Key TakeawaysSilent data breach: A newly observed Grafana vulnerability enables automatic, undetected data exfiltration without requiring user interaction or administrative authentication.Indirect prompt injection: Attackers bypass…

Key TakeawaysRansomware extortion threat: The Russian-speaking Qilin ransomware group claimed the Die Linke cyberattack, threatening to publish stolen internal data unless a ransom is paid.System…

Key TakeawaysMajor banks hit: A massive Russian banking outage disabled mobile applications, ATMs, and public transit payment systems across multiple regions, including Moscow.Sberbank disruption: Officials…

Key TakeawaysRapid attack execution: The Medusa ransomware group transitions from initial network access to data exfiltration and payload deployment within 24 hours.Zero-days targeted: Notably, the…

Key TakeawaysBlueHammer zero-day exploit: A disgruntled researcher publicly released code for an unpatched Windows privilege escalation vulnerability, granting attackers elevated system permissions.Disclosure motivations: The researcher…

Key TakeawaysDrift hack execution: A highly sophisticated $28.5 million cryptocurrency theft compromised operational contributors and cloud assets following a prolonged infiltration.DPRK social engineering: State-sponsored North…

Key TakeawaysAlleged leader identified: German authorities unmasked Daniil Maksimovich Shchukin as "UNKN," the alleged mastermind behind the REvil and GandCrab ransomware operations.Extensive sabotage acts: The…

Key TakeawaysFraudulent notices: Threat actors deploy SMS-based social engineering campaigns impersonating state judicial systems, alleging outstanding traffic violations requiring immediate payment.QR code attack: These phishing…

Hagit Ynon – Pentera Hagit Ynon has been named Chief Financial Officer at Pentera, joining the cybersecurity company as it continues its global expansion. She…

This week’s cybersecurity activity shows a clear focus on gaining access and visibility inside systems, with supply chain attacks, credential theft, and spyware.  From fileless…

Key TakeawaysGuilty plea: A 59-year-old Missouri man entered a guilty plea for executing an internal network compromise and subsequent extortion attempt.Targeted cyberattack execution: The operations…

Key TakeawaysSocial engineering: Hackers breached the Hims & Hers third-party ticketing system via social engineering tactics between February 4 and February 7.Stolen customer data: The…

Key TakeawaysDuc App breach: A massive data leak exposed over 360,000 unencrypted files containing sensitive customer information from the Duales money-transfer application.Amazon storage server: The…

Key TakeawaysLNK file attacks: Recent Democratic People's Republic of Korea (DPRK) cyber campaigns utilize malicious LNK files containing encoded PowerShell scripts to infiltrate systems and…

Key TakeawaysiOS 18.7.7 update: Apple deployed emergency patches for older iPhones and iPads to neutralize critical vulnerabilities tied to a leaked exploitation toolkit.DarkSword attacks: The…

Key TakeawaysAlleged breach impact: Cisco faces intense scrutiny following reports of a significant internal network intrusion that may have exposed 3 million Salesforce records.Trivy vulnerability…

Key TakeawaysLi Xiong extradition: Cambodian authorities transferred the former Huione Group chairman to China on charges of alleged leadership of transnational fraud networks.Huione Group cyber…

Key TakeawaysFake app: WhatsApp alerted approximately 200 users, primarily located in Italy, about downloading a malicious iOS application disguised as the official messaging platform.SIO spyware…

Key TakeawaysAttribution confirmed: Google Threat Intelligence Group attributes the Axios supply chain attack to North Korea-linked hackers, specifically the threat actor UNC1069.Account hijacked: An npm…

Key TakeawaysSyndicate scale exposed: Strike Force Carieville uncovered a dark net drug syndicate that facilitated an $80 million drug supply operation over eight years.Recent target…