X-Industry

The FortiCNAPP team, part of FortiGuard Labs, recently investigated a cluster of virtual private servers (VPS) used for Monero mining. The identified samples are associated with prior H2miner campaigns that we documented in 2020 and have since been updated with new configurations. H2Miner is a Crypto mining botnet that has been active since late 2019.

Researchers also identified a new variant of the Lcryx ransomware, called Lcrypt0rx. Lcryx is a relatively new VBScript-based ransomware strain fi

Hackers believed to be affiliated with an Iranian intelligence agency are using a newly-discovered strain of the DCHSpy malware to snoop on adversaries.  Researchers from the cybersecurity firm Lookout detected the latest version of DCHSpy one week after Israel’s June bombing campaign targeting Iran’s nuclear program began.  DCHSpy was first detected in 2024, but has since evolved and can now exfiltrate data from WhatsApp and files stored on devices, Lookout said.  The malware also collects cont

Cases of cyber-attacks are constantly being reported all over the world. Recently, a big Cyberespionage Operation has been disclosed. In this, Microsoft's SharePoint server was targeted.  About 100 different organizations have fallen victim to this operation so far.  This cyber-attack was so dangerous that Microsoft had to issue an alert in the past days.  It was said that active attacks are going on their SharePoint server, and users will have to install safety updates immediately.

This attack

The education sector tops the list of industries with the most vulnerable cloud assets, APIs and web applications, according to a new study from CyCognito.  The security vendor analyzed a random sample of two million internet-exposed assets between January and June, simulating real-world attacker behavior including:

• Black-box pen testing using over 90,000 exploit modules, credential stuffing simulations, data exposure detection and more
• Dynamic application security testing to spot runtime web a

The month of July could barely have started any worse for some financial institutions in Brazil.  On 30 June 2025, C&M Software, a Brazilian company that provides a "bridge" helping the country's central bank connect to local banks, revealed that it had been hacked.  810,306,000 Brazilian reals (approximately US$140 million) were stolen from the reserve accounts of six financial institutions because of the security breach.

In the wake of the attack, which made news headlines in Brazil, the count

Chinese-linked hackers are targeting the Taiwanese semiconductor industry and investment analysts as part of a string of cyber espionage campaigns, researchers said on 17 July.  While hacking to steal data and information about the industry is not new, there is an increase in sustained hacking campaigns from several China-aligned hacking groups, researchers with cybersecurity firm Proofpoint said in a new analysis.  “We’ve seen entities that we hadn’t ever seen being targeted in the past being t

In April 2025, Huntabil.IT observed a targeted attack on a Web3 startup, attributing the incident to a DPRK threat actor group.  Several reports on social media at the time described similar incidents at other Web3 and Crypto organizations.  Analysis revealed an attack chain consisting of an eclectic mix of scripts and binaries written in AppleScript, C++, and Nim.  Although the early stages of the attack follow a familiar DPRK pattern using social engineering, lure scripts, and fake updates, th

Cybersecurity researchers have observed a surge in identity-driven cyberattacks targeting employee login credentials.   According to a new report by eSentire’s Threat Response Unit (TRU), between 2024 and the first quarter of 2025, 19,000 identity-related cyber investigations revealed a 156% increase in such threats compared to 2023.  These incidents now account for 59% of all confirmed threats across eSentire’s customer base of over 2000 organizations.[1]

One of the biggest enablers of this tre

UK customers of luxury goods brand Louis Vuitton have been warned to be on their guard against opportunist fraud attempts after their data was compromised in a cyber-attack on the retailer.

