Tag: cybercrime
-
Qilin Ransomware Uses TPwSav.sys Driver to Bypass EDR Security Measures
Tags: cyber, cybercrime, data, detection, edr, endpoint, exploit, extortion, ransom, ransomware, service, tactics, vulnerabilityCybercriminals affiliated with the Qilin ransomware-as-a-service (RaaS) operation have demonstrated advanced evasion techniques by exploiting a previously undocumented vulnerable driver, TPwSav.sys, to disable Endpoint Detection and Response (EDR) systems through a bring-your-own-vulnerable-driver (BYOVD) attack. First observed in July 2022, Qilin employs double extortion tactics, exfiltrating data for leakage on dedicated sites if ransoms remain unpaid,…
-
Threat Actors Use LNK Files to Deploy RedLoader Malware on Windows Systems
Sophos analysts have identified a novel infection chain employed by the financially motivated cybercriminal group GOLD BLADE, also known as RedCurl, Red Wolf, and Earth Kapre, to deploy their custom RedLoader malware on Windows systems. This group, active since 2018 and specializing in commercial espionage, has been observed using highly targeted phishing emails to infiltrate…
-
Umfrage unter 3.400 IT-lern beleuchtet Cybercrime-Lage – Teure Angriffe: Die Hälfte aller Ransomware-Opfer zahlt Lösegeld
First seen on security-insider.de Jump to article: www.security-insider.de/weniger-loesegeld-bei-ransomware-angriffen-a-43f5c610a4d5cafd067dd0bb537c3475/
-
CISA and FBI Release Tactics, Techniques, and Procedures of the Scattered Spider Hacker Group
The joint Cybersecurity Advisory AA23-320A, collaboratively issued by agencies such as the FBI, CISA, RCMP, ASD’s ACSC, AFP, CCCS, and NCSC-UK, serves as a critical update on the Scattered Spider cybercriminal group. Originally published in November 2023 and revised multiple times, most recently on July 29, 2025 this advisory highlights the group’s persistent and adaptive…
-
Nimble ‘Gunra’ Ransomware Evolves With Linux Variant
The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/nimble-gunra-ransomware-linux-variant
-
Scattered Spider is targeting victims’ Snowflake data storage for quick exfiltration
The latest advisory on Scattered Spider from the FBI and agencies in the U.K., Canada and Australia says the cybercrime group is often looking for Snowflake data storage credentials when it picks a company to attack. First seen on therecord.media Jump to article: therecord.media/scattered-spider-targeting-snowflake-access-data-exfiltration
-
Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks
Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that’s targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data.The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus.”This extensive campaign involved First…
-
Cybercriminals Attack Seychelles Offshore Banking as a Target
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cybercriminals-attack-seychelles-offshore-banking-as-a-target
-
Cybercriminals Attack Seychelles Offshore Banking as a Target
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cybercriminals-attack-seychelles-offshore-banking-as-a-target
-
Ransomware will thrive until we change our strategy
We have reached a stage where ransomware isn’t simply a cybercrime issue: it is now clearly a business disruptor, a threat to societal trust, and increasingly, a national … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/29/ransomware-national-security-threat/
-
FBI alerts tie together threats of cybercrime, physical violence from The Com
Officials said thousands of people, typically between 11 and 25 years old, are engaged in a growing and evolving online threat to commit crime for money, retaliation, ideology, sexual gratification and notoriety. First seen on cyberscoop.com Jump to article: cyberscoop.com/fbi-warning-the-com-cybercrime-extortion-violence/
-
Tea app data theft scandal worsens as stolen IDs leaked to cybercriminal forum
Makers of the app for women called Tea are continuing to respond to an intrusion into a “legacy data storage system” that exposed photos of users, including images of driver’s licenses. First seen on therecord.media Jump to article: therecord.media/tea-app-data-breach-stolen-ids-leaked
-
LLM Honeypots Deceive Hackers into Exposing Attack Methods
Tags: ai, attack, cyber, cybercrime, cybersecurity, hacker, intelligence, LLM, strategy, technology, threatCybersecurity researchers have successfully deployed artificial intelligence-powered honeypots to trick cybercriminals into revealing their attack strategies, demonstrating a promising new approach to threat intelligence gathering. The innovative technique uses large language models (LLMs) to create convincing fake systems that lure hackers into exposing their methods and infrastructure. Revolutionary Deception Technology The breakthrough involves Beelzebub, a…
-
Android Malware-as-a-Service Gets Cheaper, Packing 2FA Interception
Malware-as-a-service (MaaS) platforms like PhantomOS and Nebula are democratizing Android device attacks because they provide pre-built, subscription-based malware kits for as little as $300 per month, marking a fundamental shift in the cybercrime scene. These services eliminate the need for coding expertise, providing cybercriminals with fully functional Android trojans equipped with advanced capabilities like two-factor…
-
Inside Muddled Libra’s Playbook: Call Center Attacks for Initial Breach
Palo Alto Networks’ Unit 42, the cybercrime group tracked as Muddled Libra also known as Scattered Spider or UNC3944 has demonstrated remarkable resilience and adaptation in 2025, following international law enforcement disruptions in late 2024. Despite federal charges against five suspected members in November 2024, the group has escalated its intrusion operations across sectors including…
-
UNC3944 Ransomware Attacks Target U.S. Infrastructure via VMware Exploits
Tags: attack, cybercrime, cybersecurity, exploit, google, group, hacking, infrastructure, intelligence, ransomware, threat, vmwareA financially driven cybercrime group known as UNC3944 has launched a coordinated and highly targeted hacking campaign that ends with ransomware against major U.S. industries, according to a joint report by Google’s Threat Intelligence Group (GTIG) and cybersecurity firm Mandiant…. First seen on sensorstechforum.com Jump to article: sensorstechforum.com/unc3944-ransomware-attacks-vmware-exploits/
