Tag: extortion
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66
Tags: android, cve, cyber, exploit, extortion, international, malware, ransomware, russia, spyware, vulnerabilitySecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ransomware and Cyber Extortion in Q3 2025 Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability XWorm V6: Exploring Pivotal Plugins ClayRat: A New Android Spyware Targeting Russia Security Evaluation of Android apps…
-
FBI Seizes BreachForums Portal Used in Salesforce Extortion Campaign
Tags: extortionThe FBI’s takedown of BreachForums disrupted a major Salesforce extortion campaign. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fbi-seizes-breachforums-portal-used-in-salesforce-extortion-campaign/
-
Cybersecurity Snapshot: AI Security Skills Drive Up Cyber Salaries, as Cyber Teams Grow Arsenal of AI Tools, Reports Find
Tags: access, advisory, ai, attack, authentication, breach, business, ciso, cloud, computing, credentials, cve, cyber, cybersecurity, data, defense, endpoint, exploit, extortion, finance, framework, fraud, google, governance, guide, hacker, hacking, identity, incident response, Internet, iot, jobs, login, microsoft, monitoring, network, nist, oracle, organized, password, privacy, ransomware, risk, risk-assessment, risk-management, scam, skills, technology, threat, tool, training, update, vulnerability, vulnerability-management, zero-dayWant recruiters to show you the money? A new report says AI skills are your golden ticket. Plus, cyber teams are all in on AI, including agentic AI tools. Oh, and please patch a nasty Oracle zero-day bug ASAP. And get the latest on vulnerability management, IoT security and cyber fraud. Key takeaways Eager to…
-
FBI seizes BreachForums servers as threatened Salesforce data release deadline approaches
Tags: attack, dark-web, data, detection, extortion, governance, infrastructure, intelligence, leak, least-privilege, radius, ransomware, risk, saas, serviceTargeting SaaS: Rik Ferguson, VP security intelligence at Forescout, agreed that any disruption was likely to be a temporary setback.”It burns infrastructure, yields intelligence, and sows distrust among criminals. But the gang’s dark-web leak site is still up, and they explicitly say the campaign continues,” he told CSO Online by email.”That tells you everything about…
-
FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak
As part of its plan to extort high-profile customers of Salesforce, the Scattered Spider group had revived the BreachForums platform. The site now bears an FBI seizure notice. First seen on therecord.media Jump to article: therecord.media/breachforums-fbi-france-takedown-banner-scattered-spider-salesforce-leak
-
Feds Shutter ShinyHunters Salesforce Extortion Site
The group warned that law-enforcement crackdowns are imminent in the wake of the takedown, but its extortion threats against Salesforce victims remain active. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/shinyhunters-feds-shutter-salesforce-extortion-site
-
Oracle E-Business Suite exploitation traced back as early as July
Researchers say an extortion campaign linked to the Clop ransomware group used a series of chained vulnerabilities and sophisticated malware. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/oracle-e-business-suite-exploitation-july/802592/
-
Oracle E-Business Suite exploitation traced back as early as July
Researchers say an extortion campaign linked to the Clop ransomware group used a series of chained vulnerabilities and sophisticated malware. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/oracle-e-business-suite-exploitation-july/802592/
-
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
Attribution and the ransomware cocktail: Talos links the campaign to Storm-2603, a suspected China-based threat actor, citing matching TTPs like the use of ‘cmd.exe’, disabling Defender protections, creating scheduled tasks, and manipulating Group Policy Objects. The use of multiple ransomware strains in a single operation Warlock, LockBit, and Babuk also bolstered confidence in this attribution.”Talos…
-
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
Attribution and the ransomware cocktail: Talos links the campaign to Storm-2603, a suspected China-based threat actor, citing matching TTPs like the use of ‘cmd.exe’, disabling Defender protections, creating scheduled tasks, and manipulating Group Policy Objects. The use of multiple ransomware strains in a single operation Warlock, LockBit, and Babuk also bolstered confidence in this attribution.”Talos…
-
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware
A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
-
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware
A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
-
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware
A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
-
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware
A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance…
-
Cops nuke BreachForums (again) amid cybercrime supergroup extortion blitz
US and French fuzz pull the plug on Scattered Lapsus$ Hunters’ latest leak shop targeting Salesforce First seen on theregister.com Jump to article: www.theregister.com/2025/10/10/cops_seize_breachforums/
-
Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit
GTIG highlighted indicators that Clop is behind the extortion campaign targeting Oracle EBS instances, with its activity likely beginning as early as August 9 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-clop-data-oracle-exploit/
-
FBI takes down BreachForums portal used for Salesforce extortion
