Key TakeawaysStrategic targets: A hack-for-hire group is reportedly conducting espionage against journalists, activists, and government officials across the Middle East and North Africa.Phishing vectors: The…
Key TakeawaysMassive data theft: The December Eurail data breach exposed the personal information and passport numbers of 308,777 international travelers.Dark web exposure: Hackers published a…
Key TakeawaysUpdate access blocked: The developer account suspension prevents Jason Donenfeld from signing Windows drivers and shipping critical WireGuard VPN updates to users.No prior warning:…
Key TakeawaysLegitimate platforms weaponized: Attackers exploit trusted SaaS notification pipelines to bypass traditional email security gateways and deliver malicious phishing payloads directly to targeted users.GitHub…
Key TakeawaysMassive network disruption: A large-scale DDoS attack on Russian telecom provider Rostelecom temporarily disabled internet connectivity across several municipalities.Critical services offline: The cyberattack knocked…
Key TakeawaysNetwork access halted: A severe Northern Ireland school cyberattack compromised the centralized C2K system, terminating online educational services for thousands.Ongoing recovery efforts: Officials executed…
Key TakeawaysState-sponsored threat: Russian state-linked actor APT28 is actively exploiting SOHO router vulnerabilities to conduct a massive global espionage campaign.Traffic manipulation: The APT28 DNS hijacking…
Key TakeawaysSilent data breach: A newly observed Grafana vulnerability enables automatic, undetected data exfiltration without requiring user interaction or administrative authentication.Indirect prompt injection: Attackers bypass…
Key TakeawaysRansomware extortion threat: The Russian-speaking Qilin ransomware group claimed the Die Linke cyberattack, threatening to publish stolen internal data unless a ransom is paid.System…
Key TakeawaysMajor banks hit: A massive Russian banking outage disabled mobile applications, ATMs, and public transit payment systems across multiple regions, including Moscow.Sberbank disruption: Officials…
Key TakeawaysRapid attack execution: The Medusa ransomware group transitions from initial network access to data exfiltration and payload deployment within 24 hours.Zero-days targeted: Notably, the…
Key TakeawaysBlueHammer zero-day exploit: A disgruntled researcher publicly released code for an unpatched Windows privilege escalation vulnerability, granting attackers elevated system permissions.Disclosure motivations: The researcher…
Key TakeawaysDrift hack execution: A highly sophisticated $28.5 million cryptocurrency theft compromised operational contributors and cloud assets following a prolonged infiltration.DPRK social engineering: State-sponsored North…
Key TakeawaysAlleged leader identified: German authorities unmasked Daniil Maksimovich Shchukin as "UNKN," the alleged mastermind behind the REvil and GandCrab ransomware operations.Extensive sabotage acts: The…
Key TakeawaysFraudulent notices: Threat actors deploy SMS-based social engineering campaigns impersonating state judicial systems, alleging outstanding traffic violations requiring immediate payment.QR code attack: These phishing…
Hagit Ynon – Pentera Hagit Ynon has been named Chief Financial Officer at Pentera, joining the cybersecurity company as it continues its global expansion. She…
This week’s cybersecurity activity shows a clear focus on gaining access and visibility inside systems, with supply chain attacks, credential theft, and spyware. From fileless…
Key TakeawaysGuilty plea: A 59-year-old Missouri man entered a guilty plea for executing an internal network compromise and subsequent extortion attempt.Targeted cyberattack execution: The operations…
Key TakeawaysSocial engineering: Hackers breached the Hims & Hers third-party ticketing system via social engineering tactics between February 4 and February 7.Stolen customer data: The…
Key TakeawaysDuc App breach: A massive data leak exposed over 360,000 unencrypted files containing sensitive customer information from the Duales money-transfer application.Amazon storage server: The…
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
