Krebs on Security

DECEMBER 4, 2024

government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. government’s “Wanted” poster for him.

Cybercrime

Penetration Testing

OCTOBER 28, 2024

A significant security vulnerability, CVE-2023-32197, has been identified in RKE2, Rancher’s Kubernetes distribution geared toward high-security environments, including the U.S. Federal Government.

Government

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. The authorities launched an investigation after the ransomware gang Ransomhub claimed the attack and published samples of personal information from a database of government.

Government

Krebs on Security

FEBRUARY 26, 2025

government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military. ” prosecutors in the case said Wednesday.

Hacking

The Hacker News

MAY 15, 2025

The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company.

Government

Schneier on Security

MAY 15, 2025

The first instanceof enacted law known to have been written by AI was passed in Porto Alegre, Brazil, in 2023. The UAE has promised to spend more than $3 billion to transform into an “ AI-native ” government by 2027. The French government has gone so far as to train its own AI model to assist with legislative tasks.

Government

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. According to several SIM-swapping channels on Telegram where Tylerb was known to frequent, rival SIM-swappers hired thugs to invade his home in February 2023. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Mobile

Krebs on Security

JANUARY 16, 2025

Merrill said the different purveyors of these SMS phishing tools traditionally have impersonated shipping companies, customs authorities, and even governments with tax refund lures and visa or immigration renewal scams targeting people who may be living abroad or new to a country. Postal Service customers.

Phishing

Security Affairs

APRIL 30, 2025

France blames Russia-linked APT28 for cyberattacks targeting or compromising a dozen French government bodies and other entities. The Russia-linked APT28 group has targeted or compromised a dozen government organizations and other French entities, the French Government states. CVE-2023-23397 ).

Government

Krebs on Security

MAY 29, 2025

government today imposed economic sanctions on Funnull Technology Inc. , The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025. Image: Shutterstock, ArtHead. based cloud providers before redirecting to malicious or phishous websites.

Scams

Krebs on Security

MAY 15, 2025

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick , a.k.a. Image: Ke-la.com.

Healthcare

Security Affairs

JANUARY 14, 2025

According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. European, and Asian entities. systems. .”

Malware

Krebs on Security

MAY 7, 2025

People who purchased fake certifications were subsequently blackmailed by Axact employees posing as government officials , who would demand additional payments under threats of prosecution or imprisonment for having bought fraudulent unauthorized academic degrees. Mr. Bilwani did not respond to requests for comment.

Scams

Krebs on Security

DECEMBER 11, 2024

Sanders spent most of 2023 in Ukraine, traveling with Ukrainian soldiers while mapping the shifting landscape of Russian crypto exchanges that are laundering money for narcotics networks operating in the region. — shows an entity by that name incorporated at a mail drop in London in December 2023.

Cryptocurrency

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection

Krebs on Security

MARCH 27, 2025

Researchers at the security firm Silent Push mapped a network of several dozen phishing domains that spoof the recruitment websites of Ukrainian paramilitary groups, as well as Ukrainian government intelligence sites. The website legiohliberty[.]army army features a carbon copy of the homepage for the Freedom of Russia Legion (a.k.a.

Phishing

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

VPN

Security Affairs

JANUARY 3, 2025

Richmond University Medical Center has confirmed that a ransomware attack in May 2023 affected 670,000 individuals. New York’s Richmond University Medical Center confirmed a May 2023 ransomware attack impacted 674,033 individuals. In May 2023, RUMC suffered a ransomware attack that caused a multi-week disruption.

Data breaches

Security Affairs

NOVEMBER 15, 2024

In August 2023 the married couple from New York pleaded guilty to money laundering charges in connection with the hack of the cryptocurrency stock exchange Bitfinex in 2016. Since the arrest of the couple, the government has seized another approximately $475 million tied to the cyber heist.

