Tag: group
-
ShinyHunters cyberattack on CarGurus impacts 12.4 Million users
ShinyHunters leaked data from 12.4M CarGurus accounts, exposing personal information from the U.S.-based auto research and shopping platform. The ShinyHunters group published personal data from over 12 million CarGurus accounts. CarGurus is a U.S.-based digital automotive marketplace that helps users research, compare, and connect with sellers of new and used vehicles. Operating in the U.S.,…
-
Moscow man accused of posing as FSB officer to extort Conti ransomware gang
A Moscow resident has been accused of trying to extort money from the notorious Conti ransomware group by posing as an officer of Russia’s Federal Security Service, according to local media reports. First seen on therecord.media Jump to article: therecord.media/moscow-man-accused-of-extorting-conti-gang
-
Chinese group’s ChatGPT use reveals worldwide harassment campaign against critics
OpenAI said a Chinese law enforcement agency uploaded reports to ChatGPT that details a worldwide digital operation to track and silence regime critics at home and abroad. First seen on cyberscoop.com Jump to article: cyberscoop.com/chinese-chatgpt-online-harassment-campaign-against-critics-dissidents/
-
How Mexico’s ‘CJNG’ Drug Cartel Embraced AI, Drones, and Social Media
Drug kingpin Nemesio “El Mencho” Oseguera Cervantes may be dead, but the Jalisco cartel he ran for years will likely outlive him”, thanks, in part, to the criminal group’s embrace of technology. First seen on wired.com Jump to article: www.wired.com/story/how-mexicos-cjng-drug-cartel-embraced-ai-drones-and-social-media/
-
Lazarus APT group deployed Medusa Ransomware against Middle East target
North Korea’s Lazarus Group used Medusa ransomware in an attack on an unnamed Middle East organization, researchers report. The North Korea-linked Lazarus APT Group, also known as Diamond Sleet and Pompilus, has been spotted deploying Medusa ransomware against an unnamed organization in the Middle East, according a new report from the Symantec and Carbon Black…
-
Operation Red Card 2.0 Leads to 651 Arrests in Africa
In the latest operation targeting cybercrime groups, African law enforcement agencies cooperated with Interpol and cybersecurity firms to recover more than USD 4.3 million. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/operation-red-card-2-0-leads-to-651-arrests-in-africa
-
Airline brands become launchpads for phishing, crypto fraud
Airline brands sit at the center of peak travel booking cycles, loyalty programs, and high value transactions. Criminal groups continue to register thousands of lookalike … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/airline-phishing-campaigns-crypto-fraud/
-
North Korea’s Lazarus Group targets healthcare orgs with Medusa ransomware
New ransomware of choice, same critical targets First seen on theregister.com Jump to article: www.theregister.com/2026/02/24/north_koreas_lazarus_group_healthcare_medusa_ransomware/
-
CarGurus data breach exposes information of 12.4 million accounts
The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cargurus-data-breach-exposes-information-of-124-million-accounts/
-
Threat groups move at record speeds, as AI helps scale attacks
A report by CrowdStrike shows cybercrime groups are outpacing security teams and increasingly abusing legitimate tools. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-groups-record-speeds-ai-attacks/812965/
-
Threat groups moving at record speeds, as AI helps scale attacks
A report by CrowdStrike shows cybercrime groups are outpacing security teams and increasingly abusing legitimate tools. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-groups-record-speeds-ai-attacks/812965/
-
North Korean Lazarus Group Expands Ransomware Activity With Medusa
Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-lazarus-group-medusa/
-
North Korean Hackers Continue to Target US Healthcare
Tags: attack, extortion, group, hacker, healthcare, intelligence, lazarus, north-korea, ransomware, threatReport: Lazarus Group Pivoting to Medusa Ransomware for Extortion Attacks. North Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report. First seen on govinfosecurity.com…
-
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
Tags: attack, group, healthcare, intelligence, korea, lazarus, middle-east, north-korea, ransomware, threatThe North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team.Broadcom’s threat intelligence division said it also identified the same threat actors mounting an unsuccessful…
-
North Korean Lazarus group linked to Medusa ransomware attacks
North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-group-linked-to-medusa-ransomware-attacks/
-
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities.The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week.”The group used several First seen…
-
Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration
Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data…
-
Everest ransomware hits Vikor Scientific ‘s supplier, data of 140,000 patients stolen
Everest ransomware claims an attack on diagnostic firm Vikor Scientific (Vanta Diagnostics), exposing data of nearly 140,000 people. The Everest ransomware group has claimed responsibility for a cyberattack on Vikor Scientific, now operating as Vanta Diagnostics. The healthcare diagnostic firm disclosed a data breach impacting nearly 139,964 individuals, as reported by the US Department of…
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Anthropic’s Claude Code Security rollout is an industry wakeup call
Anchors security posture to the model: However, those assurances didn’t make all concerns evaporate. “The moment those vibe coders plug a foundation model into their CI pipeline, their entire security posture is no longer anchored only to the company’s code,” I-Gentic AI CEO Zahra Timsah pointed out.”It is anchored to the current behavior of that model.…
-
Odido Faces Alleged Data Breach as ShinyHunters Claims 21M Records Exposed
A notorious cybercriminal group, ShinyHunters, has claimed responsibility for a massive data breach involving Odido and BEN, exposing millions of customer records. The group asserts that Odido, a Dutch telecommunications provider, was not truthful in its initial disclosure of the incident. This development suggests the breach may be significantly larger and more severe than initially…
-
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerabilityRecommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
-
Spain arrests suspected hacktivists for DDoSing govt sites
Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties, and various public institutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/spain-arrests-suspected-anonymous-fenix-hacktivists-for-ddosing-govt-sites/
-
Iran’s MuddyWater Targets Orgs With Fresh Malware as Tensions Mount
The long-active Iranian threat group debuted various attack strains and payloads in attacks against organizations in the Middle East and Africa. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iran-muddywater-new-malware-tensions-mount
-
Spanish police arrest suspected Anonymous members over DDoS attacks on government sites
Spanish police (Guardia Civil) arrested four members of the hacktivist group Anonymous Fénix over DDoS attacks targeting ministries, political parties and public institutions. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/spain-guardia-civil-arrests-anonymous-fenix-ddos-attacks/
-
GrayCharlie Hacks WordPress Sites, Spreads NetSupport RAT and Stealc Malware
GrayCharlie is abusing compromised WordPress sites to silently load malicious JavaScript that pushes NetSupport RAT, often followed by Stealc and SectopRAT, via fake browser updates and ClickFix lures. Insikt Group tracks GrayCharlie as a financially motivated threat actor overlapping with SmartApeSG, active since mid”‘2023, and specializing in turning legitimate WordPress sites into malware-delivery points. The…
-
Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers
Patch, but verify first: Unit 42 directed organizations to Ivanti’s security advisory for remediation guidance, which recommends applying version-specific RPM patches for EPMM 12.x branches that require no appliance downtime. Ivanti cautioned, however, that the patch does not survive a version upgrade and must be reinstalled if the software is updated. “The permanent fix for…
-
AWS says more than 600 FortiGate firewalls hit in AI-augmented campaign
Off-the-shelf tools helped Russian-speaking cybercrime group run riot First seen on theregister.com Jump to article: www.theregister.com/2026/02/23/aws_fortigate_firewalls/