X-Industry

The Fortinet/FortiMail Workspace Security team recently identified a targeted intrusion campaign impacting multiple Israeli organizations.  The adversary leveraged compromised internal email infrastructure to distribute phishing messages across the regional business landscape.  These emails initiated a multi-stage, PowerShell-based infection chain that culminated in the delivery of a remote access trojan (RAT), executed entirely through PowerShell.

Key characteristics include:

• Full PowerShell-b

US law enforcement agencies provided new details on an operation that dismantled critical infrastructure used by the BlackSuit ransomware gang after the organization’s leak site was replaced with a takedown banner nearly two weeks ago.

The group, which rebranded from its Royal name after a devastating 2023 attack that shut down the City of Dallas, successfully attacked more than 450 entities in the US.   Since emerging in 2022, the gang secured more than $370 million in ransom payments, accordin

Vendor-related risks, from both tech providers and non-tech partners, have always been a concern, but they’re now becoming increasingly apparent in a growing number of cyber insurance claims.  While data breaches were once the main concern, we are now seeing more severe first-party losses caused by ransomware attacks and major system outages.  These issues are not always the result of a cyberattack, either.  Sometimes they come from non-malicious errors, like critical system failures or software

Gen Z has often been hailed as the most tech-savvy generation in history.  But new research from Kaspersky suggests that their hyper-connected, gig-driven lifestyle may also be making them one of the most vulnerable.  In a recent report, Kaspersky warns that "polyworking," a growing trend among Gen Z workers juggling multiple part-time jobs, freelance gigs, or side hustles, is creating an unprecedented cybersecurity challenge. With a widened digital footprint, these digital natives are increasin

Security researchers this past week which detailed a series of vulnerabilities that could allow hackers to steal sensitive data from devices using Broadcom’s ControlVault, a special chip widely used in security-focused Dell laptops.

ControlVault is system-on-chip (SoC); effectively a tiny computer that is dedicated to security and isolated from the normally modifiable parts of the device. As its name suggests, it is intended to be a kind of vault for sensitive data; Dell describes it as “a secur

A job search platform exposed over 5 million resumes, putting millions of job seekers at risk of identity theft, targeted scams and fraud.  The leak, discovered by cybersecurity researchers at Cybernews, comes from a misconfigured Microsoft Azure storage container that is accessible on the Internet.  The unsecured cloud bucket contained more than 5.1 million files, predominantly resumes and CVs, dating from 2016 to 2025.[1]

The breach is linked to LiveCareer, a platform founded in 2004 that prov

The US can dreadfully report that they are #1 in malware activity.  Canada is #2.  Not to be outdone, the UK is now the third most targeted country in the world for malware after seeing over 100 million cyber-attacks over the past three months, this according to a new report.  Research from cyber security firm NordVPN found that criminals are increasingly targeting everyday internet users through links in emails and texts, as well as through malicious websites and attachments.[1]

The UK now rank

A recent Varonis report exposes a rising threat: cyber criminals exploiting Microsoft OneNote to launch “native” phishing campaigns via Microsoft 365. OneNote is a well-established digital note-taking app that provides a single place for keeping users' reminders, research and project information.  These attacks exploit trust in legitimate collaboration tools, combining social engineering and cloud infrastructure to bypass traditional defenses.  This new attack vector uses shared OneNote notebook

The  Fortinet team recently investigated a cluster of virtual private servers (VPS) used for Monero mining.  The identified samples are associated with prior H2miner campaigns that researchers documented in 2020 and have since been updated with new configurations.  H2Miner is a Crypto mining botnet that has been active since late 2019.

Analysts also identified a new variant of the Lcryx ransomware, called Lcrypt0rx. Lcryx is a relatively new VBScript-based ransomware strain first observed in Nov

The dating safety app Tea was hacked, resulting in the leak of images, posts, and comments from thousands of users who shared anonymous “red flag” reports on men.  Tea is a woman-only dating safety app launched in 2023 that lets users assess and review potential partners using real-time safety tools, not matchmaking. The app has over 1.6 million members in the US. It allows them to perform background checks on men and anonymously share “red-flag” behavior.

