Tag: extortion
-
Breach Roundup: Chinese Hackers Exploited ArcGIS
Also, Internet-Exposed Call Center Software Under Attack and Patch Tuesday. This week: Chinese hackers exploited ArcGIS, Internet-exposed call center software under attack, October patch Tuesday, Massachusetts student sentenced for $3 million extortion hack, New York fined eight insurers $14.2M over data breaches, more than 100 VS Code extensions leak secrets. First seen on govinfosecurity.com Jump…
-
Qilin Ransomware Leverages Ghost Bulletproof Hosting for Global Attacks
Qilin ransomwarean increasingly prolific ransomware-as-a-service (RaaS) operationhas intensified its global extortion campaigns by exploiting a covert network of bulletproof hosting (BPH) providers. These rogue hosting services, often headquartered in secrecy-friendly jurisdictions and operated through labyrinthine shell-company structures, allow Qilin’s operators and affiliates to host malware, data leak sites, and command-and-control infrastructure with near impunity. In…
-
‘Die meisten Unternehmen sind schlecht auf Cyberattacken vorbereitet”
Markus Weber ist Gründer und Geschäftsführer der IT-Beratungsfirma dokuworks. dokuworks GmbHHerr Weber, als Krisenmanager werden Sie ja oft erst ins Unternehmen geholt, wenn der Angriff schon passiert ist. Was sind die ersten Schritte?Weber: Wir überprüfen zunächst einmal, ob aus technischer Sicht die wichtigsten Maßnahmen getroffen wurden. Dazu gehört zum Beispiel, dass die IT-Systeme vom Netz…
-
‘Die meisten Unternehmen sind schlecht auf Cyberattacken vorbereitet”
Markus Weber ist Gründer und Geschäftsführer der IT-Beratungsfirma dokuworks. dokuworks GmbHHerr Weber, als Krisenmanager werden Sie ja oft erst ins Unternehmen geholt, wenn der Angriff schon passiert ist. Was sind die ersten Schritte?Weber: Wir überprüfen zunächst einmal, ob aus technischer Sicht die wichtigsten Maßnahmen getroffen wurden. Dazu gehört zum Beispiel, dass die IT-Systeme vom Netz…
-
Qilin Ransomware announced new victims
Resecurity’s new report details how the Qilin RaaS group relies on global bulletproof hosting networks to support its extortion operations. The following new report by Resecurity will explore the Qilin ransomware-as-a-service (RaaS) operation’s reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin…
-
Oracle silently fixes zero-day exploit leaked by ShinyHunters
Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracle-silently-fixes-zero-day-exploit-leaked-by-shinyhunters/
-
Oracles silently fixes zero-day exploit leaked by ShinyHunters
Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracles-silently-fixes-zero-day-exploit-leaked-by-shinyhunters/
-
Gladinet file sharing zero-day brings patched flaw back from the dead
What to do: All versions of CentreStack and Triofox file sharing servers up to and including 16.7.10368.56560 are vulnerable to CVE-2025-11371.The bad news is that Gladinet has yet to issue a patch for this, which means that for the time being the best customers can do is to apply the recommended mitigation.Luckily, according to Huntress,…
-
Salesforce Extortion Group Leaks Data After FBI Disruption
Criminals Claim Leak of Customer Data From Six Victims, Including Qantas Airlines. A ransomware group that’s been extorting Salesforce customers leaked some stolen data, following the FBI disrupting its shakedown sites. ShinyHunters, part of the rebranded Scattered Lapsus$ Hunters group, after leaking data from six victims, declared its Salesforce customer shakedown over. First seen on…
-
Google, Mandiant expose malware and zero-day behind Oracle EBS extortion
Google and Mandiant link Oracle EBS extortion emails to known July-patched flaws and a likely zero-day, CVE-2025-61882. Google Threat Intelligence and Mandiant analyzed the Oracle E-Business Suite extortion campaign, revealing the use of malware. Attackers exploited July-patched EBS flaws and likely a zero-day (CVE-2025-61882), sending extortion emails to company executives. In early October, Google Mandiant…
-
Hackers Claim Massive Salesforce Breach: 1 Billion Records Stolen
A new cybercriminal conglomerate known as Scattered Lapsus$ Hunters has emerged as a significant threat to global organizations, claiming responsibility for massive data breaches targeting Salesforce customer tenants. The group, also referred to as SP1D3R HUNTERS or SLSH, has reportedly stolen over one billion Salesforce records across two separate extortion campaigns, marking one of the…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66
Tags: android, cve, cyber, exploit, extortion, international, malware, ransomware, russia, spyware, vulnerabilitySecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ransomware and Cyber Extortion in Q3 2025 Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability XWorm V6: Exploring Pivotal Plugins ClayRat: A New Android Spyware Targeting Russia Security Evaluation of Android apps…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66
Tags: android, cve, cyber, exploit, extortion, international, malware, ransomware, russia, spyware, vulnerabilitySecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ransomware and Cyber Extortion in Q3 2025 Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability XWorm V6: Exploring Pivotal Plugins ClayRat: A New Android Spyware Targeting Russia Security Evaluation of Android apps…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66
