X-Industry

Unveiled today at PIVOTcon, this joint research from Validin, the global internet intelligence platform, and SentinelLABS, the threat intelligence and research team of SentinelOne, exposes the FreeDrain Network: a sprawling, industrial-scale cryptocurrency phishing operation that has quietly siphoned digital assets for years.  What began as an investigation into a single phishing page quickly uncovered a vast, coordinated campaign weaponizing search engine optimization, free-tier web services, a

In April 2025, FortiGuard Labs observed a threat actor using phishing emails with malicious HTML files to spread Horabot, malware that primarily targets Spanish-speaking users.  It is known for using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email credentials, harvest contact lists, and install banking trojans.

Horabot leverages Outlook COM automation to send phishing messages from the victim’s mailbox, enabl

The vulnerabilities affect SonicWall's SMA devices for secure remote access, which threat actors have heavily targeted in the past.  CISA added two older SonicWall bugs to the Known Exploited Vulnerabilities (KEV) catalog, marking the latest threat activity targeting the network security vendor's products.  The vulnerabilities are tracked as CVE-2023-44221 and CVE-2024-38475 and affect SonicWall's SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v secure remote access products.  They can be exploi

The uncomfortable reality is that the energy sector's cyberattacks have doubled between 2020 and 2022.  Indeed, 48 successful attacks hit Europe’s energy infrastructure in 2022 alone, which is why cybersecurity has become a key component of ensuring overall energy security.  In particular, cybersecurity experts in the Netherlands have been closely monitoring the major power outage affecting Spain and Portugal and are raising pressing concerns about the vulnerability of critical infrastructure.[1

A critical flaw found in the open source Langflow platform was added to the US Cybersecurity and Infrastructure Security Agency’s (CISA's) Known Exploited Vulnerabilities (KEV) catalog. Langflow is a Python-based Web application, a popular tool in the realm of agentic AI that allows users to build AI-driven agents and workflows.  The vulnerability, tracked as CVE-2025-3248, is described as a missing authentication flaw that allows remote attackers to compromise Langflow servers.   With a CVSS sc

Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack.  Insight Partners is a prominent global venture capital and private equity firm specializing in high-growth technology, software, and internet companies, managing over $90 billion in regulatory assets.  The company has significant investments in more than 800 companies worldwide, including Twitter, HelloFresh, and Veeam Software.

On 18 February 2025

The US-FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024.  The published domains were registered between November 2021 and April 2024, the time of their seizure, and are being shared to increase awareness and provide indicators of compromise. LabHost was a major PhaaS platform that sold access to an extensive set of phishing kits targeting US and Canadian banks for be

A Russian-linked hacktivist group known as NoName057(16) claimed responsibility for cyberattacks on several Romanian websites over the weekend, as voters headed to the polls to elect a new president.  Among the targets of the distributed denial-of-service (DDoS) attacks were the official websites of the Ministry of Foreign Affairs, the Romanian government, the Constitutional Court and several presidential candidates.

Romania’s National Directorate for Cyber Security (DNSC) confirmed the attacks,

The California Privacy Protection Agency (CPPA) recently announced a six-figure fine and an order demanding significant business practice changes for a national clothing retailer which allegedly used a flawed privacy portal.  Todd Snyder, Inc. will have to pay $345,000 and fix poor technical infrastructure which has led to block consumers from opting out of the sale or sharing of their personal data, the CPPA said.  The firm also allegedly forced customers to give it more data than was needed to

Jeffrey Bowie, CEO of the cybersecurity firm Veritaco,[1]  is facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital. The man is accused of having installed the malware on the hospital computers on 06 August 2024.  Bowie was arrested on 14 April 2025 following the issuance of an arrest warrant.  Security footage reportedly shows the man attempting to access multiple offices before installing malicious sof

A new study found that a gene recently recognized as a biomarker for Alzheimer’s disease is a cause due to its previously unknown secondary function. Researchers at the University of California, San Diego, used Artificial Intelligence (AI) to help unravel this mystery of Alzheimer’s disease and discover a potential treatment. In particular, the researchers found that Phosphoglycerate dehydrogenase deficiency (PHGDH) plays a causal role in disrupting gene regulation in the brain.

Alzheimer's dise

Jeffrey Bowie, CEO of the cybersecurity firm Veritaco,[1]  is facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital. The man is accused of having installed the malware on the hospital computers on 06 August 2024.  Bowie was arrested on 14 April 2025 following the issuance of an arrest warrant.  Security footage reportedly shows the man attempting to access multiple offices before installing malicious sof

In recent weeks, the DragonForce ransomware group has been targeting UK retailers in a series of coordinated attacks that have caused major service disruptions. Prominent retailers such as Harrods, Marks and Spencer, and the Co-Op have all reported ongoing incidents affecting payment systems, inventory, payroll, and other critical business functions.

DragonForce has previously been attributed to several notable cyber incidents, including attacks on Honolulu OTS (Oahu Transit Services), the Gover

According to the US Department of Justice, Ryan Mitchell Kramer has pleaded guilty to accessing a computer and obtaining information, and threatening to damage a protected computer, as well as to two felony charges that each carry a prison sentence of up to five years.  Kramer is behind the 2024 hack targeting The Walt Disney Company.  The media giant launched an investigation into the incident in July 2024, after a threat actor calling itself NullBulge announced the theft of 1.1 Tb of data from

Research from Economist Impact reveals that quantum industry professionals are overwhelmingly optimistic that quantum utility will be achieved within the next decade.  According to the study, which surveyed quantum professionals across the UK, Europe, North America, and Asia, a huge 83% think that quantum utility, when quantum computers overcome hardware and error correction challenges to perform better than classical computers, will be realized within ten years or fewer.

See:  https://redskyall

Cybersecurity researchers have detailed the activities of an Initial Access Broker (IAB) named ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.

See:  https://redskyalliance.org/xindustry/cactus-ransomware-in-france

The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be used to create reverse shells an

Recent investigations by the Mexican military revealed that cybercriminals tied to the Cártel Jalisco Nueva Generación (CJNG) have attempted to infiltrate the networks of security agencies, including the Secretariat of Security and Citizen Protection, the National Intelligence Center, and state-run oil company Petróleos Mexicanos (Pemex).

Military sources familiar with the matter told local outlet Milenio that the Jalisco Cartel is recruiting young tech experts to breach the computer systems of

The practice of ransomware actors targeting healthcare organizations continues, as three big organizations in the sector suffered apparent or confirmed attacks.  DaVita, a dialysis firm that provides its services at approximately 3,000 outpatient centers worldwide, became aware of a ransomware incident on April 12 that affected and encrypted "certain on-premises systems," according to a dedicated incident response website.  The firm is currently responding to the incident and is relying on conti

France's foreign ministry explicitly accused Russia's GRU military intelligence agency on 29 April of mounting cyber-attacks on a dozen entities including ministries, defense firms and think tanks since 2021 to destabilize France.  The accusations, levelled at GRU unit APT28, which officials said was based in Rostov-on-Don in southern Russia, are not the first by a Western power, but it is the first time Paris has blamed the Russian state on the basis of its own intelligence.

The ministry said i

Defending against real-world threats is not just part of the job at Sentinel Labs; it is the reality of operating as a cybersecurity company in today’s landscape.  Real-world attacks against our environment serve as constant pressure tests, reinforcing what works, revealing what does not, and driving continuous improvement across our products and operations.  When you’re a high-value target like Sentinel, for some of the most capable and persistent adversaries out there, nothing less will do.

Di