Hacking and Information - Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” Among those was AT&T , which disclosed in July that cybercriminals had stolen personal information and phone and text message records for roughly 110 million people nearly all of its customers.

Hacking

Hacking Government Identity Theft Accountability

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. “We have been playing cat and mouse for a while with these guys,” said Matt Sciberras , chief information security officer at Invicti.

Hacking

Hacking Cybercrime Advertising Data breaches

DeepSeek database exposed highly sensitive information

Security Affairs

JANUARY 30, 2025

“This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, DeepSeek ) ” concludes the report.

Authentication

Authentication Passwords Hacking Risk

NSO Group Spies on People on Behalf of Governments

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government

Government Spyware Mobile Hacking

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Today they are going to send me a report on the supposed hacking.” This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information.

Government

Government Hacking Ransomware Insurance

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware) Google researchers provided event rules within Google Security Operations to dete ctPLAYFULGHOST activity.

Malware

Malware Encryption Phishing Hacking

Rhysida Ransomware gang claims the hack of the Government of Peru

Security Affairs

MAY 3, 2025

The Rhysida Ransomware gang claims the hack of the Government of Peru, the gang breached Gob.pe, the Single Digital Platform of the Peruvian State. The Rhysida ransomware gang claims responsibility for hacking the Government of Peru, breaching Gob.pe, which is the country’s official digital platform.

Government

Government Ransomware Hacking Manufacturing

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Security Affairs

MARCH 10, 2025

Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” ” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data.

Hacking

Hacking Healthcare Backups Ransomware

Threat actors use fake AI tools to deliver the information stealer Noodlophile

Security Affairs

MAY 12, 2025

Threat actors use fake AI tools to trick users into installing the information stealer Noodlophile, Morphisec researchers warn. The report includes Indicators of Compromise (IOCs) for this campaign Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,fake AI tools)

Malware

Malware Media Cybercrime Scams

FBI Deletes PlugX Malware from Thousands of Computers

Schneier on Security

JANUARY 16, 2025

” Details : To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to a DOJ press release , the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based

Malware

Malware Hacking Software

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” and its allies for hacking activities in July.

Hacking

Hacking Internet Internet Government

Subaru Starlink flaw allowed experts to remotely hack cars

Security Affairs

JANUARY 25, 2025

To confirm their findings, the researchers reached out to their friend and asked if they could hack her car. Additionally, attackers could secretly obtain personal information such as the victims name, phone number, email, and physical address. Admin panel access exposed vehicle data (e.g., name, ZIP, phone, email, billing details).

Hacking

Hacking Accountability Passwords Authentication

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

Security Affairs

APRIL 10, 2025

No OCI service has been interrupted or compromised in any way,” Last week, Oracle confirmed a data breach and started informing customers while downplaying the impact of the incident. The hacker has published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video as proof of the hack.

Hacking

Hacking Data breaches Encryption Passwords

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

Security Affairs

JANUARY 23, 2025

is end-of-life and no longer receives security updates, for this reason, these instances are exposed to hack. The advisory details hacking activities exploiting the mentioned vulnerabilities. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,CISA)

Hacking

Hacking Government Cybersecurity Information Security

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Mazda Connect) . “The CMU can then be compromised and “enhanced” to, for example, attempt to compromise any connected device in targeted attacks that can result in DoS, bricking, ransomware, safety compromise, etc.”

Hacking

Hacking Firmware Software Manufacturing

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted them of a possible compromise of their devices. WhatsApp linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024.

Spyware

Spyware Hacking Surveillance Malware

Age Verification Using Facial Scans

Schneier on Security

APRIL 17, 2025

“The information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our vendor. For Face Scan, the solution our vendor uses operates on-device, which means there is no collection of any biometric information when you scan your face.

Hacking

Hacking Media

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. million records containing employee data on the hacking forum BreachForums.

