The University of Pennsylvania joined the steadily growing number of victim organizations impacted by the widespread data theft and extortion campaign involving a notorious ransomware group’s exploitation of a zero-day vulnerability and other defects in Oracle E-Business Suite earlier this year. The university filed a data breach notification in Maine Monday, confirming nearly 1,500 Maine…
Category: Threats
Cybercrime, Cybersecurity, Data Breaches, Global Security News, Threats
Crisis24 shuts down emergency notification system in wake of ransomware attack
OnSolve CodeRED, a voluntary, opt-in emergency notification system used by law enforcement agencies and municipalities across the country, has been permanently shut down in the wake of a ransomware attack. Crisis24, the company behind the service, said it decommissioned the platform after the cyberattack damaged the OnSolve CodeRED environment earlier this month. “Current forensic analysis…
Cybersecurity, Gainsight, Global Security News, Google Threat Intelligence Group, Threats
Gainsight CEO downplays impact of attack that spread to Salesforce environments
An independent forensic investigation is underway to determine the extent of the intrusion into customer management software Gainsight’s systems and whether the breach has spread beyond Salesforce to other third-party applications. Despite this ongoing analysis, the company maintains that the impact on customer data stored within connected services is limited and largely contained. “While Salesforce…
Cybersecurity, Exploits, GitHub, Global Security News, Research, Threats
Shai-Hulud worm returns stronger and more automated than ever before
Security researchers and authorities are warning about a fresh wave of supply-chain attacks linked to a self-replicating worm that attackers have injected into almost 500 npm (node.js package manager) software packages, exposing more than 26,000 open-source repositories on GitHub. The trojanized npm packages, which were first discovered late Sunday by Charlie Eriksen, security researcher at…
Cybercrime, Cybersecurity, Data Breaches, Global Security News, Threats
Hundreds of Salesforce customers hit by yet another third-party vendor breach
Salesforce said yet another breach involving a third-party vendor has compromised customers’ data, warning in a security advisory late Wednesday that it detected unusual activity in Gainsight applications connected to Salesforce customer environments. “Google Threat Intelligence Group is aware of more than 200 potentially affected Salesforce instances,” Austin Larsen, principal analyst at GTIG, told CyberScoop. …
Amazon, Cybersecurity, Global Security News, Research, Threats
Amazon warns of global rise in specialized cyber-enabled kinetic targeting
Amazon said the lines between cyberattacks and physical, real-world attacks are blurring quickly — prompting the tech giant to call for a new category of warfare: cyber-enabled kinetic targeting. Nation-states have combined and understood how logical systems and the physical world interact for a long time, but more non-traditional attackers are showcasing expertise in using…
CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Research, Threats
Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage
Federal authorities and researchers alerted organizations Friday to a massively exploited vulnerability in Fortinet’s web application firewall. While the actively exploited critical defect poses significant risk to Fortinet’s customers, researchers are particularly agitated about the vendor’s delayed communications and, ultimately, post-exploitation warnings about the vulnerability. Fortinet addressed CVE-2025-64446 in a software update pushed Oct. 28,…
Asia Pacific, china, Financial, Global Security News, Research, Threats
Google, researchers see signs that Lighthouse text scammers disrupted after lawsuit
The phishing kit Lighthouse, which has aided text scams like those soliciting victims to pay unpaid road tolls, appears to have been hampered shortly after Google filed a lawsuit aimed at its creators. Google said on Thursday that Lighthouse had been shut down. Two other organizations that have tracked the suspected Chinese operators of Lighthouse…
Commentary, Global Security News, Money, Threats, Workforce
The retail sector needs a cybersecurity talent incubator
Retail giants have a target on their backs. Hackers are picking them apart at a rate rarely seen in other industries. Louis Vuitton and Dior are part of a growing number of household names affected. Their breaches alone may have cost them upwards of $25 million. Moreover, Google has warned that the hacker group that…
Asia Pacific, Australia, Geopolitics, Global Security News, Policy, Threats
While White House demands deterrence, Trump shrugs
The Trump administration’s top cyber officials have emphasized the urgent need to take aggressive action to deter increasingly brazen foreign cyberattacks. Trump himself, however, has repeatedly brushed aside the notion that foreign cyber activity is anything even really noteworthy. When Trump’s team talks about foreign hacking, be it China’s alleged massive cyberespionage campaign against telecommunications…
Cybercrime, Financial, Geopolitics, Global Security News, North America, Policy, Threats
Google files lawsuit against Lighthouse ‘phishing for dummies’ text scammers
Google on Wednesday filed a lawsuit against pesky text message scammers — like those who flood targets with notices that they have unpaid road tolls, or have a package waiting — in an attempt to disrupt a “phishing for dummies” operation the company accuses of victimizing more than 1 million people. The lawsuit against 25…
Amazon, Cybercrime, Cybersecurity, Exploits, Global Security News, Research, Threats
Amazon pins Cisco, Citrix zero-day attacks to APT group
Amazon’s threat intelligence team said it observed an advanced persistent threat group exploiting zero-day vulnerabilities affecting Cisco Identity Service Engine and Citrix NetScaler products before the vendors disclosed and patched the defects last summer. Amazon’s MadPot honeypot service detected active exploitation of the critical defects — CVE-2025-5777 in Citrix and CVE-2025-20337 in Cisco — and…
Cybercrime, Cybersecurity, Exploits, Global Security News, Threats
Maryland man faces federal charges for crimes allegedly linked to 764
