article thumbnail

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. How AI and automation are amplifying the scale and sophistication of VPN attacks.

VPN 133
article thumbnail

US, European Law Enforcement Shut Down Cybercrime-Friendly VPN Services

Adam Levin

Law enforcement agencies from the United States and Europe seized domain names and servers belonging to a virtual private network (VPN) provider long linked to online cybercrime. Visitors to the three domain names operated by the VPN provides, Insorg.org, Safe-inet.com, and Safe-inet.net are now directed to pages announcing the seizure.

VPN 260
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

US authorities have indicted Black Kingdom ransomware admin

Security Affairs

A 36-year-old Yemeni man behind Black Kingdom ransomware is indicted in the U.S. authorities have indicted Rami Khaled Ahmed (aka Black Kingdom, of Sanaa, Yemen), a 36-year-old Yemeni national, suspected of being the administrator of the Black Kingdom ransomware operation. for 1,500 attacks on Microsoft Exchange servers.

article thumbnail

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. ” This attacker’s approach may seem fairly amateur, but it would be a mistake to dismiss the threat from West African cybercriminals dabbling in ransomware. ” Image: Sophos.

article thumbnail

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Security Affairs

Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. ” Microsoft wrote on X. .

article thumbnail

NailaoLocker ransomware targets EU healthcare-related entities

Security Affairs

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The ransomware appends the .

article thumbnail

The ‘Groove’ Ransomware Gang Was a Hoax

Krebs on Security

A number of publications in September warned about the emergence of “ Groove ,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. Some security experts said the post of the Fortinet VPN usernames and passwords was aimed at drawing new affiliates to Groove. ” reads the Oct.