Data breaches

Data breaches Hacking Ransomware Technology

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

I am interested in finding how my information ended up in your database. That last one seems perfectly reasonable, and fortunately, DemandScience does have a link on their website to Do Not Sell My Information : Dammit! So, he asked them: I seem to have found my email in your data breach. If, like me, you're part of the 99.5%

Data breaches

Data breaches Passwords B2B Technology

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. police as part of an FBI investigation into the MGM hack. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Security Affairs

OCTOBER 31, 2024

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank disclosed a data breach after a threat actor claimed the hack of the organization and leaked stolen data online. Interbank , formally the Banco Internacional del Perú Service Holding S.A.A.

Data breaches

Data breaches Financial Services Hacking Mobile

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

The missive bore the name of the hotel and referenced details from their reservation, claiming that booking.com’s anti-fraud system required additional information about the customer before the reservation could be finalized. One post last month on the Russian-language hacking forum BHF offered up to $5,000 for each hotel account.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

Rather than using advanced hacking techniques, they exploited systems with default credentials to compromise target networks. This included working on malware that was still in development, and looking for information on potential targets.” ” continues the report.

Malware

Malware Social Engineering Engineering Hacking

What Graykey Can and Can’t Unlock

Schneier on Security

NOVEMBER 26, 2024

The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, More information : Meanwhile, Graykey’s performance with Android phones varies, largely due to the diversity of devices and manufacturers. which was released on October 28.

Media

Media Manufacturing Mobile Hacking

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in connection with the SolarWinds hack. But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option.

CISO

CISO CSO Risk Cyber threats

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Intrinsec said its analysis showed Prospero frequently hosts malware operations such as SocGholish and GootLoader , which are spread primarily via fake browser updates on hacked websites and often lay the groundwork for more serious cyber intrusions — including ransomware. A fake browser update page pushing mobile malware.

Malware

Malware Antivirus Software DDOS

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

These falsely obtained credentials enable cyber criminals to successfully mimic a real-world investigation by inducing platform operators to provide extremely sensitive information. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,EDR-as-a-Service)

Cybercrime

Cybercrime Social Engineering Accountability Government

Silk Typhoon Hackers Indicted

Schneier on Security

MARCH 11, 2025

The indictments highlight how, in some cases, the hackers operated with a surprising degree of autonomy, even choosing targets on their own before selling stolen information to Chinese government clients.

Government

Government Media Hacking

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Security Affairs

MAY 18, 2025

“That effectively means there is a built-in way to physically destroy the grid,” an anonymous informer told Reuters The rogue devices’ existence is newly revealed, with no public US government acknowledgment. The US grid was successfully hacked in November by hackers belonging to foreign governments.

Energy and Utilities

Energy and Utilities Manufacturing Government Hacking

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter) million in revenue.

Cybercrime

Cybercrime Cryptocurrency Banking Accountability

SK Telecom revealed that malware breach began in 2022

Security Affairs

MAY 20, 2025

In April, SK Telecom reported that threat actors gained access to USIM-related information for customers following a malware attack. Upon discovering the infection, the company promptly reported it to the Korea Internet & Security Agency (KISA) on Sunday, April 20, sanitized the impacted systems, and isolated the suspected hacking device.

Malware

Malware Mobile Data breaches Wireless

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Security Affairs

DECEMBER 8, 2024

The investigation aimed to determine the extent of the activity, and whether individual personal information, if any, may have been accessed or acquired by an unauthorized third party. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Anna Jaques Hospital)

Data breaches

Data breaches Insurance Healthcare Ransomware

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

Security Affairs

MAY 17, 2025

Access to personal or official accounts operated by US officials could be used to target other government officials, or their associates and contacts, by using trusted contact information they obtain.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,deepfake)

Government

Government Social Engineering Authentication Accountability

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

Security Affairs

APRIL 13, 2025

. “During the half-day meeting in Geneva, Wang Lei, a top cyber official with Chinas Ministry of Foreign Affairs, indicated that the infrastructure hacks resulted from the U.S.s “Wang or the other Chinese officials didnt directly state that China was responsible for the hacking, the U.S. ” states the WSJ.