A 20-year-old Maryland man allegedly associated with violent extremist group 764 is in federal custody, facing charges for sexual exploitation of children, online coercement and enticement, and cyberstalking. Erik Lee Madison, of Halethorpe, Maryland, is accused of victimizing at least five children this fall, including one as young as 13 at the time. His alleged…
Cybersecurity, Exploits, Global Security News, Microsoft, Technology, Threats
Microsoft Patch Tuesday addresses 63 defects, including one actively exploited zero-day
Microsoft addressed 63 vulnerabilities affecting its underlying systems and core products, including one actively exploited zero-day, the company said in its latest monthly security update. The zero-day vulnerability — CVE-2025-62215 — affects the Windows Kernel and has a CVSS rating of 7.0 due to a high attack complexity, according to Microsoft. Exploitation, which could allow…
Cybersecurity, Exploits, Global Security News, Research, Technology, Threats
What’s left to worry (and not worry) about in the F5 breach aftermath
Researchers aren’t very concerned about the dozens of undisclosed F5 vulnerabilities a nation-state attacker stole during a prolonged attack on F5’s internal systems. Yet, the heist of sensitive intelligence from a widely used vendor’s internal network resembles previous espionage-driven attacks that could pose long-term consequences downstream. F5, which became aware of the attack Aug. 9…
Exploits, Geopolitics, Global Security News, privacy, Research, Threats
New Landfall spyware apparently targeting Samsung phones in Middle East
A new commercial-grade spyware has apparently been targeting Samsung Galaxy phones in the Middle East, but it’s not clear who’s behind it, researchers said in a blog post Friday. Whoever’s responsible, they seized upon a previously unknown, unpatched vulnerability known as a zero-day — a flaw Samsung has since closed, the researchers from Palo Alto…
budget, Congress, Financial, Global Security News, Government, Threats
Agency that provides budget data to Congress hit with security incident
A federal agency that supplies budget and economic information to Congress has suffered a cybersecurity incident, reportedly at the hands of a suspected foreign party. A spokesperson for the Congressional Budget Office (CBO) acknowledged the incident Thursday after The Washington Post reported that the office was hacked, with the attackers potentially accessing communications between lawmakers…
Cybercrime, Cybersecurity, Exploits, Global Security News, Ransomware, Technology, Threats
SonicWall pins attack on customer portal to undisclosed nation-state
SonicWall said a state-sponsored threat actor was behind the brute-force attack that exposed firewall configuration files of every customer that used the company’s cloud backup service. The vendor pinned the responsibility for the attack on an undisclosed nation state Tuesday, after Mandiant concluded its investigation into the incident. SonicWall did not attribute the attack to…
Apple, Cybersecurity, Exploits, Global Security News, Research, Technology, Threats
Apple addresses more than 100 vulnerabilities in security updates for iPhones, Macs and iPads
Apple disclosed an exceptionally high number of vulnerabilities in core services and components used across its most popular devices, as the tech giant addressed 105 vulnerabilities in MacOS 26.1 and 56 vulnerabilities with the release of iOS 26.1 and iPadOS 26.1. The company’s latest security update includes some flaws that affect software spanning iPhones, Macs…
Cybercrime, Cybersecurity, Exploits, Global Security News, Threats
Alleged 764 leader arrested in Arizona, faces life in prison
Federal law enforcement said a leader of 764, a violent extremist group, has been in federal custody since he was arrested in December and faces 29 charges for running a loose-knit collective involved in child exploitation, cyberstalking, kidnapping, animal torture, wire fraud and murder. Baron Cain Martin, 21, of Tucson, Arizona, allegedly joined the child…
Australia, Cybersecurity, Exploits, Global Security News, Government, Technology, Threats
CISA, NSA offer guidance to better protect Microsoft Exchange Servers
Cybersecurity experts from multiple federal agencies released guidance to help organizations bolster their defenses against attacks on on-premises Microsoft Exchange Servers, resurfacing and building upon previously shared advice that generally applies to most technology. The Cybersecurity and Infrastructure Security Agency said the security blueprint for Microsoft Exchange Server is a follow-up effort to an emergency…
crowdstrike, Cybersecurity, Global Security News, North America, Technology, Threats
F5 asserts limited impact from prolonged nation-state attack on its systems
F5 CEO François Locoh-Donou said on a company earnings call that there were two categories of impact on customers following a nation-state attacker’s long-term, persistent access to its systems: widespread emergency updates to BIG-IP software and hardware, and customers whose configuration data was stolen during the attack. “We were very impressed frankly, with the speed…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Huntress, known exploited vulnerabilities (KEV), Threats
Attackers bypass patch in deprecated Windows Server update tool
Attackers are actively exploiting a critical vulnerability in Windows Server Update Services, bypassing a patch Microsoft issued earlier this month that failed to mitigate the issue affecting software versions dating back to 2012. Microsoft released an emergency, out-of-band security update for CVE-2025-59287 on Thursday. Multiple research firms detected in-the-wild exploitation by Friday, yet Microsoft has…
Cybersecurity, Europe, Geopolitics, Global Security News, Threats
North Korea’s Lazarus group attacked three companies involved in drone development
North Korea’s Lazarus threat group attacked three Europe-based companies with active operations in the defense sector last spring to potentially steal sensitive data about drone components and software, ESET researchers said in a report released Thursday. The attacks initiated by North Korea’s long-running advanced persistent threat group, which specializes in espionage, sabotage and financial gain,…
Cybersecurity, Exclusive, Global Security News, Research, Threats
