Tag: group

ShinyHunters Claims Responsibility for Breach of EdTech Company Instructure

May 4, 2026 4:49 PM

Tags: attack, breach, email, extortion, group

The prolific extortion group ShinyHunters claimed responsibility for the breach of Edtech vendor Instructure’s systems, stealing 3.65 TB of sensitive information, including names, email addresses, and messages of students, teachers, and others. ShinyHunters also reportedly behind an early attack of Instructure in September 2025. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/shinyhunters-claims-responsibility-for-breach-of-edtech-company-instructure/
Canvas Confirms Data Breach Following ShinyHunters Claim

May 4, 2026 3:48 PM

Tags: breach, cyber, data, data-breach, group, technology, threat

Instructure, the educational technology company behind the widely used Canvas Learning Management System (LMS), has officially confirmed a major data breach. This confirmation directly follows recent claims made by the notorious threat actor group known as ShinyHunters. Canvas is a critical platform for thousands of universities and K-12 schools, making this breach a significant concern…
Frost Bank Hit With Class-Action Lawsuits Over Data Breach Affecting More Than 100,000 Customers

May 4, 2026 2:49 PM

Tags: breach, cyberattack, data, data-breach, finance, group, office, ransomware

What happened Frost Bank, San Antonio’s largest bank, is facing two proposed class-action lawsuits following a cyberattack attributed to the Everest ransomware group that allegedly exposed the sensitive personal data of an estimated 109,000 customers. The bank has not publicly confirmed the scope of the breach or reported it to the Texas Attorney General’s Office,…The…
Ubuntu and Canonical Web Services Hit by DDoS Attack

May 4, 2026 2:49 PM

Tags: attack, cyber, ddos, group, infrastructure, iraq, linux, service

What happened Canonical, the company behind the Ubuntu Linux distribution, experienced widespread service disruptions across its core web infrastructure on May 1, 2026, following a coordinated DDoS attack. The hacktivist group identifying itself as the Islamic Cyber Resistance in Iraq, known as the 313 Team, claimed responsibility. Canonical acknowledged the outages via its status page…The…
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

May 4, 2026 2:49 PM

Tags: china, cybercrime, email, group, india, malware, phishing, russia

The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor.The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities.”Both waves…
Windows shell spoofing vulnerability puts sensitive data at risk

May 3, 2026 10:50 AM

Tags: ai, attack, cisa, ciso, cve, cvss, data, exploit, firewall, group, microsoft, risk, skills, update, vulnerability, windows

A difficult balance: Erik Avakian, technical counselor at Info-Tech Research Group, noted that when it set the patching deadline, CISA had been operating within the guidelines laid down in Binding Operational Directive (BOD) 22-01, which requires US federal agencies to patch vulnerabilities within the timelines outlined under the policy, which range from 14 to 21…
GPO Abuse: Exploiting Vulnerable Group Policy Objects

May 3, 2026 10:50 AM

Tags: attack, exploit, group, vulnerability

This article walks through a complete GPO-abuse attack chain in a lab domain named ignite.local. We first simulate the misconfiguration by granting a low-privilege user First seen on hackingarticles.in Jump to article: www.hackingarticles.in/gpo-abuse-exploiting-vulnerable-group-policy-objects/
2 US Cybersecurity Experts Jailed for Aiding ALPHV (BlackCat) Ransomware

May 3, 2026 10:50 AM

Tags: access, alphv, cybersecurity, exploit, group, ransomware

Two US cybersecurity experts jailed for aiding BlackCat ransomware group, extorting victims worldwide and exploiting insider access for profit. First seen on hackread.com Jump to article: hackread.com/us-cybersecurity-experts-jail-alphv-blackcat-ransomware/
Ubuntu services hit by outages after DDoS attack

May 1, 2026 5:39 PM

Tags: attack, ddos, group, linux, service

A group of hacktivists have claimed responsibility for a distributed denial-of-service attack, which has affected several Ubuntu and Canonical websites, and prevented users from updating the Linux-based operating system. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/01/ubuntu-services-hit-by-outages-after-ddos-attack/
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

May 1, 2026 5:39 PM

Tags: attack, cybercrime, cybersecurity, data, extortion, group, saas, theft

Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments, while leaving minimal traces of their actions.The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (aka O-UNC-025 and UNC6661), have been attributed to high-speed data theft and First…
Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI

May 1, 2026 5:39 PM

Tags: access, ai, api, attack, automation, business, ciso, compliance, control, cve, cybersecurity, data, exploit, framework, group, identity, Internet, login, nist, okta, service, supply-chain, threat, update, vulnerability, vulnerability-management

Detecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider, automating the hunt for asset owners in seconds. Key takeaways The accountability gap is the real bottleneck. Finding a vulnerability…
CyberStrong Product Update: What’s New in Release 4.15

May 1, 2026 4:39 PM

Tags: data, group, intelligence, update

<div cla CyberStrong 4.15 is here, and this release is packed with improvements across the platform, from expanded workflow capabilities and bulk data import to deeper asset group intelligence and a cleaner user experience throughout. Here’s a look at everything that’s new. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/cyberstrong-product-update-whats-new-in-release-4-15/
Cyber spies target Russian aviation firms to steal satellite and GPS data

May 1, 2026 3:41 PM

Tags: cyber, data, espionage, government, group, russia

A cyber-espionage group has been targeting Russian government agencies and companies in the aviation industry to steal sensitive geospatial data. First seen on therecord.media Jump to article: therecord.media/russia-cyber-espionage-aviation
Human-centric failures: Why BEC continues to work despite MFA

May 1, 2026 12:46 PM

Tags: attack, authentication, awareness, banking, breach, business, cio, communications, compliance, control, credentials, cyber, cybersecurity, deep-fake, edr, email, endpoint, exploit, finance, fraud, governance, group, identity, mfa, monitoring, phishing, risk, scam, soc, social-engineering, technology, training

technically compromised at all, which places these attacks outside the protection boundary of MFA controls.In 2019, Toyota Boshoku Corporation fell to a BEC attack with an employee transferring over $30m to scammers following a cloned email from a 3rd party company with urgency citing the need for the transaction to be completed urgently so as…
Managing OT risk at scale: Why OT cyber decisions are leadership decisions

May 1, 2026 11:39 AM

Tags: access, ai, business, cloud, control, cyber, cybersecurity, framework, governance, group, guide, incident response, infrastructure, nist, resilience, risk, service, technology, tool, unauthorized

At scale, incident outcomes become leadership outcomes: Effective OT oversight shifts from control-by-control discussions to scenario and consequence analysis.Common OT exposure paths include remote access abuse, shared accounts, weak segmentation, infected maintenance media, compromised workstations and poorly governed vendor connectivity. In OT, these exposures have direct operational consequences. A SCADA compromise can reduce visibility across…
China-Aligned Hackers Deploy ShadowPad in Multi-Stage Espionage Campaign

May 1, 2026 8:40 AM

Tags: china, cyber, espionage, exploit, government, group, hacker, infrastructure, microsoft, threat, vulnerability

China-aligned threat actors tracked as SHADOW-EARTH-053 are exploiting old but unpatched Microsoft Exchange and IIS vulnerabilities to run a stealthy, multi-stage espionage campaign across Asian governments, critical infrastructure, and one NATO member state. The group primarily targets government entities and critical infrastructure in South, East, and Southeast Asia, with additional activity against at least one…
Two new extortion crews are speedrunning the Scattered Spider playbook

Apr 30, 2026 5:39 PM

Tags: crowdstrike, data, extortion, group, phishing, saas, threat

CrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion. First seen on cyberscoop.com Jump to article: cyberscoop.com/crowdstrike-cordial-spider-snarky-spider-extortion-attacks/
Compromised SAP npm Packages Found Harvesting Developer and CI/CD Secrets

Apr 30, 2026 8:39 AM

Tags: attack, cyber, group, malicious, sap, supply-chain, threat

Security researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. The operation relies on injecting malicious pre-install scripts that execute silently during dependency installation. By leveraging a multi-stage payload, the…
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years

Apr 30, 2026 5:39 AM

Tags: access, apt, attack, china, computing, cyber, defense, espionage, exploit, framework, group, iran, leak, malicious, malware, network, open-source, programming, service, software, stuxnet, threat, tool, update, windows

fast16.sys, is briefly mentioned in the 2017 Shadow Brokers leak of documents covering exploits and tools used by US National Security Agency cyber teams.”This 2005 attack is a harbinger for sabotage operations targeting ultra expensive high-precision computing workloads of national importance like advanced physics, cryptographic, and nuclear research workloads,” the SentinelOne researchers said in their…
Swiss police arrest 10 suspected members of Nigeria-linked crime group Black Axe