Hacking

Hacking Manufacturing Education Government

Operation ENDGAME disrupted global ransomware infrastructure

Security Affairs

MAY 25, 2025

Coordination by Eurojust ensured that authorities were able to exchange information and align their investigative efforts.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Operation ENDGAME) ” Authorities also seized 3.5M

Ransomware

Ransomware Cybercrime Malware Cryptocurrency

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

Security Affairs

JANUARY 19, 2025

A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. The vulnerability allows authenticated attackers with Subscriber access to exploit a missing capability check, leading to information disclosure.

Consumer Services

Consumer Services Authentication Hacking

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

Security Affairs

NOVEMBER 6, 2024

Security researcher Rick de Jager demonstrated the vulner ability, called RISK:STATION by cybersecurity firm Midnight Blue, at the Pwn2Own Ireland 2024 hacking contest. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Synology) 10053 or above) Synology Photos 1.6

Firmware

Firmware Manufacturing Hacking Media

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

Security Affairs

MARCH 8, 2025

A data breach suffered by the Japanese telecom giant NTT exposed information of nearly 18,000 corporate customers. Japanese telecom giant NTT suffered a data breach that exposed information of nearly 18,000 corporate customers. Please note that information about services for individual customers was not included.”

Data breaches

Data breaches Mobile Hacking Malware

VMware fixed three actively exploited zero-days in ESX products

Security Affairs

MARCH 4, 2025

HGFS information-disclosure vulnerability: the vulnerability is an information disclosurevulnerability that impacts VMware ESXi, Workstation, and Fusion. The virtualization giant confirmed that it has information to suggest that exploitation of the three flaws has occurred in the wild. CVE-2025-22226 (CVSS score of 7.1)

Hacking

Hacking Information Security

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first official operation: Will be published of sensitive data from over 15,000 targets worldwide (both governmental and private sectors) that have been hacked and their data extracted.”

VPN

VPN Passwords Firewall Firmware

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Some of those lures worked, and allowed thieves to gain control over booking.com accounts.

Phishing

Phishing Malware Scams Passwords

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Security Affairs

MAY 13, 2025

The systems that companies use in the defense sector may also hold classified information. Such information will be of interest to foreign intelligence agencies, nation-state actors, and advanced espionage groups, especially during local conflicts and ongoing wars.

Ransomware

Ransomware Cyber Attacks Risk Hacking

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

APRIL 13, 2025

Compromised data includes full names, contact details, ID numbers, banking information, drivers license numbers, medical records and passport details. The company engaged top cybersecurity and forensic experts, informed authorities, and is actively supporting affected stakeholders. The gang claimed the theft of 2 TB of data.

Data breaches

Data breaches Unstructured Data Identity Theft Healthcare

FBI: Spike in Hacked Police Emails, Fake Subpoenas

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Trending Sources

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

DeepSeek database exposed highly sensitive information

NSO Group Spies on People on Behalf of Governments

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

PLAYFULGHOST backdoor supports multiple information stealing features

Rhysida Ransomware gang claims the hack of the Government of Peru

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Threat actors use fake AI tools to deliver the information stealer Noodlophile

FBI Deletes PlugX Malware from Thousands of Computers

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Subaru Starlink flaw allowed experts to remotely hack cars

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

Mazda Connect flaws allow to hack some Mazda vehicles

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Age Verification Using Facial Scans

Amazon discloses employee data breach after May 2023 MOVEit attacks

Inside the DemandScience by Pure Incubation Data Breach

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Booking.com Phishers May Leave You With Reservations

Iran and China-linked actors used ChatGPT for preparing attacks

What Graykey Can and Can’t Unlock

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

EDR-as-a-Service makes the headlines in the cybercrime landscape

Silk Typhoon Hackers Indicted

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

DoJ seized credit card marketplace PopeyeTools and charges its administrators

SK Telecom revealed that malware breach began in 2022

2023 Anna Jaques Hospital data breach impacted over 310,000 people

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

Operation ENDGAME disrupted global ransomware infrastructure

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

VMware fixed three actively exploited zero-days in ESX products

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

ClickFix: How to Infect Your PC in Three Easy Steps

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

South African telecom provider Cell C disclosed a data breach following a cyberattack

Stay Connected