Researchers track surge in high-level Smishing Triad activity
Researchers have uncovered a long-running phishing campaign that uses text messages to trick victims, and it’s both bigger and more complex than previously thought. The operation, dubbed Smishing Triad, is managed in Chinese and involves thousands of malicious actors, including dozens of active, high-level participants, Palo Alto Networks’ research unit told CyberScoop. Unit 42 has…
Asia Pacific, china, Cybersecurity, Geopolitics, Global Security News, Government, Threats
China’s spy agency accuses NSA of yearslong attack on the country’s timekeeping service
China’s Ministry of State Security accused the National Security Agency of conducting a yearslong attack on China’s national timekeeping infrastructure to steal sensitive data and infiltrate the service for potential sabotage. The NSA gained initial access to China’s National Time Service Center systems in April 2023 by using credentials lifted from employees’ mobile devices that…
Department of Justice (DOJ), email, Geopolitics, Global Security News, Government, Threats
John Bolton indictment says suspected Iranian hackers accessed his emails, issued threats
Suspected Iranian hackers infiltrated former national security adviser John Bolton’s email account and threatened to release sensitive materials, his indictment alleges. The indictment on charges that Bolton mishandled classified information, released Thursday, comes after President Donald Trump’s unprecedented public call for the Justice Department to prosecute his enemies. Bolton served under Trump in his first…
Cisco Talos, Cybersecurity, Global Security News, Ransomware, Research, Threats
North Korean operatives spotted using evasive techniques to steal data and cryptocurrency
North Korean operatives that dupe job seekers into installing malicious code on their devices have been spotted using new malware strains and techniques, resulting in the theft of credentials or cryptocurrency and ransomware deployment, according to researchers from Cisco Talos and Google Threat Intelligence Group. Cisco Talos said it observed an attack linked to Famous…
cyberattack, Cybersecurity, Global Security News, Government, Threats
CISA warns of imminent risk posed by thousands of F5 products in federal agencies
Federal cyber authorities issued an emergency directive Wednesday requiring federal agencies to identify and apply security updates to F5 devices after the cybersecurity vendor said a nation-state attacker had long-term, persistent access to its systems. The order, which mandates federal civilian executive branch agencies take action by Oct. 22, marked the second emergency directive issued…
Cybersecurity, Exploits, Global Security News, Microsoft, Patch Tuesday, Threats
Microsoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days
Microsoft addressed 175 vulnerabilities affecting its core products and underlying systems, including two actively exploited zero-days, the company said in its latest security update. It’s the largest assortment of defects disclosed by the tech giant this year. The zero-day vulnerabilities — CVE-2025-24990 affecting Agere Windows Modem Driver and CVE-2025-59230 affecting Windows Remote Access Connection Manager…
Cybercrime, Cybersecurity, Exploits, Global Security News, Ransomware, Research, Threats
Fortra cops to exploitation of GoAnywhere file-transfer service defect
Fortra, in its most forceful admission yet, confirmed a maximum-severity defect it disclosed in GoAnywhere MFT has been actively exploited in attacks, yet researchers are still pressing the vendor to be more forthcoming about how attackers obtained a private key required to achieve exploitation. The vendor published a summary of its investigation into CVE-2025-10035 Thursday,…
Android, Geopolitics, Global Security News, Russia, Spyware, Threats
Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium
A fast-spreading Android spyware is mushrooming across Russia, camouflaging itself as popular apps like TikTok or YouTube, researchers at Zimperium have revealed in a blog post. The company told CyberScoop they expect the campaign is likely to expand beyond Russian borders, too. In three months, Zimperium zLabs researchers observed more than 600 samples, the company…
Cybercrime, Cybersecurity, Exploits, Global Security News, Research, Technology, Threats
SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal
A brute-force attack exposed firewall configuration files of every SonicWall customer who used the company’s cloud backup service, the besieged vendor said Wednesday. An investigation aided by Mandiant confirmed the totality of compromise that occurred when unidentified attackers hit a customer-facing system of SonicWall controls. The company previously said less than 5% of its firewall…
Cybercrime, Cybersecurity, Exploits, Global Security News, Ransomware, Research, Threats
Oracle zero-day defect amplifies panic over Clop’s data theft attack spree
Federal cyber authorities and threat hunters are on edge following Oracle’s Saturday disclosure of an actively exploited zero-day vulnerability the Clop ransomware group used to initiate a widespread data theft and extortion campaign researchers initially warned about last week. Oracle addressed the critical vulnerability — CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory…
Cybercrime, Cybersecurity, Exploits, Global Security News, Ransomware, Research, Threats
Oracle zero-day defect amplifies panic over Clop’s data theft attack spree
Federal cyber authorities and threat hunters are on edge following Oracle’s Saturday disclosure of an actively exploited zero-day vulnerability the Clop ransomware group used to initiate a widespread data theft and extortion campaign researchers initially warned about last week. Oracle addressed the critical vulnerability — CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory…
Cybercrime, Cybersecurity, Exploits, Global Security News, Ransomware, Research, Threats
Oracle zero-day defect amplifies panic over Clop’s data theft attack spree
Federal cyber authorities and threat hunters are on edge following Oracle’s Saturday disclosure of an actively exploited zero-day vulnerability the Clop ransomware group used to initiate a widespread data theft and extortion campaign researchers initially warned about last week. Oracle addressed the critical vulnerability — CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory…
