Tag: extortion
-
A CISO’s guide to monitoring the dark web
Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerabilityIs your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. Sıla Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
-
A CISO’s guide to monitoring the dark web
Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerabilityIs your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. Sıla Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
-
A CISO’s guide to monitoring the dark web
Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerabilityIs your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. Sıla Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
-
Ransomware-Bande erpresst AWO-Karlsruhe-Land
Die AWO-Karlsruhe-Land wurde Ziel einer Ransomware-Attacke. Laut einem Bericht der Regionalzeitung Badische Neueste Nachrichten (BNN) wurde die Arbeiterwohlfahrt (AWO) Karlsruhe-Land am vergangenen Mittwoch (27. August) Ziel einer Cyberattacke. Demnach sorgte der Angriff zunächst für einen Totalausfall der zentralen IT. Alle betroffenen Systeme seien umgehend isoliert und gesichert worden, heißt es.Um den Vorfall aufzuklären hat die…
-
Event Horizon for Vibe Hacking Draws Closer, Anthropic Warns
Cyber Extortion Campaign Automated Efforts to ‘Unprecedented’ Degree, Says AI Giant. Artificial intelligence giant Anthropic said it’s disrupted a cybercrime operation that tapped its large language models, including Claude Code, to an unprecedented extent to help automate a data theft and extortion campaign that targeted more than a dozen critical infrastructure organizations. First seen on…
-
AI-Powered Cybercrime Is Here: Massive Breaches Dark Web Dumps
Cyber threats are escalating fast”, and now AI is making them faster, smarter, and more dangerous than ever. As August 2025 wraps up, here’s what you need to know: ✅ Anthropic reports that cybercriminals are using Claude AI to automate data extortion campaigns, targeting at least 17 organizations. AI is no longer just advising on…
-
Organized and Criminal, Ransomware Gangs Run Up Profits
Tags: access, attack, control, cyber, extortion, group, organized, ransomware, tactics, vulnerability, vulnerability-managementRansomware attacks are rising 49% as cyber gangs evolve into organized criminal enterprises. With over 200 groups operating like corporations, recruiting talent, using RaaS models, and deploying multi-extortion tactics, defenders must strengthen foundational controls, limit vendor access, and prioritize vulnerability management to stay ahead. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/organized-and-criminal-ransomware-gangs-run-up-profits-2/
-
Anthropic Warns of AI-Powered Cybercrime in New Threat Report
Anthropic’s August report reveals hackers, North Korean operatives, and state actors misused its Claude AI for extortion, fraud, and espionage. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-anthropic-warns-ai-powered-cyber-crime/
-
Malware devs abuse Anthropic’s Claude AI to build ransomware
Anthropic’s Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malware-devs-abuse-anthropics-claude-ai-to-build-ransomware/
-
Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations
Cybercriminals have started >>vibe hacking
-
Anthropic AI Used to Automate Data Extortion Campaign
The company said the threat actor abused its Claude Code service to an unprecedented degree, automating reconnaissance, intrusions, and credential harvesting. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/anthropic-ai-automate-data-extortion-campaign
-
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments.”Unlike traditional on-premises ransomware, where the threat actor typically deploys malware to encrypt critical files across endpoints within the compromised network and then negotiates for a decryption key, First seen on thehackernews.com…
-
Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025.”The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions,” the company said. “ First seen on…
-
Attackers steal data from Salesforce instances via compromised AI live chat tool
What Salesloft Drift users should do next: The GTIG report and the Salesloft advisories include indicators of compromise such as IP addresses used by the attackers and User-Agent strings for the tools they used to access the data. Mandiant advises companies to also search logs for any activity from known Tor exit nodes in addition…
-
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/salesloft-breached-to-steal-oauth-tokens-for-salesforce-data-theft-attacks/
-
New Hook Android Banking Malware Emerges with Advanced Features and 107 Remote Commands
Zimperium’s zLabs research team has identified a sophisticated new variant of the Hook Android banking trojan, marking a significant escalation in mobile threat sophistication. This iteration incorporates ransomware-style overlays that display extortion messages, demanding payments via dynamically fetched wallet addresses from the command-and-control (C2) server. Activated by the >>ransome
-
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages.”A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims to coerce the victim into remitting a ransom payment,” Zimperium zLabs researcher Vishnu Pratapagiri First…
-
Zscaler ThreatLabz 2025 Ransomware Report – Datendiebstahl und Erpressung auf dem Vormarsch
First seen on security-insider.de Jump to article: www.security-insider.de/cyberkriminalitaet-verschiebung-zu-datendiebstahl-und-erpressung-a-467511bb89ff761c86ad26a95e70d627/
-
Disgruntled developer gets four-year sentence for revenge attack on employer’s network
Lone wolves: It’s the attack every enterprise fears even more than hackers or a data breach: an insider with skills and knowledge who decides to go rogue.While such attacks remain exceptions, the ones that come to public attention in court cases always make for stressful reading. The challenge is that developers and admins must have…