Cryptocurrency

Security Affairs

DECEMBER 17, 2024

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called HiatusRAT that infected over 100 edge networking devices globally. One of these virtual private servers was exclusively employed in attacks against entities across Taiwan, including commercial firms and at least one municipal government organization.

Architecture

Security Affairs

FEBRUARY 27, 2025

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. Chinese hackers gained access to the VSSE’s email server between 2021 and May 2023, stealing 10% of staff incoming and outgoing emails. ” reported Reuters.

Malware

Security Affairs

APRIL 29, 2025

Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis. In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. In 2023, 37% of zero-day vulnerabilities targeted enterprise products.”

Surveillance

BH Consulting

MARCH 26, 2025

To put this into context, GenAI use in business was just 5 per cent in 2023, the research company said. In a presentation titled Digital governance for boards and senior executives: AI, cybersecurity, and privacy , she called on her extensive experience advising boards on these areas. Where should they focus their attention?

Government

Security Affairs

MARCH 7, 2025

Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024. The Symantec Threat Hunter Team reported that the Medusa ransomware operators have claimed nearly 400 victims since January 2023. Experts tracked the Medusa ransomware activity as Spearwing. .

Ransomware

Security Affairs

JULY 26, 2025

The BlackSuit ransomware operation has been active since April 2023. The BlackSuit ransomware targeted various critical infrastructure sectors, including commercial facilities, healthcare, government, and manufacturing. Homeland Security Investigations in a global law enforcement operation.

Ransomware

SecureWorld News

NOVEMBER 13, 2024

The MOVEit vulnerability (CVE-2023-34362), first exploited in May 2023, allowed unauthenticated attackers to gain unauthorized access to vulnerable systems. The MOVEit data theft and extortion attacks in May 2023 impacted a significant number of individuals and organizations globally.

Data breaches

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Mr. Shefel did not respond to requests for comment in advance of that December 2023 profile.

Advertising

Hacker's King

DECEMBER 16, 2024

In the digital age, cyber-attacks are a growing concern for individuals, businesses, and governments worldwide. According to recent reports, there were over 700 million cyber attacks in 2023 alonea significant rise from the previous year.

Cyber Attacks

Security Affairs

NOVEMBER 3, 2024

Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm. Chinese threat actors use the Quad7 botnet in password-spray attacks to steal credentials, Microsoft warns. “Microsoft assesses that a threat actor located in China established and maintains this network.

Passwords

SecureWorld News

MAY 9, 2025

Historically, COLDRIVERalso known as Star Blizzard, UNC4057, and Callistohas targeted high-profile individuals and organizations, including NATO governments, NGOs, journalists, and former intelligence officers, primarily through credential phishing campaigns. The infection process begins with a lure website featuring a fake CAPTCHA.

Malware

The Hacker News

JULY 4, 2025

Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China.

Government

SecureList

NOVEMBER 29, 2024

Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations. While the modus operandi of the threat actor is reminiscent of the CloudWizard APT that we reported on in 2023, the malware code is completely different.

Energy and Utilities

Anton on Security

JUNE 24, 2025

“A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next” “Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…” “Top 10 SIEM Log Sources in Real Life?” ( NEWER VERSION ) “Debating SIEM in 2023, Part 1” “Debating SIEM in 2023, Part 2” “Log Centralization: The End Is Nigh?” “How

Threat Detection

Security Affairs

FEBRUARY 24, 2025

TopSec was founded in 1995, it offers cybersecurity services such as Endpoint Detection and Response (EDR) and vulnerability scanning, along with “boutique” solutions to align with government initiatives and intelligence requirements. ” reads the report published by SentinelLabs. ” concludes the report.”The

Government

Adam Shostack

JANUARY 2, 2025

State was able to access the MailItemsAccessed log to set up these particular Big Yellow Taxi alerts because it had purchased Microsofts government agency-focused G5 license that includes enhanced logging capabilities through a product called Microsoft Purview Audit (Premium).

Government