Cybercrime, Cybersecurity, Exploits, Global Security News, Ransomware, Research, Threats
Oracle zero-day defect amplifies panic over Clop’s data theft attack spree
Federal cyber authorities and threat hunters are on edge following Oracle’s Saturday disclosure of an actively exploited zero-day vulnerability the Clop ransomware group used to initiate a widespread data theft and extortion campaign researchers initially warned about last week. Oracle addressed the critical vulnerability — CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory…
Cybercrime, Cybersecurity, Exploits, Global Security News, Ransomware, Research, Threats
Oracle zero-day defect amplifies panic over Clop’s data theft attack spree
Federal cyber authorities and threat hunters are on edge following Oracle’s Saturday disclosure of an actively exploited zero-day vulnerability the Clop ransomware group used to initiate a widespread data theft and extortion campaign researchers initially warned about last week. Oracle addressed the critical vulnerability — CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory…
Cybercrime, Cybersecurity, Global Security News, Research, Technology, Threats
Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks
When security researchers issued warnings about the Salesloft Drift issues last month, two prominent cybersecurity companies found themselves facing the same threat — but their stories ended up unfolding in different ways. Okta and Zscaler, among the larger players in the identity management space, were among the more than 700 Drift customers targeted in what…
Cybercrime, Cybersecurity, Global Security News, Research, Technology, Threats
Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks
When security researchers issued warnings about the Salesloft Drift issues last month, two prominent cybersecurity companies found themselves facing the same threat — but their stories ended up unfolding in different ways. Okta and Zscaler, among the larger players in the identity management space, were among the more than 700 Drift customers targeted in what…
Cybercrime, Cybersecurity, Global Security News, Research, Technology, Threats
Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks
When security researchers issued warnings about the Salesloft Drift issues last month, two prominent cybersecurity companies found themselves facing the same threat — but their stories ended up unfolding in different ways. Okta and Zscaler, among the larger players in the identity management space, were among the more than 700 Drift customers targeted in what…
Cybercrime, Cybersecurity, Global Security News, Research, Technology, Threats
Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks
When security researchers issued warnings about the Salesloft Drift issues last month, two prominent cybersecurity companies found themselves facing the same threat — but their stories ended up unfolding in different ways. Okta and Zscaler, among the larger players in the identity management space, were among the more than 700 Drift customers targeted in what…
Cybercrime, Cybersecurity, Global Security News, Research, Technology, Threats
Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks
When security researchers issued warnings about the Salesloft Drift issues last month, two prominent cybersecurity companies found themselves facing the same threat — but their stories ended up unfolding in different ways. Okta and Zscaler, among the larger players in the identity management space, were among the more than 700 Drift customers targeted in what…
Cybercrime, Cybersecurity, Exploits, Global Security News, Ransomware, Research, Threats
SonicWall firewalls targeted by fresh Akira ransomware surge
Researchers and authorities are warning that Akira ransomware attacks involving exploits of a year-old vulnerability affecting SonicWall firewalls are on the rise. A burst of about 40 attacks linked to CVE-2024-40766 hit SonicWall firewalls between mid-July and early August. Researchers have since observed another wave of ransomware attacks linked to active exploits of the defect,…
Asia Pacific, china, Cloud, Geopolitics, Global Security News, Government, Threats
China’s ‘Typhoons’ changing the way FBI hunts sophisticated threats
Major cyber intrusions by the Chinese hacking groups known as Salt Typhoon and Volt Typhoon have forced the FBI to change its methods of hunting sophisticated threats, a top FBI cyber official said Wednesday. U.S. officials, allied governments and threat researchers have identified Salt Typhoon as the group behind the massive telecommunications hack revealed last…
Cybersecurity, Exploits, Global Security News, Microsoft, Research, Threats
Microsoft Patch Tuesday addresses 81 vulnerabilities, none actively exploited
Microsoft addressed 81 vulnerabilities affecting its enterprise products and underlying Windows systems, but none have been actively exploited, the company said in its latest security update. The company’s monthly bundle of patches includes one high-severity vulnerability and eight critical defects, including three designated as more likely to be exploited. The most severe defect disclosed this…
Cybercrime, Cybersecurity, Financial, Global Security News, Money, North America, Threats
Treasury Department targets Southeast Asia scam hubs with sanctions
Federal authorities on Monday imposed sanctions on 19 people and organizations allegedly involved in major cyberscam hubs in Burma and Cambodia. “Criminal actors across Southeast Asia have increasingly exploited the vulnerabilities of Americans online,” Secretary of State Marco Rubio said in a statement. “In 2024, Americans lost at least $10 billion to scam operations in…
Cybercrime, Cybersecurity, Global Security News, Research, Technology, Threats
Salesloft Drift security incident started with undetected GitHub access
Salesloft pinned the root cause of the Drift supply-chain attacks to a threat group gaining access to its GitHub account as far back as March, the company said in an update Saturday. During a 10-day period in mid-August, the threat group compromised and stole data from hundreds of organizations. The threat group, which Google tracks…
Andrew Garbarino, Financial, Global Security News, Government, Policy, Threats
