one of the fastest-growing and most formidable Ransomware-as-a-Service (RaaS) groups of 2025. Named “BlackLock” (aka El Dorado or Eldorado), the RaaS outfit has existed since March 2024, according to ReliaQuest, and has increased its number of data leak posts by an impressive 1425% quarter-on-quarter in Q4 of last quarter.
The threat intelligence vendor claimed that BlackLock could become the most active RaaS group in 2025. Although, like many other variants
A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a phishing link, leading them to provide sensitive information," Netskope Threat Labs researcher Jan Michael Alcantara said. The activity, which has bee
The threat actors behind the Darcula Phishing-as-a-Service (PhaaS) platform appear to be preparing a new version that allows prospective customers and cyber actors to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale. The latest iteration of the phishing suite "represents a significant shift in criminal capabilities, reducing the barrier to entry for bad actors to target any brand with
A global law enforcement effort has led to the arrest of two suspected leaders of an extremist online group accused of grooming and coercing minors into acts of violence and sexual exploitation. Authorities in the US arrested the individuals on 30 January 2025 as part of a broader Europol-coordinated crackdown on “The Com” organization, an international online network of child abusers and violent extremists.
According to investigators, the two arrested individuals, aged 23 and 41, were members o
On 20 February 2025, the US Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center published a joint Cybersecurity Advisory #StopRansomware: Ghost (Cring) Ransomware[1]. This advisory provides known Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs) associated with Ghost ransomware actors identified through FBI investigations.
Ghost actors conduct these widespread attack
Russian state-backed actors are increasingly targeting secure messaging applications like Signal to intercept sensitive communications, reveals a recent report by Google’s Threat Intelligence Group. These groups, often aligned with Russian intelligence services, are focusing on compromising accounts used by individuals of interest, including military personnel, politicians, journalists, and activists. While the initial focus appears to be related to the conflict in Ukraine, researchers believe
