< ciso
brief />
Tag Banner

All news with #threat report tag

542 articles · page 16 of 28

Ransomhouse Upgrades: Dual-Encryption Attacks on VMware

🔒 Palo Alto Networks warns that the Jolly Scorpius group has significantly upgraded its Ransomhouse RaaS with a dual-key encryption trojan called Mario, combining a 32-byte primary key and an eight-byte secondary key that make recovery extremely difficult. Attack automation via MrAgent targets VMware ESXi hypervisors, enabling rapid cluster-wide encryption and firewall neutralization. The campaign primarily targets German companies; recommended mitigations include hardening virtual environments, immutable backups, and strict network segmentation.
read more →

Cloud file-sharing breaches selling corporate data

🔐 A threat actor known as Zestix is offering corporate data reportedly stolen from dozens of companies after breaching ShareFile, Nextcloud, and OwnCloud instances. Hudson Rock links initial access to credentials harvested by infostealers such as RedLine, Lumma, and Vidar, often delivered via malvertising or ClickFix campaigns. Many affected accounts lacked multi-factor authentication, enabling unauthorized access and large-scale data exfiltration.
read more →

ClickFix Campaign Uses Fake BSOD to Trick Hospitality Staff

🛑 This campaign impersonates Booking.com to redirect hospitality staff to a cloned site that triggers a full-screen fake Windows BSOD. The page instructs victims to paste and run a command that launches PowerShell, compiles a malicious .NET project via MSBuild.exe, and executes a loader. The payload disables Defender exclusions, triggers UAC prompts for elevation, and deploys DCRAT (staxs.exe) which provides remote access and can drop additional tools such as cryptocurrency miners.
read more →

Russia-Aligned Hackers Abuse Viber to Deploy Malware

📲 Russian-aligned threat actor UAC-0184 used the Viber messaging app to deliver malicious ZIP archives to Ukrainian military and government recipients, according to 360 Threat Intelligence Center. The archives contained LNK decoys that silently executed Hijack Loader, which retrieves a second ZIP (smoothieks.zip) via PowerShell and reconstructs the loader in memory. The loader uses DLL side-loading, module stomping, CRC32 checks for installed security products, and scheduled tasks for persistence before injecting Remcos RAT into chime.exe to enable remote control and data theft.
read more →

Infosecurity Top 10: Key Cybersecurity Stories of 2025

🔒 Cybersecurity in 2025 was defined by high-profile breaches, weaponized AI and renewed focus on supply-chain and vulnerability management. Major events included vendor withdrawals from MITRE ATT&CK evaluations, a large-scale IoT proxy network, a critical Fortinet zero-day in active exploitation, and the fast mitigation of an npm package compromise. New risks such as 'quishing', LLM-driven hallucination attacks and agentic AI guidance from OWASP also shaped the year.
read more →

Cybercrime Inc.: When Hackers Outpace Corporate IT and Defenses

🔍 Cybercrime has evolved into a structured, global underground economy that frequently outperforms corporate IT in speed, efficiency and scale. Organized groups now run with defined roles, measurable KPIs and productized offerings such as Ransomware-as-a-Service, enabling nontechnical affiliates to launch high-impact attacks. The decisive metric is no longer if an organization will be targeted but how quickly it can recover and limit reputational and operational damage.
read more →

Cybercrime Inc.: How Organized Hackers Outpace IT Defenses

⚠️ Cybercrime has matured into a structured, global underground economy that often outstrips corporate defenders. Groups now operate with division of labor, formal processes and professional marketing, and Ransomware-as-a-Service offerings enable nontechnical actors to lease malware, support and revenue-sharing schemes. The result is scalable, fast-moving criminal supply chains that exploit human error, weaponize stolen data and exploit slow, bureaucratic response models. Organizations must move beyond pure prevention to measurable resilience, rehearsed recovery and decisive incident leadership.
read more →