The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking corporate data stolen in attacks from ransomware and extortion gangs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-takes-down-breachforums-portal-used-for-salesforce-extortion/
-
Google Issues Alert on CL0P Ransomware Actively Exploiting Oracle E-Business Suite Zero-Day
Organizations using Oracle E-Business Suite must apply the October 4 emergency patches immediately to mitigate active, in-the-wild exploitation by CL0P extortion actors and hunt for malicious templates in their databases. Beginning September 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant identified a massive email campaign targeting executives at dozens of organizations, alleging theft of…
-
Google Says Oracle EBS Extortion Campaign Possibly Targeted Thousands, Could Date Back To July
Google Threat Intelligence Group and Mandiant share new details on the Oracle E-Business Suite extortion campaign by a threat actor possibly tied to ShinyHunters. First seen on crn.com Jump to article: www.crn.com/news/security/2025/google-says-oracle-ebs-extortion-campaign-possibly-targeted-thousands-could-date-back-to-july
-
‘Dozens’ of organizations had data stolen in Oracle-linked hacks
The mass-hacks targeting Oracle E-Business customers is the latest hacking campaign by Clop, an extortion group known for abusing security flaws in enterprise products to steal large amounts of sensitive data. First seen on techcrunch.com Jump to article: techcrunch.com/2025/10/09/dozens-of-organizations-had-data-stolen-in-oracle-linked-hacks/
-
Hack of age verification firm may have exposed 70,000 Discord users’ ID photos
Names, email addresses and other contact details of users from around the world could also have been takenGovernment ID photos of about 70,000 global users of Discord, a popular messaging and chat platform among video gamers, may have been exposed after hackers compromised a company contracted to carry out age verification checks.Some users’ names, email…
-
Dozens of Oracle customers impacted by Clop data theft for extortion campaign
Researchers said malicious activity dates back to early July and active exploitation was observed two months ago. First seen on cyberscoop.com Jump to article: cyberscoop.com/oracle-customers-attacks-clop-google-mandiant/
-
Discord Says Hackers Stole 70,000 ID Photos, Dismisses Extortion Claims
70,000 Discord users had government ID photos and private data exposed via a third-party vendor breach. See Discord’s full response and critical security steps to protect your identity. First seen on hackread.com Jump to article: hackread.com/discord-hackers-id-photos-dismisses-extortion-claim/
-
Hack of age verification firm may have exposed Discord users’ ID photos
Names, email addresses and other contact details of about 70,000 global users could also have been takenGovernment ID photos of about 70,000 global users of Discord, a popular messaging and chat platform among video gamers, may have been exposed after hackers compromised a company contracted to carry out age verification checks.Some users’ names, email addresses…
-
The ultimate business resiliency test: Inside Kantsu’s ransomware response
set up a new group email system and secure emergency contact pointsestablish a dedicated contact point for business partners to handle inquiriesprohibit internal internet accesscheck the operational status of major systemsAll shipping operations came to a halt. The company explained the situation to all employees at 9:00 a.m., and began assessing the damage and taking…
-
The ultimate business resiliency test: Inside Kantsu’s ransomware response
set up a new group email system and secure emergency contact pointsestablish a dedicated contact point for business partners to handle inquiriesprohibit internal internet accesscheck the operational status of major systemsAll shipping operations came to a halt. The company explained the situation to all employees at 9:00 a.m., and began assessing the damage and taking…
-
The ultimate business resiliency test: Inside Kantsu’s ransomware response
set up a new group email system and secure emergency contact pointsestablish a dedicated contact point for business partners to handle inquiriesprohibit internal internet accesscheck the operational status of major systemsAll shipping operations came to a halt. The company explained the situation to all employees at 9:00 a.m., and began assessing the damage and taking…
-
Discord Data Breach Exposes 1.5 TB of Data and 2 Million Government ID Photos
The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification. Threat actors claim to have exfiltrated1.5 terabytesof sensitive information, including over2.1 million government-issued identification photos. However, Discord disputes these figures, stating that…
-
Discord Data Breach Exposes 1.5 TB of Data and 2 Million Government ID Photos
The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification. Threat actors claim to have exfiltrated1.5 terabytesof sensitive information, including over2.1 million government-issued identification photos. However, Discord disputes these figures, stating that…
-
The Evolution of Chaos: Ransomware’s New Era of Speed and Intelligence
In 2025, the notorious Chaos ransomware has undergone a dramatic transformation, emerging with a sophisticated C++ variant that represents the most dangerous iteration to date. This marks the first time Chaos has departed from its traditional .NET foundation, introducing destructive extortion tactics and cryptocurrency theft capabilities that significantly amplify both operational impact and financial risk…