Tag: group
-
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses, and metadata including IP addresses. First seen on therecord.media Jump to article: therecord.media/crypto-platform-accuses-north-korea-hack
-
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses, and metadata including IP addresses. First seen on therecord.media Jump to article: therecord.media/crypto-platform-accuses-north-korea-hack
-
Best Cloud Firewall Vendors for 2026
Cloud adoption didn’t simplify network security. It multiplied it. Today’s enterprises operate across data centers, hybrid environments, and multiple public clouds. Security teams now manage AWS security groups, Azure Firewall… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/best-cloud-firewall-vendors-for-2026/
-
Best Cloud Firewall Vendors for 2026
Cloud adoption didn’t simplify network security. It multiplied it. Today’s enterprises operate across data centers, hybrid environments, and multiple public clouds. Security teams now manage AWS security groups, Azure Firewall… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/best-cloud-firewall-vendors-for-2026/
-
Warlock Ransomware Group Augments Post-Exploitation Activities
In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/warlock-ransomware-post-exploitation-activities
-
Iranian Hackers Use Compromised Cameras for Regional Surveillance
Tags: apt, cctv, cyber, exploit, group, hacker, infrastructure, intelligence, Internet, iran, middle-eastIranian cyber actors are expanding operations targeting US organizations while also exploiting internet-connected cameras across the Middle East for intelligence collection and battlefield awareness. Recent incidents tied to APT group MuddyWater, camera”‘focused infrastructure, and hacktivist collective Handala point to an ecosystem that is operational but constrained, prioritizing persistence, visibility, and selective disruption over large”‘scale, coordinated cyber campaigns.…
-
CL1087 targets military capabilities since 2020
China-linked APT group CL-STA-1087 has targeted Southeast Asian militaries since 2020 using AppleChris and MemFun. A suspected China-linked espionage campaign, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020, using AppleChris and MemFun malware. >>The activity demonstrated strategic operational patience and a focus on highly targeted intelligence collection, rather than bulk…
-
Google Warns Ransomware Groups Shift to Data Theft as Profits Decline
Google is warning that ransomware gangs are reinventing their business model as traditional encryption”‘for”‘ransom attacks become less profitable and data”‘theft extortion surges.”‹ Better cybersecurity controls, improved backup strategies, and stronger recovery capabilities mean more victims can restore their systems without paying, directly eroding criminal revenue. Public reporting also shows that both ransom payment rates and average demand…
-
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
Tags: access, email, group, hacking, intelligence, malicious, malware, north-korea, phishing, spear-phishing, threatNorth Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts.The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni.”Initial access was achieved through a spear-phishing email disguised…
-
Payload ransomware hits Windows and ESXi with Babuk-style encryption
Tags: cryptography, cyber, encryption, extortion, group, healthcare, ransomware, threat, vmware, windowsA new ransomware operation called Payload is rapidly emerging as a serious threat to both Windows and VMware ESXi environments, combining Babuk-style cryptography with aggressive anti-forensics and a working double-extortion model. The group claims to have been active since at least February 17, 2026. It is already hitting mid-to-large organizations across multiple sectors and countries. The hospital…
-
Stryker Targeted by Large-Scale Wiper Attack, Tens of Thousands of Devices Lost
Global medical technology giant Stryker suffered a massive cybersecurity incident on March 11, 2026, resulting in the remote wiping of thousands of corporate devices. A pro-Iranian hacktivist group known as Handala has claimed responsibility for the attack, which severely disrupted Stryker’s internal Microsoft environment, manufacturing, and shipping operations. Technical Execution Vector Unlike traditional destructive cyberattacks,…
-
Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets
Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth. A new DRILLAPP backdoor campaign targets Ukrainian organizations, abusing Microsoft Edge debugging to evade detection. Observed in February 2026, it shows links to previous Russian-aligned operations by Laundry Bear APT group (aka UAC-0190, Void Blizzard) using the PLUGGYAPE malware family…
-
Poland Suspects Iranian Actors are Behind Attack on Its Nuclear Power Center
Poland officials say the cyberattack late last week appears to have been launched by an Iranian threat group, though they noted that bad actors not associated with any country in the war could have been behind it and used tactics associated with Iranian threat groups to cover their own tracks. First seen on securityboulevard.com Jump…
-
SAP zeichnet All for One Group in der Kategorie SAP Business Suite Success aus
Der Award unterstreicht insbesondere die Stärke der All for One Group bei der Implementierung durchgängiger End-to-End-Prozesse auf Basis der SAP Business Suite. Die SAP Partner Awards werden jährlich vergeben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/all-for-one-group-erhaelt-globalen-sap-partner-award-2026/a44136/
-
Russia-linked espionage campaign targeting Ukraine using Starlink and charity lures
A Russia-linked hacker group launched a cyber-espionage campaign targeting Ukrainian organizations using fake documents about Starlink satellite internet terminals and a well-known Ukrainian charity, to infect devices with spyware. First seen on therecord.media Jump to article: therecord.media/russia-ukraine-cyber-espionage-group
-
IBM Discovers ‘Slopoly’ AI-Generated Malware Linked to Hive0163 Ransomware