The app offers real-time tools like rev

Russian authorities shut down mobile internet services more than 2,000 times in July, which is a record monthly high, as Russia escalates its digital restrictions in the name of cyber security.  This presented through a report from the nonprofit Russian Internet Protection Society.  Local authorities often cut off access to the internet, citing “national security” amid Ukrainian drone attacks.   However, rights groups and digital watchdogs say many of the blackouts appear unrelated to any real t

The Cybersecurity Team at SafetyDetectives has uncovered a post on a clear web forum where a threat actor claimed to be selling a database containing 61 million records allegedly belonging to Verizon customers.  The data, packaged in a 3.1 GB CSV/JSON file and dated as “2025,” was offered for purchase on a platform known for hosting discussions on database leaks, cracks, and downloads.  Clear web forums, accessible to anyone with an internet connection, are popular among hackers for sharing and

A recently disclosed vulnerability in train braking systems could let hackers remotely stop trains with relatively simple and inexpensive hardware, potentially causing derailments, according to the US Cybersecurity & Infrastructure Security Agency (CISA).  The high-severity vulnerability, tracked as CVE-2025-1727, involves weak authentication in the protocol used to send what are known as end-of-train and head-of-train packets, radio signals that command a rail vehicle’s end-of-train device to s

Cisco Talos researchers on 24 July 2025 detailed Chaos, a newer Ransomware-as-a-Service (RaaS) group that specializes in big company hunting and double extortion attacks (meaning it both encrypts victim files and steals data for potential leaking).  According to Cisco Talos, the group emerged in early February 2025 and appears to be made up of former BlackSuit ransomware gang members "based on similarities in the ransomware's encryption methodology, ransom note structure, and the toolset used in

The education sector is haunted by a significant fraud problem where fake students impersonate celebrities and employ other identity techniques to steal resources and money from legitimate students.  While sorting through student submission applications, the name Brad Pitt appears.  Admission office employees believe it must be a joke or an accident, but soon they find another familiar-looking celebrity name. It becomes clear that the fraudulent technique, named "ghost students," is highly inten

A new backdoor malware campaign targeting Linux systems and exploiting critical vulnerability in SAP has been uncovered by cybersecurity researchers.  The malware, known as Auto-Color, was deployed in a targeted intrusion against a US-based chemicals company in April 2025.  According to an advisory published by Darktrace on 29 July 2025, the attack began when a threat actor exploited CVE-2025-31324, a critical flaw in SAP NetWeaver that allows remote file uploads and potential system compromise.

The notorious Russian cyber-espionage gang known as Fancy Bear, also known as APT28, has increased its attacks against governments and military entities worldwide using new sophisticated cyber tools and technology.   Fancy Bear is perhaps best known in the United States for its hack and leak of Democratic National Committee emails in the lead-up to the 2016 presidential election.  Eleven Western countries have accused the hacking group of targeting defense, transport, and tech firms involved in

Ukrainian intelligence carried out a secret operation against Russian authorities in occupied Crimea. Over several days, Ukrainian cyber experts accessed and downloaded 100 terabytes of classified data from Russian-run government servers. After extracting the files, they completely erased the originals, leaving a major gap in Russian digital records.

The amount of data stolen, 100 terabytes which is massive.  That’s enough to fill more than 20,000 high-definition movies or store over 25 million

China is conducting intelligence operations in The Netherlands that are targeting key industrial sectors including semiconductors, aerospace and maritime technology, Dutch Defense Minister Ruben Brekelmans recently warned.  Dutch national security and transatlantic supply chains are in danger because of state sponsored cyber-attacks and clandestine intelligence operations.  This activity threatens not only the Netherlands, but also the entire free world.

In reaction to similar Chinese targeting

On 13 June 2025, Israel launched a sweeping pre-emptive operation targeting Iran’s military leadership, conventional military sites, air defenses, and nuclear infrastructure.  The campaign was called Operation Rising Lion by the Israeli government and military.  Last month, our friends at Fortinet published a blog detailing the new realities of cyber warfare, which were highlighted by this recent conflict.