Collecting Cyber-News from over 60 sources

Tag: group

NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity

Mar 4, 2026 5:46 AM

Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-management

Geopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
Groups Push Back on HHS’ Proposed Health IT Rollbacks

Mar 4, 2026 12:47 AM

Tags: control, group, healthcare, privacy

CHIME, AHA, Others Contend Privacy, Security Burden Would Shift to Providers. Proposals to eliminate certain longstanding health IT certification criteria – including privacy and security related controls – will shift regulatory burden from health IT developers to healthcare providers, some industry groups contend in their public response to proposed federal rulemaking. First seen on govinfosecurity.com…
Amazon Says Drone Strikes Disrupted Middle East Data Centers

Mar 3, 2026 7:47 PM

Tags: attack, cyber, cyberespionage, data, group, iran, middle-east, military

Iranian Cyberespionage Group MuddyWater Goes Dark. Physical effects rather than cyber strikes are triggering Middle Eastern connectivity problems during day four of a sustained U.S. and Israeli bombing campaign against Iran. Iran is responding with drone and missile attacks targeting U.S. military as well as British bases in Bahrain, Cyprus. First seen on govinfosecurity.com Jump…
One Foothold, 25 Million Victims: The Risk Inside Modern Breaches

Mar 3, 2026 6:47 PM

Tags: breach, data, firewall, group, healthcare, korea, north-korea, ransomware, vulnerability

In last month’s reporting cycle, we saw one of the largest healthcare data breaches in U.S. history, ransomware groups tied to North Korea targeting hospitals, and firewall vulnerabilities that allowed attackers to create rogue administrative accounts almost instantly. Taken together, these incidents raise a more important question than who was hit. They force us to……
Pro-Russia actors team with Iran-linked hackers in attacks

Mar 3, 2026 6:47 PM

Tags: attack, group, hacker, infrastructure, iran, middle-east, russia

The groups formed a loose alliance in recent days, targeting critical infrastructure in the Middle East and the U.S.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/pro-russia-actors-support-iran-nexus-hackers/813647/
Silver Dragon Targets Organizations in Southeast Asia and Europe

Mar 3, 2026 5:47 PM

Tags: china, government, group, threat

ey Findings Introduction In recent months, Check Point Research (CPR) has been tracking a sophisticated, Chinese-aligned threat group whose activity demonstrates operational correlation with campaigns previously associated with APT41. We have designated this activity cluster as Silver Dragon. This group actively targets organizations in Southeast Asia and Europe, with a particular focus on government entities.…
Silver Dragon Targets Organizations in Southeast Asia and Europe

Mar 3, 2026 5:47 PM

Tags: china, government, group, threat

ey Findings Introduction In recent months, Check Point Research (CPR) has been tracking a sophisticated, Chinese-aligned threat group whose activity demonstrates operational correlation with campaigns previously associated with APT41. We have designated this activity cluster as Silver Dragon. This group actively targets organizations in Southeast Asia and Europe, with a particular focus on government entities.…
SloppyLemming Espionage Campaign Targets Pakistan, Bangladesh with BurrowShell Backdoor and Rust RAT

Mar 3, 2026 3:47 PM

Tags: access, backdoor, cyber, data-breach, espionage, group, india, rat, rust, tool

SloppyLemming, an India-linked espionage group also known as Outrider Tiger and Fishing Elephant, has run a year-long cyber campaign against high”‘value targets in Pakistan and Bangladesh using a new BurrowShell backdoor and a Rust-based remote access tool (RAT). This activity builds directly on earlier operations exposed by Cloudflare’s CloudForce One in 2024. However, it shows…
Project Compass Targets 764 Network as 30 Arrested and Victims Rescued

Mar 3, 2026 2:47 PM

Tags: exploit, group, network

Europol’s Project Compass targets The Com (aka 764 network), an online group exploiting minors. After 30 arrests, officials say the hunt for those involved is far from over. First seen on hackread.com Jump to article: hackread.com/project-compass-764-network-aarrest-victims-rescued/
Malvertising Actor ‘D-Shortiez’ Exploits WebKit Back-Button Hijack in Forced-Redirect Campaign

Mar 3, 2026 2:47 PM

Tags: cyber, exploit, flaw, group, malware, threat

A new wave of malvertising activity linked to the threat group “D”‘Shortiez” has been observed exploiting a WebKit browser flaw to hijack the back button on Safari and other iOS browsers. This technique revives a classic forced”‘redirect approach that traps users on fraudulent landing pages, showing how persistent ad”‘based threat actors continue to evolve their…
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Mar 3, 2026 1:47 PM

Tags: access, authentication, cybercrime, cybersecurity, group, login, mfa, phishing, threat

