X-Industry

The websites of over 100 car dealerships were found serving malicious ClickFix code after a third-party domain was compromised in a supply chain attack.  As part of the compromise, a threat actor infected LES Automotive, a shared video service unique to dealerships, so that websites using the service would serve a ClickFix webpage to their visitors.

A ClickFix attack relies on malicious code on a webpage to display a prompt to the user, asking them to fix an error or perform a reCAPTCHA challeng

The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare. While X owner Elon Musk did not specifically state that DDoS attacks were behind the outages, he did confirm that it was caused by a "massive cyberattack." "There was (still is) a massive cyberattack against X," Musk posted on X. "We get attacked every day, but this was done with a lot of resources. Either a large, coordi

Giving the Raspberries is not very nice, but that’s what the Mora_001 group does. A new ransomware operation with ties to the LockBit ransomware group exploits two vulnerabilities impacting Fortinet products. Last week, multiple researchers spotlighted the exploitation of CVE-2024-55591 and CVE-2025-24472 by a new ransomware group called Mora_001. [1]

The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies one week to patch CVE-2024-55591 in January, one of

SideWinder, a likely India-based cyber-espionage group that has been active since 2012, recently ramped up attacks on organizations in the maritime and logistic sectors in Africa and Asia.  In many of the attacks, the threat group has used variously themed phishing emails to lure targets into clicking on a malicious document.  The document contains an exploit for CVE-2017-11882, a memory corruption vulnerability in Microsoft Office that SideWinder has used for years in its campaigns, to drop a p

According to a new study by Mimecast, human error contributed to 95% of data breaches in 2024, driven by insider threats, credential misuse, and user-driven errors. A small fraction of employees contributed disproportionately to these security incidents, with just 8% of staff accounting for 80% of incidents. The report highlighted several high-profile incidents in the past year linked to human error. This included the Change Healthcare ransomware attack, in which an employee’s credentials were c

The latest Thetius report, commissioned by CyberOwl and HFW, gathers insights, assesses current and future cybersecurity challenges, evaluates the industry’s response to evolving regulations and technological advancements, and highlights the importance of integrated cybersecurity practices throughout the vessel lifecycle, from design to maintenance.

Key findings of the report include:

• 7% of stakeholders paid a ransom within the last 12 months. In 2023, nearly 14% admitted to paying a ransom.
• Th

A surge in SIM-swapping fraud across the Middle East has exposed new tactics cybercriminals use to exploit victims. According to a new report by Group-IB, fraudsters increasingly leverage phishing websites and social engineering to bypass security measures, allowing them to hijack mobile numbers and access sensitive accounts.

Investigations have shown that attackers first obtain personal details, such as national IDs and banking information, through fraudulent websites that mimic legitimate serv

Medusa ransomware attacks are increasingly becoming a core tool for a threat group known as "Spearwing," which has amassed hundreds of victims since 2023; nearly 400, in fact, have been listed on its leak site.  The ransom demands when using Medusa ransomware range from $100,000 to a whopping $15 million, according to threat hunters

 See:  https://redskyalliance.org/xindustry/medusa-grew-new-snakes

Researchers believe that Spearwing is taking advantage of the wide-open gap in the ransomware spac

A software developer has been found guilty of sabotaging his ex-employer's systems by running custom malware and installing a "kill switch" after being demoted at the company.  Davis Lu, 55, of Houston, was a software developer for an Ohio company, reportedly Eaton Corp, from November 2007 to October 2019.  Eaton Corporation is a global power management company that provides electrical, hydraulic, and mechanical solutions for various industries.

Following a corporate restructuring in 2018, Lu lo

Like many advanced AI-driven tools, the Chinese DeepSeek AI application offers incredible innovation. However, significant data privacy concerns are raised due to the sensitive nature of the data being processed and the regulatory environment. Integrating large-scale data collection and advanced AI technologies, particularly in healthcare, surveillance, and financial services, exacerbates these concerns.