CISA pushes final cyber incident reporting rule to May 2026
The Cybersecurity and Infrastructure Agency is delaying finalization of a rule until May of next year that will require critical infrastructure owners and operators to swiftly report major cyber incidents to the federal government, according to a recent regulatory notice. Under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022, CISA was supposed…
Cybercrime, Cybersecurity, Exploits, Global Security News, Research, Threats
Sitecore zero-day vulnerability springs up from exposed machine key
An attacker exploited a zero-day vulnerability in Sitecore stemming from a misconfiguration of public ASP.NET machine keys that customers implemented based on the vendor’s documentation, according to researchers. The critical zero-day defect — CVE-2025-53690 — was exploited by the attacker using exposed keys to achieve remote code execution, Mandiant Threat Defense said in a report…
AI, Cybercrime, Cybersecurity, Global Security News, Technology, Threats
Salesloft Drift attacks hit Cloudflare, Palo Alto Networks, Zscaler
Multiple security and technology companies have been swept up in a far-reaching attack spree originating at Salesloft Drift, including Cloudflare, PagerDuty, Palo Alto Networks, SpyCloud and Zscaler. Victim organizations continue to come forward as customers of the third-party AI chat agent hunt for evidence of compromise or receive notices from Salesloft and other companies involved…
Cybercrime, Cybersecurity, Global Security News, Research, Technology, Threats
Salesloft Drift compromised en masse, impacting all third-party integrations
Salesloft Drift customers are compromised in a much more expansive downstream attack spree than previously thought, potentially ensnaring any user that integrated the AI chat agent platform to another service. “We’re telling organizations to treat any Drift integration into any platform as potentially compromised, so that increases the scope of victims,” Mandiant Consulting CTO Charles…
Cybercrime, Cybersecurity, Financial, Global Security News, Government, North America, Threats
Treasury sanctions North Korea IT worker scheme facilitators and front organizations
The Treasury Department on Wednesday expanded efforts to disrupt the pervasive North Korean technical worker scheme by imposing sanctions on people and organizations serving as facilitators and fronts for the country’s years-long conspiracy effort to defraud businesses and earn money despite international sanctions. Vitaly Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology and Korea…
Asia Pacific, Australia, Canada, Geopolitics, Global Security News, Government, Threats
Salt Typhoon hacking campaign goes beyond previously disclosed targets, world cyber agencies say
A notorious Chinese hacking campaign against telecommunications companies has now reached into a variety of additional sectors across the globe, including government, transportation, lodging and military targets, according to an alert U.S. and world cybersecurity agencies published Wednesday. The alert is an effort to give technical details to potential victims of the campaign from the…
Cybercrime, Cybersecurity, Exploits, Global Security News, Ransomware, Research, Threats
Microsoft details Storm-0501’s focus on ransomware in the cloud
A financially motivated threat group operating since 2021 has refined its technical tradecraft, honing its focus on cloud-based systems that allow it to expand ransomware operations beyond the scope of on-premises infrastructure, Microsoft Threat Intelligence said in a report released Wednesday. By leveraging cloud-native capabilities, Storm-0501 has exfiltrated large volumes of data with speed, destroying…
Cybercrime, Cybersecurity, Exploits, Global Security News, Technology, Tenable, Threats
Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June
Citrix and cybersecurity researchers warn a critical, zero-day vulnerability affecting multiple versions of Citrix NetScaler products is under active exploitation. Citrix issued a security bulletin about the vulnerability — CVE-2025-7775 — and urged customers on affected versions to install upgrades Tuesday. The memory-overflow vulnerability, which has an initial CVSS rating of 9.2, can be exploited…
AI, Cybercrime, Cybersecurity, Global Security News, Research, Threats
Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent
Google Threat Intelligence Group warned about a “widespread data theft campaign” that compromised hundreds of Salesforce customers over a 10-day span earlier this month. According to a report published Tuesday, researchers say a threat group Google tracks as UNC6395 stole large volumes of data from Salesforce customer instances by using stolen OAuth tokens from Salesloft…
AI, Cybercrime, Cybersecurity, Global Security News, Research, Threats
Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent
Google Threat Intelligence Group warned about a “widespread data theft campaign” that compromised hundreds of Salesforce customers over a 10-day span earlier this month. According to a report published Tuesday, researchers say a threat group Google tracks as UNC6395 stole large volumes of data from Salesforce customer instances by using stolen OAuth tokens from Salesloft…
antitrust, Financial, Global Security News, privacy, Technology, Threats
Court ruling in Epic-Google fight could have ‘catastrophic’ cyber consequences, former gov’t officials say
A court injunction in the long fight between Fortnite publisher Epic Games and Google could have “catastrophic results for the nation’s security” and “risks creating massive cybersecurity vulnerabilities in the online ecosystem,” a group of former top government officials said in a filing Monday. At issue, they wrote, is a district court injunction requiring Google…
Asia Pacific, Biden administration, china, Geopolitics, Global Security News, Government, Threats
Feds still trying to crack Volt Typhoon hackers’ intentions, goals
Federal analysts are still sizing up what the Chinese hackers known as Volt Typhoon, who penetrated U.S. critical infrastructure to maintain access within those networks, might have intended by setting up shop there, a Cybersecurity and Infrastructure Security Agency official said Thursday. “We still don’t actually know what the result of that is going to…
APT, Asia Pacific, Cybersecurity, Geopolitics, Global Security News, Research, Threats
Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow
A Russian nation-state threat group has been spying on foreign diplomats, managing continuous access to their communications and data in Moscow since at least 2024, according to Microsoft Threat Intelligence. Secret Blizzard is gaining “adversary-in-the-middle” positions on Russian internet service providers and telecom networks by likely leveraging surveillance tools and deploying malware on targeted devices,…
Asia Pacific, china, Gary Peters, Global Security News, Government, Technology, Threats
Senate legislation would direct federal agencies to fortify against quantum computing cyber threats
A bipartisan pair of senators are introducing legislation Thursday that would direct a White House office to develop a strategy for reckoning with the cybersecurity ramifications of quantum computers, and require agencies to begin pilot programs on quantum-safe encryption. Sens. Gary Peters, D-Mich., and Marsha Blackburn, R-Tenn., say the National Quantum Cybersecurity Migration Strategy Act…
Cybercrime, Cybersecurity, Data Breaches, Global Security News, Research, Threats
Research shows data breach costs have reached an all-time high
The average cost of a data breach for U.S. companies jumped 9% to an all-time high of $10.22 million in 2025, as the global average cost fell 9% to $4.44 million, IBM said in its 20th annual Cost of a Data Breach Report Wednesday. While shorter investigations are pushing down costs globally, reflecting the first…
Geopolitics, Global Security News, Government, Technology, Threats
Sen. Hassan wants to hear from SpaceX about scammers abusing Starlink
It’s time for SpaceX to take strong action against scammers abusing the company’s Starlink internet service, Sen. Maggie Hassan said in a letter to CEO Elon Musk on Monday. The New Hampshire Democrat cited evidence accumulating over the past two years that some Southeast Asian fraudsters scamming billions of dollars from U.S. citizens have leaned…
Cybercrime, Cybersecurity, Exploits, Global Security News, Ransomware, Threats
FBI alerts tie together threats of cybercrime, physical violence from The Com
The FBI released a trove of research on The Com last week, warning that the sprawling cybercriminal network of minors and young adults is growing rapidly and splintering into three primary subsets described by officials as Hacker Com, In Real Life Com and Extortion Com. The warnings lay out how The Com’s thousands of members,…
Cybercrime, Cybersecurity, Europe, Global Security News, Ransomware, Threats
Authorities in Ukraine nab alleged admin of Russian-language cybercrime forum
Ukrainian authorities Tuesday arrested the alleged administrator of XSS.is, a Russian-language cybercrime forum, following a four-year investigation by the Paris public prosecutor’s office. Law enforcement officials from France and Europol seized the domain of the influential forum following the arrest. Authorities have not named the suspected administrator of XSS.is. The forum, which was active since…
Cybercrime, Cybersecurity, Exploits, Global Security News, Research, Technology, Threats
Cisco network access security platform vulnerabilities under active exploitation
A pair of maximum-severity vulnerabilities affecting Cisco’s network access security platform are under active exploitation, the enterprise networking and IT vendor warned in a security advisory Monday. The software defects in Cisco Identity Services Engine and Cisco ISE Passive Identity Connector — CVE-2025-20281 and CVE-2025-20337 — were disclosed and addressed by Cisco on June 25,…
china, Cybercrime, Cybersecurity, Exploits, Global Security News, Research, Threats
Microsoft SharePoint zero-day attacks pinned on China-linked ‘Typhoon’ threat groups
Microsoft said two China nation-state threat groups and a separate attacker based in China are exploiting the zero-day vulnerabilities that first caused havoc to SharePoint servers over the weekend. Linen Typhoon and Violet Typhoon — the Chinese government-affiliated threat groups — and an attacker Microsoft tracks as Storm-2603 are exploiting the pair of zero-day vulnerabilities…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Research, Technology, Threats
Mass attack spree hits Microsoft SharePoint zero-day defect
Attackers are actively exploiting a critical zero-day vulnerability affecting on-premises Microsoft SharePoint servers, prompting industry heavyweights to sound the alarm over the weekend. Researchers discovered the active, ongoing attack spree Friday afternoon and warnings were issued en masse by Saturday evening. Microsoft released urgent guidance Saturday, advising on-premises SharePoint customers to turn on and properly…
Asia Pacific, Commentary, Geopolitics, Global Security News, Government, Technology, Threats
Why it’s time for the US to go on offense in cyberspace
The U.S. is stepping into a new cyber era, and it comes not a moment too soon. With the Trump administration’s sweeping $1 billion cyber initiative in the “Big Beautiful Bill” and growing congressional momentum under the 2026 National Defense Authorization Act (NDAA) to strengthen cyber deterrence, we’re seeing a shift in posture that many…
Cybercrime, Cybersecurity, Financial, Global Security News, North America, Ransomware, Threats
United Natural Foods loses up to $400M in sales after cyberattack
United Natural Foods said the cyberattack that prompted the food distributor and wholesaler to completely shut down its network last month resulted in lost sales of up to $400 million. Executives, during a business update call Wednesday with analysts and investors, said the financial impact from the attack is largely contained to the current quarter,…
Cybercrime, Cybersecurity, Global Security News, Government, Ransomware, Threats
Ryuk ransomware operator extradited to US, faces five years in federal prison
An Armenian national is in federal custody and faces charges stemming from their alleged involvement in a spree of attacks in 2019 and 2020 involving Ryuk ransomware, the Justice Department said Wednesday. Karen Serobovich Vardanyan, 33, was extradited from Ukraine to the United States on June 18 and pleaded not guilty to the charges in…
Cybercrime, Cybersecurity, Exploits, Global Security News, Ransomware, Research, Threats
SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices
A financially motivated threat group is attacking organizations using fully patched, end-of-life SonicWall Secure Mobile Access 100 series appliances, Google Threat Intelligence Group said in a report released Wednesday. The group, which Google identifies as UNC6148, is using previously stolen admin credentials to gain access to SonicWall SMA 100 series appliances, remote access VPN devices…
Cybercrime, Cybersecurity, Exploits, Global Security News, Research, Threats
AsyncRAT seeds family of more than 30 remote access trojans
AsyncRAT, the most prevalent remote access trojan observed in the wild, has spawned more than 30 forks and variants that increase the impact of the open-source malware, making it a popular and sometimes disguised tool of choice for cybercriminals, ESET researchers said in a report released Tuesday. The open source remote access tool, which was…
CISA, Cybercrime, Cybersecurity, Exploits, Global Security News, Research, Threats
CitrixBleed 2 beckons sweeping alarm as exploits spread across the globe
Authorities and researchers are intensifying warnings about active exploitation and pervasive scanning of a critical vulnerability affecting multiple versions of Citrix NetScaler products. There is now widespread agreement among security professionals that the critical vulnerability, CVE-2025-5777, which Citrix disclosed June 17, is serious and harkens back to a 2023 defect in the same products: “CitrixBleed,”…
Cybercrime, Global Security News, National Crime Agency, Ransomware, Scattered Spider, Threats
UK arrests four for cyberattacks on major British retailers
Three teenagers and a 20-year-old woman were arrested Thursday by the U.K.’s National Crime Agency for their alleged role in cyberattacks on major retailers Marks & Spencer (M&S), Co-op, and Harrods. The arrests, comprising British and Latvian nationals, followed sustained investigations into attacks that crippled the retailers’ operations. The NCA’s National Cyber Crime Unit detained…
Cybersecurity, Exploits, Global Security News, Microsoft, Research, Technology, Threats
Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited
Microsoft addressed 130 vulnerabilities across its products and underlying Windows systems, but none have been actively exploited in the wild, the company said in its latest security update Tuesday. A proof-of-concept exploit for a high-severity defect in SQL Server — CVE-2025-49719 — has been shared publicly, researchers said. The information disclosure vulnerability, which has a…
china, COVID-19, Department of Justice (DOJ), Geopolitics, Global Security News, North America, Threats
Italian authorities arrest Chinese man over Microsoft Exchange Server hack, targeting of COVID-19 researchers
The Justice Department said Tuesday that Italian authorities arrested a Chinese national whom DOJ said was involved in the massive Microsoft Exchange Server hack from 2020 to 2021, an arrest made at the United States’ request. The arrest stems from a nine-count indictment dating back to 2023, which named the arrested man, Xu Zewei, 33,…
Asia Pacific, Financial, Global Security News, Government, Threats
Treasury slaps sanctions on people, companies tied to North Korean IT worker schemes
The Treasury Department on Tuesday announced it has sanctioned a North Korean man participating in the widespread IT worker scheme, as well as others in a Russia-based IT worker operation that allegedly benefits the government of North Korea. It’s the second time in as many weeks that feds have taken action against people it says…
Application Security, Cybersecurity, Exploits, Global Security News, Research, Technology, Threats
Oligo Security strives to fill application-layer gaps in MITRE ATT&CK framework
Applications are a common intrusion point, but the way attackers gain access, maneuver and create mayhem within and across applications doesn’t always neatly fit into MITRE’s ATT&CK framework. The team at Oligo Security is releasing a new framework it calls Application Attack Matrix to complement areas of MITRE’s framework that it describes as too broad,…
critical infrastructure, Cybercrime, Cybersecurity, Global Security News, North America, Ransomware, Threats
Scattered Spider weaves web of social-engineered destruction
In an underworld fueled by infamy and money that leaves a trail of human misery in its wake, the unbound collective colloquially known as Scattered Spider deviates from many norms in cybercrime. The cunning threat group composed of young, native English-speaking people lacks cohesion, is rife with infighting and doesn’t have a data leak site,…
Cybercrime, Cybersecurity, Exploits, Geopolitics, Global Security News, Research, Threats
China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year
Multiple critical infrastructure sectors were hit last year during an attack spree in France via a trio of zero-day vulnerabilities affecting Ivanti Cloud Service Appliance devices, the country’s cybersecurity agency said in a report released Tuesday. Government agencies and organizations in the telecommunications, media, finance and transportation industries were impacted by widespread zero-day exploits of…
Geopolitics, Global Security News, Government, North America, Threats, Workforce
Top FBI cyber official: Salt Typhoon ‘largely contained’ in telecom networks
The Chinese hackers behind the massive telecommunications sector breach are “largely contained” and “dormant” in the networks, “locked into the location they’re in” and “not actively infiltrating information,” the top FBI cyber official told CyberScoop. But Brett Leatherman, new leader of the FBI Cyber division, said in a recent interview that doesn’t mean the hackers,…
Cybersecurity, Global Security News, Technology, Threats
AT&T deploys new account lock feature to counter SIM swapping
AT&T widely launched its Wireless Account Lock feature Tuesday, aiming to strengthen customer protection against account takeovers and SIM-swapping attacks. The feature comes amid rising concern over SIM swapping and other social-engineering tactics that allow bad actors to compromise user accounts and take control of their phone numbers. The Wireless Account Lock, which had been…
Global Security News, Threats
Scammers have a new tactic: impersonating DOGE
The post Scammers have a new tactic: impersonating DOGE appeared first on CyberScoop.