Tags: android, cve, cyber, exploit, extortion, international, malware, ransomware, russia, spyware, vulnerabilitySecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ransomware and Cyber Extortion in Q3 2025 Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability XWorm V6: Exploring Pivotal Plugins ClayRat: A New Android Spyware Targeting Russia Security Evaluation of Android apps…
-
FBI Seizes BreachForums Portal Used in Salesforce Extortion Campaign
Tags: extortionThe FBI’s takedown of BreachForums disrupted a major Salesforce extortion campaign. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fbi-seizes-breachforums-portal-used-in-salesforce-extortion-campaign/
-
Cybersecurity Snapshot: AI Security Skills Drive Up Cyber Salaries, as Cyber Teams Grow Arsenal of AI Tools, Reports Find
Tags: access, advisory, ai, attack, authentication, breach, business, ciso, cloud, computing, credentials, cve, cyber, cybersecurity, data, defense, endpoint, exploit, extortion, finance, framework, fraud, google, governance, guide, hacker, hacking, identity, incident response, Internet, iot, jobs, login, microsoft, monitoring, network, nist, oracle, organized, password, privacy, ransomware, risk, risk-assessment, risk-management, scam, skills, technology, threat, tool, training, update, vulnerability, vulnerability-management, zero-dayWant recruiters to show you the money? A new report says AI skills are your golden ticket. Plus, cyber teams are all in on AI, including agentic AI tools. Oh, and please patch a nasty Oracle zero-day bug ASAP. And get the latest on vulnerability management, IoT security and cyber fraud. Key takeaways Eager to…
-
FBI seizes BreachForums servers as threatened Salesforce data release deadline approaches
Tags: attack, dark-web, data, detection, extortion, governance, infrastructure, intelligence, leak, least-privilege, radius, ransomware, risk, saas, serviceTargeting SaaS: Rik Ferguson, VP security intelligence at Forescout, agreed that any disruption was likely to be a temporary setback.”It burns infrastructure, yields intelligence, and sows distrust among criminals. But the gang’s dark-web leak site is still up, and they explicitly say the campaign continues,” he told CSO Online by email.”That tells you everything about…
-
FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak
As part of its plan to extort high-profile customers of Salesforce, the Scattered Spider group had revived the BreachForums platform. The site now bears an FBI seizure notice. First seen on therecord.media Jump to article: therecord.media/breachforums-fbi-france-takedown-banner-scattered-spider-salesforce-leak
-
Feds Shutter ShinyHunters Salesforce Extortion Site
The group warned that law-enforcement crackdowns are imminent in the wake of the takedown, but its extortion threats against Salesforce victims remain active. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/shinyhunters-feds-shutter-salesforce-extortion-site
-
Oracle E-Business Suite exploitation traced back as early as July
Researchers say an extortion campaign linked to the Clop ransomware group used a series of chained vulnerabilities and sophisticated malware. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/oracle-e-business-suite-exploitation-july/802592/
-
Oracle E-Business Suite exploitation traced back as early as July
Researchers say an extortion campaign linked to the Clop ransomware group used a series of chained vulnerabilities and sophisticated malware. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/oracle-e-business-suite-exploitation-july/802592/
-
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
Attribution and the ransomware cocktail: Talos links the campaign to Storm-2603, a suspected China-based threat actor, citing matching TTPs like the use of ‘cmd.exe’, disabling Defender protections, creating scheduled tasks, and manipulating Group Policy Objects. The use of multiple ransomware strains in a single operation Warlock, LockBit, and Babuk also bolstered confidence in this attribution.”Talos…
-
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
Attribution and the ransomware cocktail: Talos links the campaign to Storm-2603, a suspected China-based threat actor, citing matching TTPs like the use of ‘cmd.exe’, disabling Defender protections, creating scheduled tasks, and manipulating Group Policy Objects. The use of multiple ransomware strains in a single operation Warlock, LockBit, and Babuk also bolstered confidence in this attribution.”Talos…
-
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware
A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
-
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware
A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
-
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware
A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
-
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware
A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
-
Cops nuke BreachForums (again) amid cybercrime supergroup extortion blitz
US and French fuzz pull the plug on Scattered Lapsus$ Hunters’ latest leak shop targeting Salesforce First seen on theregister.com Jump to article: www.theregister.com/2025/10/10/cops_seize_breachforums/