-
Enterprise passwords becoming even easier to steal and abuse
Tags: access, attack, authentication, breach, ceo, ciso, compliance, control, credentials, cyber, cybersecurity, data, detection, encryption, exploit, extortion, group, identity, leak, mfa, monitoring, passkey, password, phishing, ransomware, risk, strategy, threat, tool, zero-trustGrowing threat from stolen credentials: Attackers actively target user credentials because they offer the most direct route or foothold into a targeted organization’s network. Once inside, attackers can move laterally across systems, searching for other user accounts to compromise, or they attempt to escalate their privileges and gain administrative control.This hunt for credentials extends beyond…
-
Zunehmende Komplexität von Ransomware-Angriffen: Erpressung entwickelt sich weiter
Untersuchung beleuchtet Vorgehensweise von Angreifern sowie Konsequenzen für Unternehmen. Die gängigste Praxis ist laut dem neuen SOTI-Bericht (State of the Internet) von Akamai die doppelte Erpressung. Akamai hat festgestellt, dass Bedrohungsakteure nun auch eine neue Taktik verwenden die vierfache Erpressung [1]. Wie der »Ransomware-Bericht 2025: Der Aufbau von Resilienz in einer unbeständigen Bedrohungslandschaft«… First seen…
-
Cyberangriff auf Colt: Support-Systeme nach Lösegelddrohung offline
Tags: access, api, china, cve, cyberattack, exploit, extortion, hacker, infrastructure, mail, microsoft, ransomware, rce, remote-code-execution, service, technology, update, vulnerabilityDer TK-Konzern Colt kämpft seit einer Woche mit den Folgen einer Ransomware-Attacke.Colt Technology Services, ein britischer Telekommunikationskonzern, der 900 Rechenzentren in Europa, Asien und Nordamerika miteinander verbindet, wurde am 12. August 2025 Opfer eines Cyberangriffs.Der Fall wurde zunächst als ‘technisches Problem” bezeichnet. Inzwischen hat das Unternehmen jedoch den Angriff bestätigt und seine interne Support-Systeme, darunter…
-
Cyberangriff auf Colt: Support-Systeme nach Lösegelddrohung offline
Tags: access, api, china, cve, cyberattack, exploit, extortion, hacker, infrastructure, mail, microsoft, ransomware, rce, remote-code-execution, service, technology, update, vulnerabilityDer TK-Konzern Colt kämpft seit einer Woche mit den Folgen einer Ransomware-Attacke.Colt Technology Services, ein britischer Telekommunikationskonzern, der 900 Rechenzentren in Europa, Asien und Nordamerika miteinander verbindet, wurde am 12. August 2025 Opfer eines Cyberangriffs.Der Fall wurde zunächst als ‘technisches Problem” bezeichnet. Inzwischen hat das Unternehmen jedoch den Angriff bestätigt und seine interne Support-Systeme, darunter…
-
Singapore issues critical alert on Dire Wolf ransomware targeting global tech and manufacturing firms
Tags: attack, authentication, backup, business, compliance, control, credentials, cyber, data, defense, email, endpoint, extortion, insurance, intelligence, leak, malicious, mfa, msp, network, phishing, ransom, ransomware, resilience, risk, supply-chain, threat, updateRipple effects on global enterprises: The global business fallout of Dire Wolf ransomware attacks is significant and poses a multi-layered, high-impact threat to global enterprises.”Its attacks directly disrupt operations and supply chains, particularly in manufacturing and tech, leading to production delays, revenue loss, and downstream customer impact,” said Manish Rawat, analyst at TechInsights. “Financial impact…
-
Law Enforcement Seizes BlackSuit Ransomware Servers Targeting U.S. Critical Infrastructure
Tags: control, cyber, extortion, group, infrastructure, international, law, ransomware, tactics, threatThe U.S. Department of Justice, in collaboration with multiple domestic and international law enforcement agencies, announced the seizure of critical infrastructure associated with the BlackSuit ransomware group, formerly known as Royal. Authorities dismantled four command-and-control (C2) servers and nine domains utilized by the threat actors for deploying ransomware payloads, extorting victims through double-extortion tactics, and…
-
Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses
Tags: attack, credentials, cybercrime, data, extortion, finance, group, service, tactics, technology, theftAn ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show.”This latest wave of ShinyHunters-attributed attacks reveals a dramatic shift in tactics, moving beyond the group’s previous credential theft and database…
-
Home Office Phishing Scam Targets UK Immigration Sponsors
The sophisticated campaign aims to steal credentials of sponsor license holders to facilitate immigration fraud, extortion and other monetization schemes First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/home-office-phishing-uk/
-
US reveals it seized $1 million worth of Bitcoin from Russian BlackSuit ransomware gang
The United States Department of Justice has revealed that the recent takedown of the BlackSuit ransomware gang’s servers, domains, and dark web extortion site, also saw the seizure of US $1,091,453 worth of cryptocurrency. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/us-reveals-it-seized-1-million-worth-of-bitcoin-from-russian-blacksuit-ransomware-gang
-
Scattered Spider’s New Telegram Channel Names Targeted Organizations
A new Telegram channel that combined the names of well-known threat actor organizations Shiny Hunters, Scattered Spider, and Lapsus$ emerged on Friday afternoon in a daring uptick in cyberthreat activity. This platform, potentially short-lived due to Telegram’s moderation policies, has rapidly disseminated evidence of multiple data breaches, partial data leaks, and extortion demands within its…