Tag: group
-
Spotify disables accounts after open-source group scrapes 86 million songs from platform
Spotify responded to the scraping and upload over the weekend of 86 million tracks from the platform by an open-source group. First seen on therecord.media Jump to article: therecord.media/spotify-disables-scraping-annas
-
Judge rules that NSO cannot continue to install spyware via WhatsApp pending appeal
NSO Group had sought to stay the order pending a decision on its appeal in the case, which centers on allegations that it targeted 1,400 WhatsApp users with its powerful zero-click Pegasus spyware in 2019. First seen on therecord.media Jump to article: therecord.media/judge-rules-nso-cannot-continue-whatsapp-spyware
-
Best of 2025: Inside the Minds of Cybercriminals: A Deep Dive into Black Basta’s Leaked Chats
The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and evade detection. The Veriti Research team analyzed these chat logs, revealing our favorite exploits, security measures they bypass, and the defenses they fear most. Veriti Research analyzed these chat communications, exposing: Targeted Exploits:..…
-
Best of 2025: Scattered Spider Targets Aflac, Other Insurance Companies
Fresh off a series of recent attacks targeting major retail companies in the United States and the UK, the notorious Scattered Spider cybercrime group is now targeting insurance companies, and earlier this month apparently bagged a high-profile victim in Aflac. The intrusion in Aflac, which was detected June 12 when the insurance company’s security team..…
-
Blind Eagle Hackers Target Government Agencies Using PowerShell Scripts
Tags: access, cyber, cyberattack, cybersecurity, email, government, group, hacker, phishing, powershell, spear-phishing, threatColombian government institutions are facing a sophisticated multi-stage cyberattack campaign orchestrated by the BlindEagle threat group, which leveraged compromised internal email accounts, PowerShell scripts, and steganography to deploy remote access trojans on target systems, according to Zscaler ThreatLabz researchers. The cybersecurity firm discovered the spear-phishing operation in early September 2025, revealing that BlindEagle targeted agencies…
-
Arcane Werewolf Hacker Group Expands Arsenal with Loki 2.1 Malware Toolkit
The cyber espionage group known as Arcane Werewolf (also tracked as Mythic Likho) has significantly upgraded its offensive capabilities, targeting Russian manufacturing enterprises with a new iteration of its custom malware. According to a report by BI.ZONE Threat Intelligence: campaigns observed in October and November 2025 reveal that the group has transitioned from the Loki…
-
Infy Returns: Iran-linked hacking group shows renewed activity
Researchers report renewed activity by Iran-linked Infy (Prince of Persia), showing the hacking group remains active and dangerous after years of silence. SafeBreach researchers have spotted renewed activity from the Iran-linked APT group Infy, also known as Prince of Persia, nearly five years after its last known campaigns in Europe. SafeBreach warns the group remains…
-
Scripted Sparrow Sends Millions of BEC Emails Each Month
Fortra has uncovered a prolific BEC group dubbed “Scripted Sparrow” spanning three continents and at least five countries First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/scripted-sparrow-millions-bec-each/
-
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan.”Previously, users received ‘pure’ Trojan APKs that acted as malware immediately upon installation,” Group-IB said in an analysis published last week. “Now, adversaries increasingly deploy First seen on…
-
Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence
Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy (aka Prince of Persia), nearly five years after the hacking group was observed targeting victims in Sweden, the Netherlands, and Turkey.”The scale of Prince of Persia’s activity is more significant than we originally anticipated,” Tomer Bar, vice president of security…
-
ATM Jackpotting ring busted: 54 indicted by DoJ
The U.S. Department of Justice has indicted 54 individuals over a multi-million-dollar ATM jackpotting fraud scheme. U.S. DoJ indicted 54 people for a nationwide ATM jackpotting scheme that stole millions via malware. The case links the crimes to the cybercrime group Tren de Aragua, including charges of fraud, money laundering, and material support to a…
-
Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts
Financially motivated and nation-state threat groups are behind a surge in the use of device code phishing attacks that abuse Microsoft’s legitimate OAuth 2.0 device authorization grant flow to trick users into giving them access to their M365 accounts, Proofpoint researchers say. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/surge-of-oauth-device-code-phishing-attacks-targets-m365-accounts/
-
Iranian APT Prince of Persia returns with new malware and C2 infrastructure
A shift to Telegram: More recently, the researchers identified a new Tonnerre variant that’s advertised as v50, as well as an unknown new Foudre version that goes along with it. These versions use a new C2 server structure and, most importantly, can download a file from the server that enables Telegram communication via its API.The…
-
NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm
NCC Group this week revealed it has allied with Qualys to expand the scope of its managed attack surface management (ASM) services to address instances of shadow IT. Amber Mitchell, lead product manager for ASM at NCC Group, said the managed security service provider (MSSP) already provides a managed attack surface service, but aligning with..…
