Tag: group
-
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069
Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069. The attack, aimed at financial gain, exploited the package to target developers and organizations relying on Axios. John Hultquist…
-
Iran Calls U.S. Tech Companies ‘Legitimate Targets,’ Threatens to Attack
The Iranian government is threatening to attack the Middle East operations of more than a dozen U.S. tech companies, including Microsoft, Nvidia, and Google, calling them “legitimate targets.” Meanwhile, pro-Iranian threat groups expand their operations as the U.S. and Israel continues their bombing campaign against Iran. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/iran-calls-u-s-tech-companies-legitimate-targets-threatens-to-attack/
-
European-Chinese geopolitical issues drive renewed cyberespionage campaign
Proofpoint researchers say the group behind the surge, TA416, had turned away from Europe for a few years. First seen on cyberscoop.com Jump to article: cyberscoop.com/european-chinese-geopolitical-issues-drive-renewed-cyberespionage-campaign/
-
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot.The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro…
-
Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus
New research from Seqrite explains the ‘dual-use dilemma,’ where ransomware attackers repurpose legitimate IT tools like IOBit Unlocker… First seen on hackread.com Jump to article: hackread.com/ransomware-groups-exploit-it-tools-bypass-antivirus/
-
Chinese Hackers Target European Governments in Espionage Campaigns
Chinese state-backed group TA416 had suspended its cyber espionage operations in Europe since 2023, noted Proofpoint First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-hackers-ta416-europe/
-
Cisco Faces Alleged Data Leak as ShinyHunters Claims Responsibility
Cisco is actively dealing with a major cybersecurity incident after threat actors breached its internal development networks. The notorious hacking group ShinyHunters has claimed responsibility for the attack, alleging they stole sensitive source code and data affecting Cisco, Salesforce, Aura, and various AWS storage buckets. The breach stems from a recent supply chain attack involving…
-
Google Says North Korea Was Behind the Axios npm Supply Chain Attack
A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat actor, turning what already looked like a serious open-source incident into a much bigger security story. Google Threat Intelligence Group said the attack targeted the official Axios package on npm and attributed the activity to……
-
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069.”We have attributed the attack to a suspected North Korean threat actor we track as UNC1069,” John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), told The Hacker News…
-
Financial groups lay out a plan to fight AI identity attacks
Generative AI tools have brought the cost of deepfake production low enough that criminals and state-sponsored actors now use them routinely against financial institutions. A … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/01/fight-ai-identity-fraud/
-
Flipping the Script: The Premiere of ‘The Women in Security’ Documentary at RSAC
The cybersecurity industry has long grappled with a significant representation gap, but a new documentary premiering at RSAC 2026 is working to change the conversation. In this interview from Broadcast Alley, Techstrong Group’s Jon Swartz speaks with Aarti Gadhia and Kristen Rank about The Women in Security, a film five years in the making and..…
-
Google links axios supply chain attack to North Korean group
Google Threat Intelligence Group (GTIG) joined several other researchers in attributing the attack to a North Korean threat actor they call UNC1069. SentinelOne found the same group using macOS-based malware in attacks dating back to 2023. First seen on therecord.media Jump to article: therecord.media/google-links-axios-supply-chain-attack-north-korea
-
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials
The threat group’s shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/teampcp-breaches-cloud-saas-instances-stolen-credentials
-
Iran actors claims raise questions about larger cyber threat to U.S., allies
Iran-linked group offers to sell data it claims to have stolen from Lockheed Martin. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-actors-claims-cyber-threat-us-allies/816228/
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident
Lloyds Banking Group data incident exposed transactions of ~450,000 mobile banking users due to a faulty update. A faulty software update at Lloyds Banking Group exposed transaction details of nearly 450,000 mobile banking users on March 12. The issue caused some customers to see other users’ account activity within the app, prompting the bank to…
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather than traditional credential phishing. The service sells a turnkey Microsoft device code phishing kit that has been in active use since mid”‘February 2026 and was quickly adopted by groups specialising in Adversary”‘in”‘the”‘Middle phishing and Business…
-
Qilin Ransomware allegedly breached chemical manufacturer giant Dow Inc
Qilin ransomware claims a breach of Dow Inc., listing it on its Tor leak site, but no proof of the hack has been released yet. Qilin Ransomware group allegedly breached the chemical manufacturing giant Dow Inc. The cybercrime group added the company to its Tor data leak site, but at this time, it has not…
-
Iranian Cyberthreats Test US Infrastructure Defenses
Experts Cite Prepositioning Risk in Iranian Cyber Operations Amid Escalating War. Warnings from Iranian-linked hacking groups targeting U.S. water systems highlight a growing risk of prepositioned cyber access and rapid attack activation, analysts told ISMG, as federal defenders confront rising geopolitical tensions and operational strain across critical infrastructure sectors. First seen on govinfosecurity.com Jump to…
-
China-Linked groups target Southeast Asian government with advanced malware in 2025
China-linked groups hit a Southeast Asian government in 2025, deploying multiple malware families in a sophisticated cyber campaign. In 2025, three China-linked threat clusters targeted a Southeast Asian government in a complex, well-funded cyber operation. Threat actors deployed numerous malware types, including HIUPAN, PUBLOAD, EggStremeFuel/Loader, MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, and FluffyGh0st, showing…
-
What the FBI Director Breach Reveals About Executive Digital Exposure
Iranian state-linked hackers published emails stolen from FBI Director Kash Patel’s personal account. The lesson for every security leader: no title protects you from an exposed digital footprint. On March 27, 2026, the Handala Hack Team, a group U.S. prosecutors have formally tied to Iran’s Ministry of Intelligence and Security, announced it had breached FBI……
-
TeamPCP’s attack spree slows, but threat escalates with ransomware pivot
TeamPCP’s destructive run of supply chain breaches has stopped, for now: it has been three days since the group published malicious versions of Telnyx’s SDK on PyPI, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/teampcp-supply-chain-attacks-ransomware/
-
Russian court sentences notorious card fraud ringleader ‘Flint’ and 25 associates
A Russian military court sentenced 26 members of the cybercrime group Flint24, including ringleader Alexei Stroganov, a notorious hacker also wanted in the U.S. for large-scale payment card fraud. First seen on therecord.media Jump to article: therecord.media/russia-flint-conviction-payment-fraud
-
Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M
A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.’ First seen on hackread.com Jump to article: hackread.com/dark-web-market-375tb-lockheed-martin-data/
-
30th March Threat Intelligence Report
Iranian state-affiliated threat group Handala Hack has breached FBI director’s Patel’s personal Gmail account and leaked many personal photos and documents. This follows the FBI’s seizure of domains related to Handala Hack’s […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/30th-march-threat-intelligence-report/