Cybercrime, Financial, Global Security News, Government, Technology, Threats
Arrest, seizures in latest U.S. operation against North Korean IT workers
U.S. authorities unsealed indictments, seized financial accounts and made an arrest in the latest attempt to crack down on North Korean remote IT workers as part of a coordinated action that the Justice Department announced Monday. The workers obtained employment at more than 100 U.S. companies using stolen and fake identities, costing them millions in…
Asia Pacific, china, Cybersecurity, Global Security News, Research, Threats
Stealth China-linked ORB network gaining footholds in US, East Asia
A recently discovered operational relay box (ORB) network controlled by a China-linked threat group already exceeds 1,000 devices and is growing across the United States and East Asia, SecurityScorecard said in a threat report released Monday. The ORB network, which SecurityScorecard dubbed “LapDogs,” is primarily composed of routers designed for small or home offices but…
Cybercrime, Cybersecurity, Financial, Global Security News, Money, Threats
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme
Federal authorities on Thursday said they seized $7.74 million from North Korean nationals as they attempted to launder cryptocurrency obtained by IT workers who gained illegal employment and funneled the wages to the North Korean regime. The allegedly illegally obtained funds were linked to Sim Hyon Sop, a representative of North Korean Foreign Trade Bank,…
Cybercrime, Cybersecurity, extortion, Global Security News, Google, Google Threat Intelligence Group, Microsoft 365, OAuth, phishing, Salesforce, Social Engineering, Technology, Threats
Salesforce customers duped by series of social-engineering attacks
A financially motivated threat group posing as IT support has intruded the systems of about 20 organizations by duping employees into installing a malicious, illegitimate version of Salesforce’s Data Loader and granting broader access to cloud-based environments, Google Threat Intelligence Group said in a threat report released Wednesday. The attacks, which Google attributes to UNC6040,…
Cybercrime, Cybersecurity, extortion, Global Security News, Google, Google Threat Intelligence Group, Microsoft 365, OAuth, phishing, Salesforce, Social Engineering, Technology, Threats
Salesforce customers duped by series of social-engineering attacks
A financially motivated threat group posing as IT support has intruded the systems of about 20 organizations by duping employees into installing a malicious, illegitimate version of Salesforce’s Data Loader and granting broader access to cloud-based environments, Google Threat Intelligence Group said in a threat report released Wednesday. The attacks, which Google attributes to UNC6040,…
Cybercrime, Cybersecurity, extortion, Global Security News, Google, Google Threat Intelligence Group, Microsoft 365, OAuth, phishing, Salesforce, Social Engineering, Technology, Threats
Salesforce customers duped by series of social-engineering attacks
A financially motivated threat group posing as IT support has intruded the systems of about 20 organizations by duping employees into installing a malicious, illegitimate version of Salesforce’s Data Loader and granting broader access to cloud-based environments, Google Threat Intelligence Group said in a threat report released Wednesday. The attacks, which Google attributes to UNC6040,…
crowdstrike, Cybercrime, Cybersecurity, Global Security News, Google, Mandiant, Microsoft, Palo Alto Networks, Ransomware, Research, Threat group, Threats, Uncategorized, Unit 42
CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution
CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. The companies said the effort will clarify inconsistencies across the industry’s naming taxonomies and acknowledge when both companies identify the same threat groups. The alliance between the longstanding competitors doesn’t…
crowdstrike, Cybercrime, Cybersecurity, Global Security News, Google, Mandiant, Microsoft, Palo Alto Networks, Ransomware, Research, Threat group, Threats, Uncategorized, Unit 42
CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution
CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. The companies said the effort will clarify inconsistencies across the industry’s naming taxonomies and acknowledge when both companies identify the same threat groups. The alliance between the longstanding competitors doesn’t…
crowdstrike, Cybercrime, Cybersecurity, Global Security News, Google, Mandiant, Microsoft, Palo Alto Networks, Ransomware, Research, Threat group, Threats, Uncategorized, Unit 42
CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution
CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. The companies said the effort will clarify inconsistencies across the industry’s naming taxonomies and acknowledge when both companies identify the same threat groups. The alliance between the longstanding competitors doesn’t…
Commentary, CVE, Cybersecurity, Exploits, Global Security News, MITRE, NVD, Research, Technology, Threats, Vulnerability Management
Future-ready cybersecurity: Lessons from the MITRE CVE crisis
The recent funding crisis surrounding MITRE’s Common Vulnerabilities and Exposures (CVE) program was more than just a bureaucratic hiccup — it was a wake-up call for an industry that has relied on CVEs for years to identify, categorize, and prioritize vulnerabilities. Out of the blue, we discovered the foundation was suddenly at risk. Worse still,…
Commentary, CVE, Cybersecurity, Exploits, Global Security News, MITRE, NVD, Research, Technology, Threats, Vulnerability Management
Future-ready cybersecurity: Lessons from the MITRE CVE crisis
The recent funding crisis surrounding MITRE’s Common Vulnerabilities and Exposures (CVE) program was more than just a bureaucratic hiccup — it was a wake-up call for an industry that has relied on CVEs for years to identify, categorize, and prioritize vulnerabilities. Out of the blue, we discovered the foundation was suddenly at risk. Worse still,…
Commentary, CVE, Cybersecurity, Exploits, Global Security News, MITRE, NVD, Research, Technology, Threats, Vulnerability Management
Future-ready cybersecurity: Lessons from the MITRE CVE crisis
The recent funding crisis surrounding MITRE’s Common Vulnerabilities and Exposures (CVE) program was more than just a bureaucratic hiccup — it was a wake-up call for an industry that has relied on CVEs for years to identify, categorize, and prioritize vulnerabilities. Out of the blue, we discovered the foundation was suddenly at risk. Worse still,…
Cybercrime, Cybersecurity, Department of Justice (DOJ), espionage, Global Security News, Government, indictment, Information stealing malware, infostealers, malware, Russia, Threats
DanaBot malware operation seized in global takedown
A global collection of private defenders and law enforcement agencies notched another win against a core facilitator for cybercrime, initiating coordinated seizures and takedowns of DanaBot’s command and control servers, disrupting the malware-as-a-service’s operations, the Justice Department said Thursday. Federal officials also unsealed a grand jury indictment and criminal complaint charging 16 individuals for their…
Cybersecurity, eset, Fancy Bear, Global Security News, Government, GRU, nato, North America, phishing, powershell, PsExec, Russia, Threats, Transportation, Ukraine
Multi-national warning issued over Russia’s targeting of logistics, tech firms
A joint advisory from intelligence and cybersecurity agencies in the United States, United Kingdom, Canada, Australia and multiple European countries has detailed an ongoing Russian state-sponsored campaign targeting Western logistics organizations and technology companies, especially those supporting aid to Ukraine. The campaign, orchestrated by the group known as APT28 or Fancy Bear, has relied heavily…
AI, deepfakes, Exploits, Federal Bureau of Investigation (FBI), Global Security News, Government, Threats
FBI warns of fake texts, deepfake calls impersonating senior U.S. officials
The FBI said Thursday that malicious actors have been impersonating senior U.S. government officials in a text and voice messaging campaign, using phishing texts and AI-generated audio to trick other government officials into giving up access to their personal accounts. The warning provided few details about the campaign, which started in April and appears to…