Tag: group
-
Ghostwriter APT Uses Fake Gmail Login Panels to Steal Passwords and 2FA Codes
Ghostwriter (UNC1151) has escalated its long-standing phishing operations by deploying convincing fake Gmail login panels that harvest both passwords and two-factor authentication (2FA) codes, CERT Polska reports. The group historically focused on Polish email providers such as Onet, Wirtualna Polska and Interia shifted in March 2026 to high-volume Gmail-targeted campaigns. Attackers send professionally worded Polish-language…
-
China-linked actor spent two years inside medical research networks
Tags: china, credentials, cyberespionage, email, google, group, intelligence, military, network, threatChina’s UNC6508 hid in North American medical research networks for 2 years, stealing credentials and forwarding emails to Gmail Google’s Threat Intelligence Group published a report this week on UNC6508, a China-linked cyberespionage group that breached North American medical and military research organizations and stayed hidden for more than two years. The earliest confirmed intrusion…
-
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT.”The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said. “It was designed to create concern over possible First seen on…
-
Rhysida and Interlock Ransomware Groups Linked to Initial Access Brokers and Crypter Ecosystem
Rhysida and Interlock sit inside the same ransomware supply chain, but their latest observed behavior shows a more nuanced relationship than simple code reuse. IBM X-Force’s long-term analysis ties both groups to initial access brokers, private crypters, downloaders, and backdoors that help them stage intrusion chains before encryption. The core finding is that both operations…
-
The Gentlemen RaaS Scales to 166 Victims as Ransomware Groups Compete for Affiliates
Two new Ransomware-as-a-Service (RaaS) entrants publicly recruited affiliates, underscoring a rapid reconsolidation of the ransomware market and a sharpening competition for skilled operators. An actor using the handle hyflock123 posted a recruitment thread on Duty-Free on May 14 claiming prior work with LockBit and Qilin and launching “Hyflock.” The next day hastalamuerte, founder and administrator…
-
China-linked group uses InfiniteRed malware to target medical research institutions
First seen on scworld.com Jump to article: www.scworld.com/brief/china-linked-group-uses-infinitered-malware-to-target-medical-research-institutions
-
US FCC Eases Router Ban for Cable ISPs
Waiver Allows Component Swaps for 1 Year. The U.S. Federal Communications Commission approved a cable industry lobbying group’s request to grant large scale internet service providers with a waiver from Trump administrations’ current ban on consumer grade foreign-made routers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/us-fcc-eases-router-ban-for-cable-isps-a-31982
-
ShinyHunters Hits Universities Via Oracle Zero-Day
Mandiant: 68% of Targets Were Higher Ed Institutions Running PeopleSoft. ShinyHunters exploited a critical zero-day in Oracle PeopleSoft to breach more than 100 organizations globally, researchers at Mandiant and Google’s Threat Intelligence Group said, with universities and colleges accounting for the majority of confirmed targets in the active extortion campaign. First seen on govinfosecurity.com Jump…
-
Copilot ‘SearchLeak’ Attack Allows 1-Click Data Theft
The critical, three-stage attack is now patched, but it’s part of a new group of AI prompt-injection issues that use hidden URLs and other variables. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/copilot-searchleak-attack-1-click-data-theft
-
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email.The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the unusual part: the attackers rewired the victims’ own Google Workspace rules…
-
Google exposes China espionage group that’s been lurking in networks undetected since 2023
The revelation mirrors an alarming pattern of Chinese espionage groups dropping backdoors into critical infrastructure to intercept research and steal data with national security implications. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-unc6508-china-espionage-threat/
-
China-nexus group linked to multiyear campaign targeting US, Canadian medical research
A report from Google links a sophisticated espionage effort targeting information about viruses, AI and military information. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-nexus-multiyear-hacking-us-canadian-medical-research/822912/
-
Council of Europe investigates ShinyHunters data breach claims
The Council of Europe, the continent’s oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/council-of-europe-investigates-shinyhunters-data-breach-claims/
-
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
How the Anubis ransomware group stole and leaked an Italian Adriatic port authority’s data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/anubis-ransomware-adriatic-port/
-