See: https://redskyalliance.org/xindustry/banning-deepseek-from-govt-devices

The Australian

Back in the 1970’s there was a commercial that said, “Is it Live, or Memorex.”  Fast forward 50 years and AI.  Artificial intelligence has made fake IDs nearly undetectable, pushing dealers toward biometric verification for security.  Credible identity documents, printed or electronic, are now so easy to forge that printed documents are on their way out and biometrics, identifying someone by their face and other characteristics that are harder to imitate, are on their way in, experts say.  Artif

The US Social Security Administration (SSA) Office of the Inspector General (OIG) is cautioning the public to be aware of emails that appear to be from SSA and include a link to download a utility tool.  This fake email is an attempt to lure individuals to fraudulent sites that are not associated with SSA by claiming there is a problem, a potential error and to correct the issue you must download a ‘Security Update Tool.” 

THIS EMAIL IS NOT FROM SSA (see attached).  This version of the scam emai

If you are looking to plan a future vacation, take a minute to scrutinize hotel and travel service booking sites. Hotel and hostel workers are being tricked into downloading credential-stealing malware by cybercriminals impersonating Booking[.]com. In a phishing campaign that began in December 2024 and continued through February, the threat actors are targeting people in the hospitality industry across North America, Southeast Asia and Europe who are likely to work with Booking[.]com and to op

A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. The attack was devised by SquareX Labs, which warns of its practicality and feasibility on the latest version of Chrome. The researchers have responsibly disclosed the attack to Google. The attack begins with submitting the malicious polymorphic extension on Chrome's Web Store. [1]

SquareX us

When Russia launched its full-scale invasion of Ukraine in February 2022, it also ushered in a new era of warfare, one where cyberattacks were no longer a supporting act but a core component of battlefield operations.  This was the world’s first full-scale cyberwar, where digital operations were synchronized with kinetic strikes to disrupt, disable, and disorient the enemy.  For three years, Ukraine has defended itself not only on the battlefield but also in cyberspace, repelling relentless Russ

Cisco Talos recently uncovered a sophisticated attack campaign targeting Japanese organizations through CVE-2024-4577 [1], a critical PHP-CGI remote code execution flaw with 79 exploits available. While Talos focused on victimology and attacker tradecraft, GreyNoise telemetry reveals a wider exploitation pattern demanding immediate action from defenders globally.

Attack Overview - According to Cisco Talos, the threat actor exploited PHP-CGI installations on Windows systems to deploy Cobalt Strik

FortiGuard Labs has analyzed malicious software packages detected from November 2024 to the present, identifying various techniques used to exploit system vulnerabilities. This analysis provides insights into the evolving threat landscape and emerging attack methods.  FortiGuard Labs leverages our proprietary, AI-driven OSS malware detection system to track and examine these threats. By reviewing the tactics observed—such as low-file-count packages designed to evade detection, command overwrite

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint cyber security advisory on the growing threat of Ghost ransomware. A variation of this strain of malware called GhostSocks uses SOCKS5 to bypass anti-fraud mechanisms and geographic restrictions. First detected in 2021, this ransomware group has targeted organizations in over 70 countries, exploiting unpatched software, weak credentials, and outdated security configurations to infiltrate enterprise networ

New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. The prosecutors explain that most stolen tickets were for Taylor Swift's Eras Tour. However, the criminals also targeted other high-value and high-profile events, including Ed Sheeran concerts, Adele concerts, NBA games, and the US Open Tennis Championships. [1]

The two defendants, 20-year-old Tyrone Ros

US President Donald Trump has offered a hint about the possible future ownership of TikTok’s American business, whilst speaking aboard Air Force One.  Trump on 9 March was quoted by Reuters as saying that his administration was in touch with four different groups about the sale of Chinese-owned TikTok, and that all options were good.  It comes after US President Joe Biden in April 2024 had signed a bill that gave Chinese owner ByteDance up to a year to divest TikTok or face a nationwide ban acro