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections.It’s advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard that lets them select a brand to impersonate or enter a brand’s real URL.…
Epic Fury introduces new layer of enterprise risk

Mar 3, 2026 11:46 AM

Tags: access, apt, attack, business, cisa, ciso, communications, country, credentials, cyber, cybersecurity, data-breach, disinformation, exploit, group, infrastructure, intelligence, international, Internet, iran, malware, middle-east, network, ransomware, resilience, risk, rust, service, software, technology, tool, ukraine

Physical attacks on US-linked locations through direct action or partner groups. We are already seeing Iranian missile launches into a variety of nations in the region.Cyber operations that include disruptive activity, targeted intrusions, credential and access harvesting, destructive malware deployment, and the use of compromised infrastructure to support broader influence or operational objectives.Proxy networks across…
Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations

Mar 3, 2026 9:47 AM

Tags: access, attack, botnet, credentials, cyber, data, ddos, defense, espionage, exploit, government, group, infrastructure, intelligence, Internet, iran, leak, malware, military, monitoring, ransomware, service, social-engineering, technology, theft, threat, tool, update, vulnerability

Following the joint military operation known as Operation Epic Fury, the Tenable Research Special Operations (RSO) team is providing an update regarding potential cyber counteroffensive operations conducted by Iran-linked threat actors. Key takeaways: Following Operation Epic Fury, Iran-linked threat actors are expected to launch counteroffensive operations against critical infrastructure and opportunistic targets. Several Iranian-linked threat…
7 factors impacting the cyber skills gap

Mar 3, 2026 9:47 AM

Tags: ai, attack, automation, breach, business, ciso, control, cyber, cybercrime, cybersecurity, data, defense, detection, group, incident response, intelligence, jobs, risk, service, skills, strategy, technology, threat, tool, training, vulnerability

2. Emerging technologies: New technologies, particularly AI, are contributing to a cyber landscape that’s evolving so quickly it’s hard for even highly skilled cybersecurity professionals to pace, says Dan Lohrmann, CISO at enterprise strategy and consulting firm Presidio.AI-driven threats keep moving the target, allowing cybercriminals to attack with unprecedented levels of speed and agility, Lohrmann…
Google Chrome Introduces Merkle Tree Certificates to Protect HTTPS from Quantum Attacks

Mar 3, 2026 8:46 AM

Tags: attack, browser, chrome, computer, computing, cyber, google, group, Internet

Google Chrome’s Secure Web and Networking Team has unveiled a new initiative aimed at defending HTTPS traffic against emerging quantum computing threats. This development, rooted in the Internet Engineering Task Force’s (IETF) >>PKI, Logs, And Tree Signatures<< (PLANTS) working group, introduces Merkle Tree Certificates (MTCs) as a quantum-safe evolution for the web ecosystem. Quantum computers…
Zurich to Acquire Beazley in $11B European Insurance Deal

Mar 2, 2026 11:47 PM

Tags: cyber, group, insurance, technology

Cyber Insurance Expansion Drives Insurance Industry Consolidation. Zurich Insurance Group has agreed to acquire U.K.-based Beazley in an $11 billion deal that would create a $15 billion global insurance powerhouse. The transaction strengthens Zurich’s cyber insurance portfolio as demand surges for coverage tied to cyber and technology risks. First seen on govinfosecurity.com Jump to article:…
Iran-linked hackers raise threat level against US, allies

Mar 2, 2026 6:47 PM

Tags: ddos, group, hacker, iran, phishing, tactics, threat

Security researchers warn that hacktivists and state-linked groups are using DDoS, phishing and other tactics against critical infrastructure. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-hackers-threat-level-us-allies/813494/
Dust Specter APT Targets Government Officials in Iraq

Mar 2, 2026 5:47 PM

Tags: access, ai, api, apt, attack, backdoor, browser, chrome, cisco, cloud, control, data, detection, encryption, google, government, group, infrastructure, iran, iraq, malicious, malware, monitoring, network, open-source, password, powershell, rat, service, social-engineering, software, threat, tool, update, windows

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Due to significant overlap in tools, techniques, and procedures (TTPs), as well as victimology, between this campaign and activity associated with Iran-nexus APT groups, ThreatLabz assesses with medium-to-high confidence that an…
Hacktivists claim to have hacked Homeland Security to release ICE contract data

Mar 2, 2026 5:47 PM

Tags: data, group, hacking, office

A hacking group called Department of Peace said they hacked a specific office within Homeland Security to protest ICE’s mass deportation campaign, and the companies aiding it. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/02/hacktivists-claim-to-have-hacked-homeland-security-to-release-ice-contract-data/
APT37 combines cloud storage and USB implants to infiltrate air-gapped systems

