Tag: group
-
Inside GentleKiller: The EDR-Killer Powering The Gentlemen
The Gentlemen equips affiliates with a centralized EDR-killer suite, rapidly weaponizing BYOVD exploits to disable security tools before ransomware attacks. ESET published a detailed breakdown of The Gentlemen’s technical infrastructure on June 18, the result of months of incident-level investigation corroborated by the group’s own internal data leak from May 2026. Since emerging in late…
-
Microsoft links Mastra AI supply chain attack to North Korean hackers
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/
-
Gentlemen RaaS Unifies HexKiller, ThrottleBlood, and HavocKiller in New Evasion Suite
An analysis of the Gentlemen ransomware-as-a-service (RaaS) operation has revealed a sophisticated, centralized approach to neutralizing endpoint detection and response (EDR) solutions. This unified defense evasion framework sets the group apart in an increasingly crowded ransomware landscape, significantly lowering the technical barrier for affiliates and driving the gang into the top five most active operations…
-
Klue OAuth breach victim list grows as Icarus hackers claim attack
Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, as the new “Icarus” extortion group publicly claims the attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack/
-
Mastodon 4.6 adds profile Collections and two-factor controls
People who run accounts on the open source social network Mastodon can now group profiles together and share those groups across the web. The 4.6 release centers on a feature … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/19/mastodon-4-6-released/
-
INC Ransomware Uses Double Extortion and Printer Ransom Notes to Pressure Victims
INC has matured from an emerging RaaS operation into one of 2026’s most active ransomware families, claiming more than 800 victims since 2023 and capitalizing on disruption among competitors to expand its affiliate base. The group’s recent campaigns demonstrate both incremental tooling refinement and novel pressure tactics: double extortion of stolen data combined with automated…
-
Police raid malware network tied to Russia’s Evil Corp hacker group
An international operation targeted the SocGholish botnet, which has been linked to the Russia-based cybercrime group Evil Corp. First seen on therecord.media Jump to article: therecord.media/socgholish-botnet-disrupted
-
Klue Confirms OAuth Token Theft Led to Salesforce Data Heist
‘Compromised Legacy Credential’ Wielded by Extortion Group Calling Itself Icarus. Marketing intelligence platform Klue confirmed an attacker breached its infrastructure, saying they used a compromised legacy credential to obtain OAuth access tokens for integrated services and stole data directly from Klue customers’ Salesforce and Gong instances. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/klue-confirms-oauth-token-theft-led-to-salesforce-data-heist-a-32024
-
Cybercrime Initial Access Service SocGholish Disrupted
Police Seize Evil Corp-Tied Group’s Servers, Clean Subverted WordPress Sites. Long-running initial access service provider SocGholish, tied to Russian cybercrime stalwart Evil Corp, has been disrupted by law enforcement, which seized 106 botnet servers and cleaned 15,000 legitimate WordPress sites subverted by the group to launch ClickFix attacks pushing malware downloaders. First seen on govinfosecurity.com…
-
Civil society: Police facial recognition must be strictly limited
Digital rights groups map out ‘minimum, necessary’ human rights protections to be included in UK government’s upcoming legal framework for police facial recognition First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644838/Civil-society-Police-facial-recognition-must-be-strictly-limited
-
Authorities Seize 106 Servers and 101 Domains in Major SocGholish Malware Takedown
Tags: cyber, cybercrime, exploit, group, infection, infrastructure, international, law, malware, russiaInternational law enforcement agencies have successfully seized 106 servers and 101 domains as part of a coordinated global effort against the SocGholish malware infrastructure, marking a major milestone in Operation Endgame. Announced on June 18, 2026, from The Hague, this operation targeted a crucial infection chain exploited by cybercriminal groups, including the infamous Russia-linked group…
-
Operation Escaneo Signals Shift in LatAm Threat Landscape
The threat group’s curious business model may combine opportunistic monetization alongside intel collection, without much coordination between the two. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/operation-escaneo-signals-shift-latam-threat-landscape
-
How software development’s speed obsession enabled TeamPCP’s chaos crusade
The threat group’s remarkable success targeting open-source software was inevitable and fueled by the industry’s decision to prioritize code shipping over security. First seen on cyberscoop.com Jump to article: cyberscoop.com/teampcp-breaks-open-source-software-trust-model/
-