-
Cloud Atlas Exploits Office Vulnerabilities to Execute Malicious Code
The Cloud Atlas threat group, active since 2014, continues to pose a significant risk to organizations in Eastern Europe and Central Asia through sophisticated attacks leveraging legacy Microsoft Office vulnerabilities. Security researchers have documented the group’s expanded arsenal and evolving infection chains deployed throughout the first half of 2025, revealing previously undescribed implants and attack…
-
Iranian APT Targeting Networks and Critical Infrastructure Organizations
Iranian state-sponsored threat actors, previously thought to have gone dormant, have resurfaced with sophisticated new malware campaigns targeting critical infrastructure organizations globally. A new research report released by SafeBreach Labs reveals that the >>Prince of Persia
-
Scripted Sparrow Utilizes Automation to Generate and Dispatch Attack Messages
Tags: attack, automation, business, cyber, cybersecurity, email, group, infrastructure, intelligenceScripted Sparrow, a prolific Business Email Compromise (BEC) collective with members spanning three continents, has raised significant concerns among cybersecurity researchers due to the sophisticated automation infrastructure underlying their large-scale fraudulent operations. Recent analysis by Fortra’s Intelligence and Research Experts (FIRE) reveals that the group’s staggering operational scale estimated at 3 million highly targeted messages…
-
UK Foreign Office Targeted by Hackers
Chinese Hacking Group Reportedly Behind the Hack. A top-ranking U.K. government official said that hackers targeted the government’s foreign relations ministry but dismissed media reports that the attackers stole a large trove of data. We managed to close the hole, as it were, very quickly, said Trade Minister Chris Bryant. First seen on govinfosecurity.com Jump…
-
UK Foreign Office Targeted by Hackers
Chinese Hacking Group Reportedly Behind the Hack. A top-ranking U.K. government official said that hackers targeted the government’s foreign relations ministry but dismissed media reports that the attackers stole a large trove of data. We managed to close the hole, as it were, very quickly, said Trade Minister Chris Bryant. First seen on govinfosecurity.com Jump…
-
BlueDelta Hackers Target Users of Popular Ukrainian Webmail and News Service
Russian state-sponsored threat group BlueDelta has conducted a sustained credential-harvesting campaign targeting users of UKR.NET, one of Ukraine’s most popular webmail and news services, between June 2024 and April 2025. According to research by Recorded Future’s Insikt Group, the operation represents a significant escalation in the GRU-linked threat actor’s efforts to compromise Ukrainian user credentials…
-
Mapping the Emerging Alliance Between Qilin, DragonForce, and LockBit
In mid-September 2025, the ransomware landscape witnessed a significant development when DragonForce announced an alliance with Qilin and LockBit on a Russian underground forum. The announcement, posted on September 15, 2025, claimed the three groups were joining forces to navigate an increasingly challenging criminal ecosystem marked by intensified law enforcement pressure and operational fragmentation. A…
-
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
Tags: attack, authentication, credentials, email, government, group, hacker, microsoft, phishing, russiaA suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims’ Microsoft 365 credentials and conduct account takeover attacks.The activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker UNK_AcademicFlare.The attacks involve using compromised email addresses belonging to government First seen on thehackernews.com…
-
CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security Mandate
Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure to real-world attacks at the Greek Ministry of Defense to building and leading security programs inside complex enterprises, his career mirrors the evolution of the CISO role itself. Now a group CISO overseeing security across multiple organizations, Lefteris brings a…
-
State-linked and criminal hackers use device code phishing against M365 users
Russia-linked groups have attacked multiple sectors in recent months. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/state-linked-criminal-hackers-device-code-phishing-m365/808396/
-
LongNosedGoblin Caught Snooping on Asian Governments
New China-aligned APT group is deploying Group Policy to sniff through government networks across Southeast Asia and Japan. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/longnosedgoblin-caught-snooping-on-asian-governments
-
Chinese Hackers Target Cisco’s Email Security Systems
The Chinese threat group, tracked as UAT-9686, has deployed a collection of custom-built hacking tools to maintain persistent access to compromised systems. The post Chinese Hackers Target Cisco’s Email Security Systems appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-email-security-breach/
-
UK politics: ‘Not clear’ who was behind FCDO hack, says minister, amid reports of China link as it happened
Chris Bryant confirms October cyber-attack as the Sun names Storm 1849, a Chinese hacker group, as being responsible The BBC’s editing guidelines do not need to be altered in the wake of controversy surrounding the edit of a <strong>Donald Trump</strong> speech, a review has found.The US president is seeking up to $10bn (£7.5bn) in damages…