Mar 2, 2026 3:47 PM

Tags: apt, backdoor, breach, cloud, group, korea, malware, network, north-korea, tool

North Korea-linked APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign. North Korean group ScarCruft (aka APT37, Reaper, and Group123) deployed new tools in a campaign dubbed Ruby Jumper, using a backdoor that leverages Zoho WorkDrive for C2 and a USB-based implant to breach air-gapped systems. Zscaler ThreatLabz…
MSHTML Zero-Day in Windows Exploited by APT28 Prior to Feb 2026 Security Update

Mar 2, 2026 3:47 PM

Tags: cve, cyber, exploit, flaw, group, malware, microsoft, threat, update, vulnerability, windows, zero-day

Microsoft released its Patch Tuesday updates, addressing 59 vulnerabilities, including a critical zero-day flaw in the Windows MSHTML framework. Tracked as CVE-2026-21513, this actively exploited vulnerability allows attackers to bypass security features and execute arbitrary code. APT28 is a well-documented advanced persistent threat group known for sophisticated malware campaigns. Security researchers from Akamai discovered that…
North Korea’s APT37 Expands Toolkit to Breach Air-Gapped Networks

Feb 27, 2026 4:37 PM

Tags: breach, group, hacking, korea, network, north-korea, tool

The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-apt37-expands-toolkit/
How to make LLMs a defensive advantage without creating a new attack surface

Feb 27, 2026 12:37 PM

Tags: access, ai, api, attack, authentication, best-practice, business, control, credentials, cyber, cybersecurity, data, email, exploit, framework, fraud, governance, group, identity, infrastructure, injection, intelligence, international, LLM, login, malware, mitre, nist, phishing, radius, RedTeam, risk, risk-management, scam, spear-phishing, switch, technology, threat, tool, training, unauthorized, update, vulnerability

Alert triage summaries that turn raw telemetry into a short “what happened, why it matters and what I should check next” narrativeInvestigation copilots that generate a timeline from logs, tickets and chat transcripts, then highlight gaps and recommended pivotsDetection engineering assistance for drafting Sigma, YARA or query language snippets that an engineer can review and…
Ransomware groups switch to stealthy attacks and long-term access

Feb 27, 2026 8:37 AM

Tags: access, application-security, attack, ciso, control, crime, cyber, cybercrime, cybersecurity, data, detection, encryption, endpoint, exploit, extortion, group, identity, intelligence, monitoring, organized, ransomware, service, software, strategy, supply-chain, switch, theft, threat, tool, vulnerability

38% drop in encryption over the past 12 months as more cybercriminals turn to silently exfiltrating data for extortion as their main stock in trade.Picus’ suggestion that the volume of ransomware attacks is dropping is disputed by other experts.Tony Anscombe, chief security evangelist at endpoint security vendor Eset, offered a contrasting perspective.”In the recent Eset…
North Korean APT37 Unleashes Novel Malware to Target Air-Gapped Systems

Feb 27, 2026 7:37 AM

Tags: cloud, cyber, data, group, malware, north-korea, service, threat

North Korean threat group APT37 is using a new multi”‘stage toolset to jump air”‘gaps and conduct deep surveillance by abusing removable media, Ruby, and cloud services in a campaign Zscaler ThreatLabz tracks as “Ruby Jumper.””‹ The campaign’s main goal is to move data and commands between internet”‘connected and air”‘gapped systems while deploying powerful surveillance backdoors.…
Behauptung im Darknet – 27.000 Mitarbeiterdaten von RTL-Group gestohlen

Feb 27, 2026 7:37 AM

Tags: dark-web, group

First seen on security-insider.de Jump to article: www.security-insider.de/cyberkriminalitaet-mitarbeiterdaten-rtl-group-gestohlen-a-3642b34145b6db662208ca82e9e1234d/
Suspected Chinese Cyberespionage Operation Hits 53 Telecoms

Feb 26, 2026 7:37 PM

Tags: backdoor, china, control, cyberespionage, google, group, hacker, hacking, infrastructure

Google Unmasks, Disrupts Group Using Sheets for Command-and-Control Purposes. Likely Chinese nation-state hackers used online spreadsheets as infrastructure for hacking campaigns that affected at least 53 telecom operators across 42 countries, Google disclosed Wednesday. Incident responders discovered a backdoor being remotely controlled through Google Sheets. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/suspected-chinese-cyberespionage-operation-hits-53-telecoms-a-30857
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
Rogue devs of sideloaded Android apps beg for freedom from Google’s verification regime

Feb 26, 2026 5:37 PM

Tags: android, google, group

37 groups urge the company to drop ID checks for apps distributed outside Play First seen on theregister.com Jump to article: www.theregister.com/2026/02/24/google_android_developer_verification_plan/