-
Threat Actors Claim Breach of Airpay Payment Gateway
Cybercriminals have reportedly claimed a successful breach of Airpay, an Indian payment gateway service, raising serious concerns about the security of financial data and customer information. The allegations surfaced on underground forums where threat actors are allegedly offering access to sensitive data for sale, though the full extent and validity of the claimed breach remains…
-
Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
Tags: attack, cybercrime, google, group, infrastructure, mandiant, phone, ransomware, software, tactics, vmwareThe notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.”The group’s core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk,” Google’s Mandiant team…
-
Darkweb das verkannte Security-Tool
Tags: crypto, cyberattack, cybercrime, exploit, hacker, intelligence, leak, mail, malware, ransomware, service, threat, tool, vulnerability, zero-dayEin Besuch im Darkweb kann der IT-Sicherheit zuträglich sein.Ist vom Darkweb die Rede, weckt das bei den meisten Menschen dunkle Assoziationen von einem florierenden Cyberuntergrund, in dem (unter anderem) mit Waffen, Drogen und Zugangsdaten gehandelt wird. Das trifft zwar durchaus zu allerdings eröffnet das Darkweb Unternehmen, beziehungsweise Security-Spezialisten und -Forschern, auch einige interessante Möglichkeiten, Schaden…
-
Wie KI zur größten Cyberbedrohung wird
Von Michael Kleist, Area Vice President CEE bei CyberArk Das aktuelle »Bundeslagebild Cybercrime 2024« des Bundeskriminalamts hat es nochmal bestätigt: Die Gefährdungslage durch Cyberkriminalität bleibt in Deutschland unverändert hoch, teilweise ist sogar von steigenden Gefahren auszugehen [1]. Ein Grund dafür ist die zunehmende KI-Nutzung durch Angreifer. Auch das Lagebild kommt zum Schluss, dass KI verstärkt……
-
Phishing lässt sich auch durch SecureMail-Gateways nicht aufhalten
Phishing hat sich zu einem der gefährlichsten Einfallstore moderner Cyberkriminalität entwickelt und dabei vor allem eines bewiesen: Anpassungsfähigkeit. Wo Unternehmen auf ausgereifte Schutzmaßnahmen wie Secure-E-Mail-Gateways (SEGs) setzen, nutzen Angreifer gezielt deren Schwächen aus. Die Angriffsmethoden werden immer raffinierter und dynamischer deshalb ist jetzt an der Zeit ist, über neue Verteidigungsstrategien nachzudenken. Wie […] First seen…
-
Scattered Spider Exploiting VMware vSphere
Hacking Tactics Linked to Retail, Airline Compromises. The loosely connected band of adolescent cybercriminals tracked as Scattered Spider has joined the VMware hypervisor hacking bandwagon, pivoting into virtual servers through corporate instances of Active Directory. vSphere integration with Active Directory adds a yet another layer of insecurity. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/scattered-spider-exploiting-vmware-vsphere-a-29059
-
Hackers Exploit Google Forms to Trick Victims into Stealing Cryptocurrency
Cybercriminals are increasingly using Google Forms to plan cryptocurrency theft in a sophisticated evolution of phishing assaults, taking advantage of the platform’s built-in credibility and smooth integration with Google’s ecosystem. This tactic allows malicious actors to bypass traditional email security filters, delivering deceptive messages directly to victims’ inboxes. By masquerading as legitimate notifications from cryptocurrency…
-
The Young and the Restless: Young Cybercriminals Raise Concerns
National governments warn that many hacker groups attract young people through a sense of community, fame, or the promise of money and the perception of a lack of risk of prosecution. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/young-cybercriminals-raise-concerns
-
Phishing Attack Spoofs Facebook Login Page to Capture Credentials
Cybercriminals are using a variety of dishonest tactics in a sophisticated phishing effort aimed at Facebook users in order to obtain login information. The attack begins with a malicious redirect that leads victims to a fraudulent website mimicking legitimate Facebook interfaces. Here, users encounter a fake CAPTCHA prompt designed to appear as a standard security…
-
Multiple Hacker Groups Exploit SharePoint 0-Day Vulnerability in the Wild
Tags: cve, cyber, cybercrime, exploit, flaw, group, hacker, microsoft, remote-code-execution, threat, vulnerability, zero-dayMicrosoft has confirmed that a pair of zero-day vulnerabilities in on-premises SharePoint Server, collectively dubbed ToolShell, are under active exploitation by diverse threat actors ranging from opportunistic cybercriminals to sophisticated nation-state advanced persistent threat (APT) groups. ToolShell encompasses CVE-2025-53770, a critical remote code execution (RCE) flaw allowing unauthenticated attackers to execute arbitrary code on vulnerable…
-
BlackSuit Ransomware Infrastructure Seized by Authorities
International law enforcement agencies delivered a significant blow to cybercriminals this week with the successful takedown of critical infrastructure belonging to the BlackSuit ransomware gang. The coordinated operation, dubbed >>Operation Checkmate,
-
Supply chain attack compromises npm packages to spread backdoor malware
Tags: attack, authentication, backdoor, control, cybercrime, cybersecurity, data, defense, email, linux, macOS, malicious, malware, mfa, phishing, software, supply-chain, threat, tool, update, vulnerability, windowsis npm JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:”Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked,” he wrote.The infected version was removed by npm admins and v3.3.0…
-
Law Enforcement Cracks Down on XSS, but Will It Last?
The arrest of a suspected administrator for the popular cybercrime forum was one of several enforcement actions in the past week targeting malicious activity. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/law-enforcement-cracks-down-xss