In an email sent to customers, Louis Vuitton revealed that its IT systems were accessed on 2 July 2025 by an unauthorized third party, who was able to obtain data including names, contact details and purchasing histories, all data of use to cyber criminals. Louis Vuitton said that bank and credit card details

Just hours after the US President announced airstrikes on three key Iranian nuclear sites, a wave of cyberattacks linked to pro-Iranian groups began to surface.  Iranian hackers are reported to have hit US banks, defense contractors, and oil industry companies after the US attacks on Iranian nuclear facilities.  To date, they have not caused serious problems to critical infrastructure or the US economy. However, some analysts think that the US strikes could even prompt Iran, Russia, China, and N

A cross-party group of US lawmakers has introduced the “No Adversarial AI Act,” a bill designed to prohibit federal agencies from using artificial intelligence models developed by companies based in China, Russia, Iran, or North Korea.  The bill mandates that the Federal Acquisition Security Council maintain a regularly updated list of banned AI technologies, with China’s DeepSeek cited as a prime example of the threat.  The legislation, sponsored by both Democrats and Republicans, responds to g

Five young men from several federal states are being investigated on suspicion of computer sabotage.  They are said to have blocked the telephones of police stations for short periods of time over several weeks.  In total, over 800 police stations in Germany and neighboring countries have been affected by the attacks since the beginning of the year, according to the police in Osnabrück.  Several of the suspects' homes were searched at the end of June.[1]

The five suspects, aged between 16 and 19

Hackers are targeting Russia’s industrial sector with a new spyware strain that steals sensitive internal documents, local researchers warned.  The campaign, which began in July 2024 and remains active, uses phishing emails disguised as fake contracts. Victims are urged to download a file via a malicious link, which infects their systems with previously unknown spyware called Batavia, according to a new report by Moscow-based cybersecurity firm Kaspersky.[1]

Link to full report:  IR-25-191-002_R

Shipping companies are in the firing line of cyber threats and need to be proactive in preventing attacks by increasing investment in security and training.  Many security solutions are inexpensive but need top executives to be involved in practicing security issues, identifying vulnerabilities and updating software on onboard operating systems.[1]

An expert panel recently discussed how technical developments in digitalization and communications have made ships more vulnerable to cyber-attacks d

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

Researchers from FortiGuard Labs recently uncovered an active delivery site that hosts a weaponized HTA script and silently drops the infostealer “NordDragonScan” into victims’ environments.  Once installed, NordDragonScan examines the host and copies documents, harvests entire Chrome and Firefox profiles, and takes screenshots.  The package is then sent over TLS to its command-and-control server, “kpuszkiev.com,” which also serves as a heartbeat server to confirm the victim is still online and

Nova Scotia Power says the cyber-attack on the utility in the spring means the company needs to collect power usage information on foot rather than digitally for now.  It said meters have continued to function since the attack was discovered on 25 April, but that information can’t be sent digitally to the company.  “As a result, we initially paused customer billing and have recently resumed billing with most customers receiving estimated bills until our systems are restored and meters begin comm

Security researchers have warned bargain-hunting shoppers to be on the lookout for scams this Amazon Prime Day, after discovering many lookalike domains.  Check Point said that, in June alone, it recorded more than 1000 domains with names resembling “Amazon” and “Amazon Prime,” 87% of which have been flagged as malicious or suspicious.

The security vendor warned that big-name online events like Prime Day are a magnet for fraudsters, who tend to target victims via fake (phishing) sites impersonat

The International Criminal Court (ICC) suffered a sophisticated cyber-attack coinciding with the Hague NATO summit attended by US President Donald J. Trump, who pushed for increased defense spending among member countries.  Ironically, besides defense spending, the NATO summit also aimed to address measures to address cyber attacks. Meanwhile, Hague-based ICC said it immediately detected the cyber incident and promptly moved to contain the intrusion without divulging additional details.

The inte

Bridewell, a UK-based cybersecurity services company, has released its latest CTI Annual Report, a comprehensive deep dive into ransomware trends.  It highlighted a significant shift in attack strategies, payment dynamics, and threat actor behaviors, revealing that data theft and extortion have overtaken traditional encryption-only ransomware as the most successful approach for attackers.  While encryption-based attacks tend to result in larger individual ransom payments, often due to the urgenc