Final 2025 Weekly Recap: MongoDB, Wallet, and Supply Chain

🔔 A newly disclosed MongoDB memory-exposure flaw (CVE-2025-14847, "MongoBleed") and a wave of supply-chain and update-channel compromises defined the final week of 2025. Active exploitation of MongoDB affected tens of thousands of instances worldwide while extension- and package-based attacks, including a compromised Trust Wallet Chrome extension and a malicious npm package, led to immediate thefts and account takeovers. The recap stresses rapid attacker tempo, the abuse of trusted update/support channels, and persistent impacts that can surface months or years after an initial compromise.
read more →

December 2025 cybersecurity roundup by Tony Anscombe

📰 ESET Chief Security Evangelist Tony Anscombe reviews the key cybersecurity stories closing out 2025, spotlighting significant incidents and trends. He highlights FinCEN's finding that U.S. organizations paid over $2.1 billion in ransomware between 2022 and 2024, and legal action by the Texas Attorney General against major TV manufacturers for alleged secret collection of viewing data. Tony also examines notable breaches and the tactics used by threat actors, offering practical perspective on risks and resilience.
read more →

Top 5 Real-World AI Security Threats Revealed in 2025

🔒 2025 exposed major, real-world risks across the AI ecosystem as rapid adoption of agentic AI expanded enterprise attack surfaces. Researchers documented pervasive Shadow AI and vulnerable vendor tools, AI supply-chain poisoning, credential theft (LLMjacking), prompt-injection attacks, and rogue or misconfigured MCP servers. These incidents affected popular frameworks and cloud services and resulted in data breaches, remote-code execution, and costly fraud.
read more →

Top Ransomware Trends of 2025: Activity and Impact

🔍 Ransomware activity in 2025 remained high, with 306 groups and 7,902 victims listed on data leak sites, according to Ransomware.live. While coordinated takedowns and anti-cybercrime actions were quieter than in 2024, both emergent collectives (Scattered Spider, Lapsus$, ShinyHunters) and established syndicates continued to generate incidents. The most prolific actors — Qilin, Akira and Clop — claimed the largest shares of victims, and the United States accounted for nearly half of the reported targets.
read more →

Scripted Sparrow Sends Millions of Targeted BEC Emails

📧 Fortra researchers have identified a global business email compromise (BEC) collective dubbed Scripted Sparrow that is sending an estimated 4–6 million highly tailored messages each month. The group poses as executive coaching and leadership consultancies, registering numerous domains and webmail addresses while sending spoofed reply chains with fake invoices and W‑9 forms to Accounts Payable teams. Fortra urges organisations to enforce strict payment approval protocols, verify requests via official channels and never trust embedded reply chains.
read more →

Cloud CISO Perspectives: 2025 Review — Cloud Security & AI

🔒 Google Cloud senior leaders Nick Godfrey and Anton Chuvakin recap 2025 security developments and lessons learned across cloud and AI. They highlight five focus areas — securing cloud, securing AI, AI-enabled defense, threat intelligence, and building trust — and call out major items such as the announced Wiz acquisition, response to React2Shell (CVE-2025-55182), and the launch of AI Protection. The newsletter stresses fundamentals, governance, and using AI to empower defenders.
read more →

Denmark Blames Russia for 2024–25 Cyber Attacks, DDoS

🛡️ The Danish Defence Intelligence Service (DDIS) said on December 18, 2025 that Russian-aligned actors were responsible for recent destructive and disruptive cyber activity against Denmark. The agency named pro‑Russian hacktivist groups Z‑Pentest for a destructive 2024 intrusion at a water utility and NoName057(16) for DDoS campaigns targeting websites ahead of the 2025 municipal and regional elections. DDIS assessed both groups have links to the Russian state and are being used as instruments of a hybrid campaign to create insecurity and penalise countries supporting Ukraine. The statement followed a global advisory, co-signed by 23 law enforcement and intelligence bodies, which catalogued related TTPs.
read more →