Ransomware group Hive0163 is experimenting with a likely AI-generated malware framework, dubbed “Slopoly,” marking a visible shift toward AI-assisted tooling in attacks. While the malware itself is simple, its use shows how quickly threat actors can now generate and iterate on custom command-and-control clients using large language models (LLMs). Hive0163 is a financially motivated cluster…
-
All for One Group erhält globalen SAP Partner Award 2026
Der Award unterstreicht insbesondere die Stärke der All for One Group bei der Implementierung durchgängiger End-to-End-Prozesse auf Basis der SAP Business Suite. Die SAP Partner Awards werden jährlich vergeben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/all-for-one-group-erhaelt-globalen-sap-partner-award-2026/a44136/
-
When insider risk is a wellbeing issue, not just a disciplinary one
Tags: access, breach, compliance, control, cyber, data, exploit, finance, group, malicious, monitoring, resilience, risk, risk-management, security-incident, threat, training, vulnerabilityWritten by Katie Barnett, Director of Cyber Security at Toro Solutions Insider risk is still often framed around intent, with the focus placed on malicious employees, disgruntled contractors, or deliberate misuse of access for personal gain.Those cases exist and they matter, but they are rarely where risk first begins, and they do not reflect how…
-
When insider risk is a wellbeing issue, not just a disciplinary one
Tags: access, breach, compliance, control, cyber, data, exploit, finance, group, malicious, monitoring, resilience, risk, risk-management, security-incident, threat, training, vulnerabilityWritten by Katie Barnett, Director of Cyber Security at Toro Solutions Insider risk is still often framed around intent, with the focus placed on malicious employees, disgruntled contractors, or deliberate misuse of access for personal gain.Those cases exist and they matter, but they are rarely where risk first begins, and they do not reflect how…
-
Lloyds Banking Group Investigates Mobile App Data Exposure Affecting Multiple UK Banks
Lloyds Banking Group has launched an internal investigation after a technical error in its mobile banking applications allowed some customers to briefly see other users’ transaction details. The incident affected the mobile apps of several brands operated by the group, including Lloyds Bank, Halifax, and Bank of Scotland. According to the bank, the issue arose……
-
Payload Ransomware claims the hack of Royal Bahrain Hospital
The Payload Ransomware group claims to have breached the Royal Bahrain Hospital (RBH), a leading healthcare facility in Bahrain. The Payload Ransomware group claims to have hacked the Royal Bahrain Hospital (RBH) and stolen 110 GB of data. The ransomware gang added the healthcare facility to its Tor data leak site and published the images…
-
Fake rooms, props and a script to lure victims: inside an abandoned Cambodia scam centre
Sprawling compound, including mock-up banks and police offices, uncovered by Thai military during border clashesIt is as if you have walked into a branch of one of Vietnam’s banks. A row of customer service desks, divided by plastic screens, with landline phones, promotional leaflets and staff business cards. A seated waiting area and a private…
-
Iran Claims Massive Cyber-Attack on MedTech Firm Stryker
The pro-Iran Handala group claims to have wiped 200,000 systems in destructive wiper malware attack on US firm Stryker First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-massive-wiper-attack-medtech/
-
Iran-Linked Hacktivists Claim Destructive Cyberattack on Medtech Firm Stryker
A hacktivist group with alleged links to Iran’s intelligence agencies has claimed responsibility for a destructive cyberattack against Stryker, the Michigan-based global medical technology company, in an incident that reportedly disrupted operations across the company’s international network. News reports from Ireland, Stryker’s largest hub outside the United States, said the company sent more than 5,000…
-
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Tags: access, backup, control, cve, data, exploit, flaw, group, infrastructure, ransomware, rce, remote-code-execution, update, veeam, vulnerabilityPatches are available: Veeam warned that organizations should apply the patched build promptly, noting that vulnerability disclosures frequently trigger attempts by attackers to reverse-engineer patches and develop exploits for unpatched systems.The issues were fixed in Veeam Backup & Replication 12.3.2.4465, and organizations running unsupported or older builds should assume they are vulnerable and upgrade immediately.…
-
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Tags: access, backup, control, cve, data, exploit, flaw, group, infrastructure, ransomware, rce, remote-code-execution, update, veeam, vulnerabilityPatches are available: Veeam warned that organizations should apply the patched build promptly, noting that vulnerability disclosures frequently trigger attempts by attackers to reverse-engineer patches and develop exploits for unpatched systems.The issues were fixed in Veeam Backup & Replication 12.3.2.4465, and organizations running unsupported or older builds should assume they are vulnerable and upgrade immediately.…
-
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Tags: access, backup, control, cve, data, exploit, flaw, group, infrastructure, ransomware, rce, remote-code-execution, update, veeam, vulnerabilityPatches are available: Veeam warned that organizations should apply the patched build promptly, noting that vulnerability disclosures frequently trigger attempts by attackers to reverse-engineer patches and develop exploits for unpatched systems.The issues were fixed in Veeam Backup & Replication 12.3.2.4465, and organizations running unsupported or older builds should assume they are vulnerable and upgrade immediately.…
-
AI-assisted Slopoly malware powers Hive0163’s ransomware campaigns
The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks. IBM X-Force researchers report that the financially motivated group Hive0163 is using AI-assisted malware named Slopoly to maintain persistent access during ransomware attacks, showing how threat actors can quickly build new malware frameworks using AI. Hive0163 is a threat actor…