Tag: group
-
ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw
Oracle still hasn’t patched the vulnerability the group has been using in its attacks since late May. First seen on cyberscoop.com Jump to article: cyberscoop.com/oracle-peoplesoft-zero-day-vulnerability-shinyhunters-extortion/
-
Silent Ransom Group: what you need to know
Most extortion gangs hide behind a keyboard. Silent Ransom Group will phone your staff pretending to be IT support – and if that fails, send someone to your office in person to plug in a USB stick. First seen on fortra.com Jump to article: www.fortra.com/blog/silent-ransom-group-what-you-need-know
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday.The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle East and North Africa (MENA) region making 201 arrests.Included among them was Guedz, the…
-
Authorities dismantle crypto laundering service that moved Euro336 million for cybercriminals
An international law enforcement operation has dismantled a cryptocurrency laundering service linked to ransomware groups and other cybercriminals that processed more than … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/12/europol-audia6-crypto-laundering-service-ransomware-groups/
-
Oracle PeopleSoft Zero-Day RCE Vulnerability Exploited by ShinyHunters
Tags: cve, cvss, cyber, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, vulnerability, zero-dayA newly disclosed zero-day vulnerability in Oracle PeopleSoft is being actively exploited by the ShinyHunters threat group, according to a joint investigation by Mandiant and Google Threat Intelligence Group (GTIG). Tracked as CVE-2026-35273 with a critical CVSS score of 9.8, the flaw affects the Environment Management component and enables unauthenticated remote code execution. Researchers confirmed…
-
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest.Google’s Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its…
-
Russian national charged in connection with Void Blizzard espionage campaign
Denis Obrezko accused of orchestrating cyberattacks that compromised at least 11 U.S. companies as part of the Kremlin-linked group’s sprawling espionage operation.\ First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-national-charged-void-blizzard-cyber-espionage/
-
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis).According to a detailed report First seen on…
-
Decade-Long SniperDz Phishing Network Disrupted in Operation Ramz
Group-IB, INTERPOL and Algerian Police dismantle decade-old SniperDZ phishing network used to steal credentials, with its alleged developer arrested. First seen on hackread.com Jump to article: hackread.com/authorities-dismantle-sniperdz-phishing-network/
-
University of Nottingham confirms cyber incident as Shiny Hunters group claims data theft
According to the university’s statement, it is still working to understand what data has been accessed and said it had already directly contacted affected students and alumni, potentially including those in its foreign campuses in Malaysia and China as well as in Nottingham. First seen on therecord.media Jump to article: therecord.media/university-of-nottingham-cyber-incident-shiny-hunters
-
NCC Group outlines cyber future
Firm concludes strategic review, ruling out a sale, and will operate as a security and services player First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366644166/NCC-Group-outlines-cyber-future
-
Interpol Dismantles SniperDz Phishing-as-a-Service Platform
New revelations by Group-IB expose the full scale of the decade-old SniperDz phishing operation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/interpol-dismantles-sniperdz/
-
JDY Botnet Evolves After KV Takedown, Targets Military Networks
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance network tied to Chinese state-sponsored hacking groups including Volt Typhoon. The network was first spotted in late 2023 as a cluster inside KV-botnet. The U.S. government…
-
Nottingham University data breach affects over 450,000 students
The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nottingham-university-data-breach-affects-over-450-000-students/
-
Ransomware group The Gentlemen linked to Russian national
First seen on scworld.com Jump to article: www.scworld.com/brief/ransomware-group-the-gentlemen-linked-to-russian-national
-
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
North Korea’s gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-korean-threat-groups-asia-pacific-success
-
SMEs Need Cyber Help That Speaks Their Language
Helen Barge of Howden on Scaling Practical Cyber Support for Small Businesses. Small and mid-sized businesses face unique cybersecurity barriers – from budget constraints to IT providers who fall short on basics – and need accessible, jargon-free guidance, said Helen Barge, principal and head of digital resilience services at global insurance group Howden. First seen…
-
Hackers pose as women seeking romance to spy on Russian soldiers
The group, dubbed SiribClone by Russian cybersecurity firm F6, has been active since at least the summer of 2025 and has primarily targeted members of the Russian armed forces stationed in border regions and combat zones. First seen on therecord.media Jump to article: therecord.media/hackers-pose-as-women-seeking-romance-russian-military
-
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released.The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw that…
-
Handala Claims Israeli Radar Hack, But Evidence Shows Phone Admin Panel
An Iranian-linked hacker group called Handala claimed to have hit Israeli military targets with massive cyberattacks on Sunday,… First seen on hackread.com Jump to article: hackread.com/handala-israeli-radar-hack-evidence-phone-admin-panel/
-
WhatsApp Discovers NSO Group-Linked Spearphishing Attempts
Meta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishing First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/whatsapp-nso-group-spearphishing/
-
Trotz Geldstrafe: NSO Group erneut bei Spyware-Attacken über Whatsapp erwischt
Die NSO Group musste für Spyware-Attacken auf Whatsapp-Nutzer bereits über 167 Millionen US-Dollar Strafe zahlen. Doch die Angriffe gehen offenbar weiter. First seen on golem.de Jump to article: www.golem.de/news/trotz-geldstrafe-nso-group-erneut-bei-spyware-attacken-ueber-whatsapp-erwischt-2606-209547.html
-
WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group
WhatsApp has disrupted a new spyware campaign linked to the NSO Group, the controversial surveillance vendor behind Pegasus, while simultaneously seeking legal action against the company for allegedly violating a U.S. court injunction. The disclosure highlights NSO’s continued efforts to target users despite a landmark 2025 ruling that permanently barred the firm from accessing WhatsApp’s…
-
Meta Accuses NSO of Violating WhatsApp Court Injunction
Meta says NSO violated a court injunction by targeting WhatsApp users again through phishing campaigns and test accounts. Last year, WhatsApp won a landmark case against NSO Group, the Israeli spyware vendor behind Pegasus, and secured a permanent court injunction barring the company from ever targeting WhatsApp or its users again. The court was unambiguous:…
-
Meta Accuses NSO of Violating WhatsApp Court Injunction
Meta says NSO violated a court injunction by targeting WhatsApp users again through phishing campaigns and test accounts. Last year, WhatsApp won a landmark case against NSO Group, the Israeli spyware vendor behind Pegasus, and secured a permanent court injunction barring the company from ever targeting WhatsApp or its users again. The court was unambiguous:…
-
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks
The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/silent-ransom-us-law-firms-extortion-attacks
-
Meta claims NSO Group still targets WhatsApp users despite court order
Meta claims it disrupted spear-phishing attempts linked to NSO Group and is asking a US federal court to hold the spyware vendor in contempt for allegedly violating an … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/08/meta-whatsapp-nso-group-phishing-campaign/