Adios 2025: Ransomware, AI Abuse, and Manufacturing Hits

📌 2025 left a clear imprint: ransomware operations matured into highly organized, profitable cartels such as Qilin, industrial targets like Jaguar Land Rover suffered major operational and financial damage, and early reports of AI-orchestrated espionage raised concerns about automated, scalable kill chains. Talos highlights week’s headlines—Fortinet zero-days (CVE-2025-59718, CVE-2025-59719), Microsoft update regressions affecting WSL VPNs, and a large AWS crypto-mining campaign driven by compromised IAM credentials. The guidance is pragmatic: double down on identity and access management, monitor service accounts, prioritize incident response basics, and care for your people to reduce burnout heading into 2026.
read more →

ThreatsDay Bulletin: Emerging Tactics and Notable Incidents

🔔 This week's ThreatsDay Bulletin highlights a rapid reshaping of old tools and fresh abuse of familiar systems across fraud, malware, and infrastructure. Notable incidents include a cross-border scam ring dismantled in Ukraine that defrauded hundreds for over €10 million, the modular SantaStealer infostealer sold as malware-as-a-service, and a WhatsApp device-linking hijack dubbed GhostPairing. Security teams should verify linked sessions, reduce exposed management endpoints, and prioritize timely patching and credential hygiene.
read more →

North Korea Steals Over $2bn in Crypto During 2025

🚨Chainalysis reports North Korea's crypto thefts surged in 2025, exceeding $2bn and pushing the regime's cumulative haul to over $6.7bn. The firm says DPRK actors accounted for 60% of funds stolen this year, with the Bybit breach alone yielding an unprecedented $1.5bn; attackers are increasingly embedding IT workers inside exchanges and custodians to gain privileged access. They favor Chinese-language services, cross-chain bridges and mixers for laundering, while personal wallet thefts tripled in incidents but fell in average value to $713m overall.
read more →

HMRC Warns of Over 135,000 Scam Reports to Taxpayers

🛡️ HMRC has received over 135,500 scam reports since February 2025, including about 4,800 tied to its Self Assessment system, and warns scams will rise ahead of the January 31, 2026 filing deadline. Fraudsters impersonate HMRC via phone, email and text to pressure victims into paying fake bills, disclosing personal data or installing malware. HMRC says it shut 25,000 phishing sites and numbers in the last 10 months and urges people to protect, recognize and report suspicious contacts to phishing@hmrc.gov.uk.
read more →

China-Linked Ink Dragon Employs ShadowPad and FINALDRAFT

🛡️ Check Point Research links a sustained espionage campaign to the China-aligned cluster known as Ink Dragon (also tracked as Jewelbug, CL-STA-0049, Earth Alux/REF7707) that has targeted government and telecommunications organisations across Europe, Asia and Africa since at least March 2023. The actor exploits exposed web applications and predictable ASP.NET machine keys to drop web shells and install a custom ShadowPad IIS Listener, turning compromised servers into resilient C2 relays. Operators deploy a modular backdoor FINALDRAFT (aka Squidoor), alongside NANOREMOTE, loaders and tooling such as VARGEIT and Cobalt Strike to enable stealthy lateral movement, credential theft and high-throughput exfiltration.
read more →

Russian APT Targets Energy and Critical Infrastructure

🔎 Amazon Threat Intelligence reports a Russian state-sponsored cyber espionage team has increasingly targeted energy providers and other critical infrastructure, operating since at least 2021. The actors have shifted toward exploiting device misconfigurations while continuing to leverage known vulnerabilities such as CVE-2022-26318, CVE-2021-26084, CVE-2023-22518 and CVE-2023-2753. Observed tradecraft includes compromise of network-edge devices hosted on AWS EC2, passive credential capture and credential-replay attacks to move laterally across victim environments. Amazon provides indicators of compromise and specific mitigation guidance, including configuration audits, isolation of management interfaces and deployment of multi-factor authentication.
read more →