Security Affairs

JUNE 9, 2025

malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. “Most of the infected devices were manufactured in China. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 ” BADBOX 2.0

IoT

SecureList

APRIL 23, 2025

The campaign, dubbed “Operation SyncHole”, has impacted at least six organizations in South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, and we are confident that many more companies have actually been compromised. The software has since been updated with patched versions.

Malware

Security Affairs

FEBRUARY 10, 2025

. “XE Group transitioned from credit card skimming to targeted information theft, marking a significant shift in their operational priorities.Their attacks now target supply chains in the manufacturing and distribution sectors, leveraging new vulnerabilities and advanced tactics.” ” reads the analysis published by Intezer.

Manufacturing

Security Affairs

NOVEMBER 8, 2024

” Newpark Resources pointed out that its manufacturing and field operations remain largely unaffected, continuing with established downtime procedures despite the ransomware attack. The company did not share details about the attack either the family of malware that infected its systems.

Ransomware

Security Affairs

JULY 18, 2025

Despite false malware flags from some browsers, tests confirm it works and is safe. NoMoreRansom warns users to remove the malware first with a reliable antivirus before using the decryptor, or files may be re-encrypted repeatedly. Europol and the FBI are promoting it as an official recovery solution. In February 2025, the U.S.

Ransomware

SecureWorld News

JUNE 6, 2025

This year's report is a must-read for practitioners defending OT-heavy sectors like manufacturing, energy, logistics, and critical infrastructure. The growing sophistication of malware and attacker objectives means OT-focused organizations must rethink how they segment, detect, and respond to threats," the report states.

Media

Security Affairs

NOVEMBER 9, 2024

” The research targeted a CMU unit manufactured by Visteon, with software initially developed by Johnson Controls Inc. This quick compromise allows vehicles to be targeted during valet service, ride-sharing, or through USB malware. x) may also be vulnerable. ” concludes the report.

Hacking

Security Affairs

DECEMBER 3, 2024

The authors signed Bootkitty with a self-signed certificate, thus the malware cannot run on systems with UEFI Secure Boot enabled unless the attackers’ certificates have been installed. The researchers noticed the many artifacts in bootkit.efi, suggesting that the binary is likely a proof of concept that was never used in attacks in the wild.

Firmware

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

VPN

Security Affairs

OCTOBER 19, 2024

APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed. The hackers targeted organizations in the chemicals, manufacturing, electronics, aerospace, healthcare, and automotive sectors. dll), allowing type confusion to occur.

Internet

Security Affairs

MARCH 12, 2025

“The botnet exploits this vulnerability by injecting a payload that downloads and executes a cleartext shell dropper named dropbpb.sh, responsible for downloading the malware binaries and executing them on the compromised device.” 70) via HTTP on port 81. It processes encrypted data over a RAW socket, limiting further analysis.

IoT

SecureList

NOVEMBER 29, 2024

The malware utilizes cloud resources for its C2 (command and control) servers, which it accesses via APIs using authentication tokens. While the modus operandi of the threat actor is reminiscent of the CloudWizard APT that we reported on in 2023, the malware code is completely different.

Energy and Utilities

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. ” reported the website Nation Thailand.

Ransomware

Security Affairs

FEBRUARY 28, 2025

In September 2024, Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 Unfortunately, manufacturers often sell older OS versions as newer ones. Researchers at the Chinese cybersecurity firm QiAnXin (QAX) recently discovered 89 new malware samples.

Antivirus

Hacker's King

DECEMBER 24, 2024

AI-powered malware and phishing schemes can adapt to defenses in real time, making them harder to detect and counter. Expect an increase in regulations requiring manufacturers to implement stronger security features in devices, alongside enhanced monitoring of IoT networks.

Cybersecurity

Security Affairs

JULY 26, 2025

The BlackSuit ransomware targeted various critical infrastructure sectors, including commercial facilities, healthcare, government, and manufacturing. The group exfiltrates data stolen from victim networks using post-exploitation tools, such as Cobalt Strike , and malware such as Ursnif.

Ransomware

Security Affairs

JANUARY 10, 2025

Campaign A (20192023): Used emails with malware attachments (LODEINFO) to target politicians, media, and government. Campaign B (2023): Exploited software vulnerabilities in networking devices, focusing on semiconductor, manufacturing, and aerospace sectors. Stay updated on network device vulnerabilities and apply patches promptly.

Antivirus

SecureWorld News

JUNE 9, 2025

When vendors gain network access for ticketing, baggage handling, or route planning, they can inadvertently introduce malware or provide a foothold for threat actors. Critical services are frequently outsourced in the aviation industry, which further expands vulnerabilities.

Cybersecurity

Security Affairs

MAY 28, 2025

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. ” states the report.

Surveillance

SecureList

APRIL 25, 2025

While external malware now faces greater permission restrictions, pre-installed malware within system partitions has become impossible to remove. The modular architecture of the malware gives attackers virtually unlimited control over the system, enabling them to tailor functionality to specific applications.