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
How the Anubis ransomware group stole and leaked an Italian Adriatic port authority’s data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/anubis-ransomware-adriatic-port/
-
Cybersecurity vets protest ‘dangerous’ US government ban on Anthropic’s most powerful models
A group made up of dozens of cybersecurity experts urged the White House to remove export control restrictions on Anthropic’s models Fable and Mythos, arguing that the order is going to limit the ability of cybersecurity defenders to secure their software and products. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/15/cybersecurity-vets-protest-dangerous-us-government-ban-on-anthropics-most-powerful-models/
-
China-linked spies backdoored authentication stack to stay hidden for years
A China-linked cyber espionage group known as Velvet Ant spent nearly a decade inside the internal network of an unnamed organization without being detected, according to the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/15/velvet-ant-backdoored-authentication-persistence/
-
MS-ISAC enters uncertain new era after losing federal funding and thousands of members
The information-sharing group, a vital resource for state and local governments, has cut staff and pinned its hopes on a membership surge. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ms-isac-membership-loss-states-federal-funding-cut/821984/
-
Handala Hacking Group Claims Breach of California Water Service
The Handala hacking group claims it has targeted California Water Service, leaking 5GB of customer database and GPS network files in its latest infrastructure attack. First seen on hackread.com Jump to article: hackread.com/handala-hacking-group-california-water-service-breach/
-
Belarus-linked hackers target Gmail accounts of Polish public figures and their families
Poland has warned that Ghostwriter, the Belarus-linked hacker group, has expanded its phishing operations to target personal Gmail accounts belonging to senior public figures and their relatives. First seen on therecord.media Jump to article: therecord.media/ghostwriter-targets-personal-gmail-accounts-in-poland
-
Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group’s Rise
The Gentlemen ransomware used infostealer credentials, AI tools, and affiliates to hit 483 victims across 66 countries in under a year. The Gentlemen surfaced as a ransomware operation in September 2025 and by June 13, 2026 had listed 483 victims on their dark-web leak site, 380 of them in 2026 alone. That makes them the…
-
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations.”These accounts promoted fake offers, including free mobile internet packages, financial compensation, and government subsidy programs,” Group-IB First seen on thehackernews.com Jump to article: thehackernews.com/2026/06/sniper-dz-scams-target-mena-users-via.html
-
China-nexus group hid in Linux login system for nearly a decade
First seen on scworld.com Jump to article: www.scworld.com/brief/china-nexus-group-hid-in-linux-login-system-for-nearly-a-decade
-
Iran-linked group Handala claims to steal Cal Water customer info
First seen on scworld.com Jump to article: www.scworld.com/news/iran-linked-group-handala-claims-to-steal-cal-water-customer-info
-
Iran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.
Pro-Iran group Handala breached Cal Water via an exposed GPS tool, reaching billing data for 2M customers. 5GB leaked. On June 11, 2026, the Iran-linked threat group Handala posted a claim on its blog that it had compromised California Water Service, known as Cal Water, and published a 5GB proof-of-concept data dump to back it…
-
Chinese cybercrime operation that used AI to scam ‘hundreds of thousands of victims’ sued by Google
The tech giant said a group called “Outsider Enterprise” used AI to scam hundreds of thousands of victims, sending 2.5 million text messages over a span of two weeks. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/12/chinese-cybercrime-operation-that-used-ai-to-scam-hundreds-of-thousands-of-victims-sued-by-google/
-
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself.Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is allowed to sign in, planting its access where ordinary…
-
Conti ransomware group member pleads guilty, faces up to 20 years in prison
Oleksii Lytvynenko, a 44-year-old Ukrainian national, admitted to joining the prolific cybercrime group in 2021. Officials said he engaged in cybercrime up until his arrest in Ireland in 2023. First seen on cyberscoop.com Jump to article: cyberscoop.com/conti-ransomware-member-ukrainian-lytvynenko-guilty/
-
Google sues alleged Chinese cybercrime operation that used AI to send scam texts
The tech giant said a group called “Outsider Enterprise” used AI to scam hundreds of thousands of victims, sending 2.5 million text messages over a span of two weeks. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/12/google-sues-alleged-chinese-cybercrime-operation-that-used-ai-to-send-scam-texts/