Australian sugar producer works to restore operations as ransomware group claims attack
Mackay Sugar said it was “working urgently” to verify claims that a highly active ransomware group was behind a cyberattack that shut down harvesting and milling operations. First seen on therecord.media Jump to article: therecord.media/mackay-sugar-cyberattack-claimed-gentlemen
-
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023.”The disruption of LockBit and the shutdown of BlackCat created opportunities for INC to expand as affiliates migrated to alternative ransomware operations,” Acronis…
-
The Gentlemen Ransomware Gang Standardizes EDR Killing
Eset Links Group’s Growth to Integrated Endpoint-Killing Tools. Eset researchers say the rapidly growing Gentlemen ransomware operation differentiates itself by supplying affiliates with a standardized EDR-killer suite that disables security tools, quickly incorporates newly disclosed vulnerable drivers and helps scale attacks across multiple regions worldwide. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/gentlemen-ransomware-gang-standardizes-edr-killing-a-32007
-
74,000 Fortinet firewall credentials exposed in FortiBleed data leak
Tags: breach, credentials, cybercrime, data, data-breach, firewall, fortinet, group, leak, russia, vpnA Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/18/fortinet-fortibleed-data-leak/
-
Cybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the world
An alleged Russian-speaking group of cybercriminals are reportedly compromising and targeting several major companies that use Fortinet Firewalls and VPNs through previously known passwords. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/17/cybercriminals-allegedly-hacked-tens-of-thousands-of-fortinet-firewalls-used-by-major-companies-all-over-the-world/
-
California water utility probes breach claim by Iran-linked actor
The group Handala said it attacked one of the nation’s largest water companies. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/california-water-utility-breach-iran-hacker/823148/
-
The Chainguard Athena coalition already shipped 2,000 patches across 500 open source projects
Chainguard launched Athena, an industry coalition that pools open source vulnerability findings and remediates them under embargo before public disclosure. The group went live … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/17/chainguard-athena-coalition-fix-open-source-vulnerabilities/
-
FulcrumSec Targets Novo Nordisk, Leaks Clinical and Research Data
FulcrumSec leaked data stolen from Novo Nordisk, claiming to have exfiltrated 1.3TB, including clinical records and AI research assets. On June 15, 2026, a data-theft extortion group calling itself FulcrumSec began leaking files from Novo Nordisk, the Danish maker of Ozempic and Wegovy, after the company refused a $25 million ransom demand. The attackers claimed…
-
EdTech Faces a Cybersecurity Crisis: Data Breaches Surge
EdTech firms face rising cyberattacks as ShinyHunters and FulcrumSec target schools, exposing sensitive data and disrupting services. Resecurity (USA) warns the education technology (EdTech) sector has become a prime target for cybercriminals, as attacks against educational institutions and related platforms continue to escalate. Recent high-profile incidents, including attacks by groups such as ShinyHunters and FulcrumSec,…
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
Tags: authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, group, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw…
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
Tags: authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, group, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw…
-
Chinese Espionage Actor Abuses Email Rules to Steal Research Data
Tags: china, compliance, credentials, data, email, espionage, google, group, intelligence, malware, threatThreat Actor Silently Forwarded Sensitive Emails Matching Strategic Topics. Google says Chinese espionage group UNC6508 compromised REDCap environments at North American research institutions, deployed custom malware, stole credentials and covertly forwarded strategically relevant emails through abused compliance rules to support long-term intelligence collection. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-espionage-actor-abuses-email-rules-to-steal-research-data-a-31993
-
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection
FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, Taiwan, Thailand, and Pakistan. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/sprysocks-windows-variant-kernel-drivers
-
Cybercriminals mask malicious communications through Microsoft Teams relays
Tags: communications, control, cybercrime, group, infrastructure, malicious, malware, microsoft, ransomwareThe DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/16/dragonforce-microsoft-teams-malware-backdoor-turn/
-
‘Lorem Ipsum’ Malware Pivots to ClickFix Delivery
New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lorem-ipsum-malware-clickfix-delivery