All news with #threat report tag

LockBit, Hiveleaks and BlackBasta Drive Ransomware Spike

🚨 Ransomware activity rebounded in July, with NCC Group recording 198 successful campaigns — a 47% increase from June. The surge was led by LockBit 3.0 (62 attacks), followed by Hiveleaks (27) and BlackBasta (24), which showed rapid month‑over‑month growth. Researchers link the fluctuation to restructuring after U.S. pressure on Conti, with affiliates and replacement strains reemerging under new identities.

Twitter Whistleblower Alleges Major Security Failures

🔍 An 84-page whistleblower complaint from former Twitter head of security Peiter “Mudge” Zatko alleges systemic security and privacy failings at the company, including excessive staff access, unpatched servers, and potential foreign-agent infiltration. Zatko says these issues violate a 2010 FTC order and pose a national security risk. Twitter calls him a disgruntled ex-employee and says many issues are addressed. Congressional inquiries have already begun.

Fake Reservation Links Target Travel and Hospitality Industry

✈️ A longtime threat group tracked as TA558 has resumed phishing campaigns that spoof hotel or reservation notices to lure travelers into downloading malware. Campaigns increasingly deliver ISO and RAR container files via URLs that, when decompressed, execute batch scripts and PowerShell helpers to fetch RATs such as AsyncRAT. TA558 has shifted from macro-laden Office documents to containerized attachments after Microsoft limited macros. Travel organizations and customers should be wary of unexpected reservation emails and avoid opening unknown archives.