Cryptocurrency

Centraleyes

DECEMBER 16, 2024

We are seeing increased use of AI to automate attacks, including malware generation and phishing campaigns. Cyber-Physical System (CPS) Security As manufacturing, healthcare, and transportation industries become more digitized, the integration of cyber-physical systemslike smart grids, industrial control systems, and IoT devicesis growing.

Cybersecurity

SecureList

NOVEMBER 28, 2024

Most of the infections were still at financial institutions in Vietnam, with one victim active in the manufacturing industry. We also found Cobalt Strike beacons and several traces tying this actor to the ShadowPad malware and UNC2643 activity, which is in turn associated with the HAFNIUM threat actor.

Malware

Security Boulevard

JANUARY 20, 2025

How cars became the worst product category for privacy Session Covers the extensive data collection (and subsequent sharing with car manufacturers and their affiliates) enabled by modern vehicles; they can collect way beyond location data. Malware campaigns covered generally target/affect the end user.

Surveillance

SecureWorld News

JANUARY 16, 2025

Ensure compliance with regulations When IT support processes fail to align with manufacturing needs, the consequences are significant: Staying informed: Governments and industry bodies frequently update regulations to address emerging threats. Companies must monitor these changes and ensure compliance to avoid legal penalties.

Energy and Utilities

Security Affairs

FEBRUARY 12, 2025

The Sarcoma ransomware group announced a breach of the Taiwanese printed circuit board (PCB) manufacturing giant Unimicron. The Sarcoma ransomware group claims to have breached Taiwanese PCB manufacturer Unimicron, leaked sample files, and threatened a full data release if no ransom is paid by Tuesday, February 20, 2025.

Computers and Electronics

Security Affairs

FEBRUARY 1, 2025

The company, which is engaged in product engineering, provides services to automotive and aerospace original equipment manufacturers as well as industrial machinery companies. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack.

Technology

Security Affairs

MARCH 13, 2025

As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing.” ” reads the joint advisory.

Ransomware

Security Affairs

MARCH 24, 2025

The group has extended its operations to countries in Asia and targets various sectors, including healthcare, real estate, construction, IT, food, and manufacturing.” . “Cloak primarily targets small to medium-sized businesses in Europe, with Germany as a key focus. ” reads a report published by Halcyon.

Ransomware

Security Boulevard

MARCH 21, 2025

NCSC) FBI Warns of Increasing Threat of Cyber Criminals Utilizing Artificial Intelligence (FBI) 4 - Groups call for IoT end-of-life disclosure law Manufacturers of internet-of-things (IoT) devices should be required by law to disclose the products theyre no longer supporting, so that customers are aware of the security risks those products pose.

Risk

Security Affairs

MAY 3, 2025

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. According to the gangs Tor leak site, at least 182 companies are victims of the operation. The victims of the group are targets of opportunity.

Government

Security Affairs

APRIL 5, 2025

The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. In September 2024, Port of Seattle confirmed that the Rhysida ransomware group was behind the cyberattack. The Rhysida ransomware group has been active since May 2023.

Data breaches

SecureList

OCTOBER 15, 2024

It uses the CPUID instruction to obtain information about the processor manufacturer. The malware uses different strings to load libraries and functions required for execution. In particular, Avast and AVG solutions are of interest to the malware. If the CPU is not from Intel or AMD, it terminates execution. dll” library.

Malware

Security Affairs

MARCH 5, 2025

The company, which is engaged in product engineering, provides services to automotive and aerospace original equipment manufacturers as well as industrial machinery companies. The ransomware attack took place in January as per a regulatory filing with the Indian National Stock Exchange. ” reads the filing.

Technology

Malwarebytes

AUGUST 12, 2025

Final) to patch a vulnerability which was used in two separate malware campaigns. The RomCom attackers used the vulnerability from July 18 – 21 against financial, manufacturing, defense, and logistics companies in Europe and Canada. Use an up-to-date, real-time anti-malware solution , preferably with a web protection component.

Malware

SecureList

DECEMBER 9, 2024

Other notable supply chain attacks in 2024 include: Hackers injected malware directly into the source code of the largest Discord bot platform. The packages imitated libraries for LLMs, whereas in fact they downloaded the JarkaStealer malware to the victim’s system.

Internet

SecureList

DECEMBER 23, 2024

Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor ( CVE-2018-0802 ) to download and execute malware code. vbs VBShower Cleaner After the download is complete, the malware adds a registry key to auto-run the VBShower Launcher script.

Encryption

Penetration Testing

JUNE 17, 2025

It enables technicians to configure, monitor, and manage programmable logic controllers (PLCs) and other WAGO components used in automation environments across manufacturing, energy, and transportation sectors. The WAGO Device Manager is a configuration tool embedded in the firmware of WAGO’s industrial control systems (ICS).

Firmware