Apr 29, 2026 4:39 PM

Tags: crime, group, law, network

Swiss and German law enforcement have arrested 10 suspected members of the Nigerian criminal network Black Axe, including a regional leader believed to oversee operations in Southern Europe. First seen on therecord.media Jump to article: therecord.media/black-axe-switzerland-germany-cyber
Lazarus Targets macOS Users With New “Mach-O Man” Malware Kit

Apr 29, 2026 4:39 PM

Tags: access, corporate, credentials, crypto, cyber, fintech, group, intelligence, lazarus, macOS, malware, social-engineering, threat

Lazarus Group is abusing “ClickFix” social engineering to push a new macOS malware kit dubbed “Mach-O Man,” giving attackers a direct path to credentials, Keychain secrets, and corporate access in fintech and crypto environments. This research is authored by Mauro Eldritch, an offensive security expert and founder of BCA LTD, a company focused on threat intelligence and…
U.S. Charges Suspected Scattered Spider Member Over Cyber Intrusions

Apr 29, 2026 2:39 PM

Tags: cyber, cybercrime, group, law

Federal authorities have charged 19-year-old Peter Stokes, known online as >>Bouquet,<< for his alleged role in the notorious cybercriminal group Scattered Spider. Law enforcement arrested the dual U.S. and Estonian citizen earlier this month in Helsinki as he attempted to board a flight to Japan. At the time of his arrest, Stokes carried multiple electronics,…
LofyStealer Targets Minecraft Players via Node.js Loader and Browser Injection

Apr 29, 2026 10:39 AM

Tags: control, cyber, cybercrime, data, group, hacking, injection, malware, tool

Minecraft players are being lured with a fake hacking tool called “Slinky” that secretly installs a powerful infostealer dubbed LofyStealer (also tracked as GrabBot), linked to the Brazilian cybercrime group LofyGang. The malware uses a Node. js-based loader and an in-memory C++ payload to steal browser data and exfiltrate it to a command-and-control (C2) server…
Vect 2.0 RaaS Expands Attacks Across Windows, Linux, and ESXi

Apr 29, 2026 8:39 AM

Tags: attack, cyber, group, infrastructure, linux, ransom, ransomware, threat, vmware, windows

Vect 2.0 Ransomware”‘as”‘a”‘Service (RaaS) operation is rapidly evolving into a multi”‘platform threat that can encrypt Windows, Linux, and VMware ESXi environments across modern hybrid infrastructures. The group runs a classic affiliate model, renting out its ransomware and TOR”‘based infrastructure to partners in exchange for a share of ransom payments. Its operators are strongly suspected to be…
BlueNoroff Deploys Fileless PowerShell in AI-Generated Zoom Lure Campaign

Apr 29, 2026 8:39 AM

Tags: access, ai, crypto, cyber, deep-fake, group, north-korea, powershell, social-engineering

A sophisticated BlueNoroff campaign targeting cryptocurrency executives through fake Zoom meetings enhanced with AI-generated deepfakes and fileless PowerShell malware. The North Korean state-sponsored group successfully compromised a North American Web3 company in January 2026, maintaining persistent access for 66 days through entirely memory-resident attacks. The campaign begins with social engineering through Calendly invitations that contain…
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures

Apr 29, 2026 12:39 AM

Tags: ai, attack, breach, crypto, group, malware, north-korea

The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bluenoroff-turns-victims-into-new-attack-lures
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures

Apr 29, 2026 12:39 AM

Tags: ai, attack, breach, crypto, group, malware, north-korea

The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bluenoroff-turns-victims-into-new-attack-lures
Feuding Ransomware Groups Leak Each Other’s Data

Apr 28, 2026 11:39 PM

Tags: data, data-breach, group, infrastructure, leak, ransomware

When 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/feuding-ransomware-groups-leak-data
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

Apr 28, 2026 8:39 PM

Tags: cybercrime, cybersecurity, group, malware

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot).”The malware disguises itself as a Minecraft hack called ‘Slinky,’” Brazil-based cybersecurity company ZenoX said in a technical report. “It uses the official game icon to induce…
ShinyHunters claims it stole 1.4 million records from Udemy

Apr 28, 2026 6:39 PM

Tags: data-breach, group

The ShinyHunters group claims it has breached the Udemy, one of the world’s largest online learning platforms. According to Have I Been Pwned, the leaked dataset contained 1.4 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/28/udemy-data-breach-shinyhunters-group/