Collecting Cyber-News from over 60 sources

Tag: group

Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order

Jun 8, 2026 8:43 PM

Tags: attack, group, malicious, phishing, spear-phishing, spyware

Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group.In addition, the tech giant said it’s filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp and its users.”They tried to trick people into clicking on malicious links…
Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint

Jun 8, 2026 7:42 PM

Tags: group, spyware

The company said it spotted a spearphishing campaign linked to the Israeli spyware maker targeting WhatsApp users, despite a court order prohibiting it. First seen on cyberscoop.com Jump to article: cyberscoop.com/meta-contempt-complaint-nso-group-spyware/
WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order

Jun 8, 2026 6:42 PM

Tags: attack, group, phishing, spyware

The messaging giant announced that it disrupted a phishing campaign targeting its users with NSO’s spyware. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/08/whatsapp-says-it-caught-new-spyware-attacks-linked-to-nso-group-in-violation-of-court-order/
8th June Threat Intelligence Report

Jun 8, 2026 5:42 PM

Tags: breach, data, data-breach, email, group, intelligence, threat

DentaQuest, a U.S. dental benefits administrator owned by Sun Life, has suffered a data breach after threat group ShinyHunters leaked exfiltrated data. Analysts assessed that 2.6 million accounts were exposed, including names, emails, […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/8th-june-threat-intelligence-report/
Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites

Jun 8, 2026 4:42 PM

Tags: botnet, cybersecurity, data, group, law, leak, ransom, theft

Cybersecurity firm Resecurity reports Silent Ransom Group is using a fast flux botnet to hide data leak sites while targeting law firms with theft and vishing. First seen on hackread.com Jump to article: hackread.com/silent-ransom-group-fast-flux-botnet-leak-sites/
Pink Hacking Group Targets Enterprises to Steal Cloud Passwords

Jun 8, 2026 3:44 PM

Tags: attack, cloud, credentials, cyber, extortion, group, hacking, leak, mfa, password, phishing, social-engineering

A newly observed extortion brand called Pink (CL-CRI-1147) that is actively targeting enterprise users to harvest cloud storage credentials and bypass multi-factor authentication. The group’s leak site went live on May 31, 2026, and its operations combine social engineering with classic credential-phishing to quickly convert compromised accounts into extortion leverage. Pink’s attack chain begins with…
UNC3753 Escalates: From Vishing Calls to Physical Office Intrusions at US Legal and Financial Firms

Jun 8, 2026 2:42 PM

Tags: cybercrime, extortion, finance, google, group, intelligence, mandiant, office, phone, threat

UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Threat Intelligence Group published a detailed report documenting an active extortion campaign carried out by the cybercrime group UNC3753 (aka Luna Moth, Chatty Spider, and…
Oxford University discloses data breach after careers platform hack

Jun 8, 2026 1:42 PM

Tags: breach, data, data-breach, group, service

The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oxford-university-discloses-data-breach-after-careerconnect-platform-hack/
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

Jun 8, 2026 1:42 PM

Tags: backdoor, china, cyber, espionage, group, hacking, linux, malware, threat

A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems.The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking…
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign

Jun 8, 2026 11:42 AM

Tags: cybersecurity, data, extortion, finance, google, group, intelligence, mandiant, service, theft, threat

Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026.The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753, which is also…
DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

Jun 7, 2026 9:42 PM

Tags: breach, cybercrime, data, data-breach, extortion, group, leak

ShinyHunters leaked 234 GB of data allegedly stolen from DentaQuest after failed negotiations, potentially impacting 2.6 million people. The ShinyHunters extortion group has published a 234 GB archive of data allegedly stolen from dental benefits administrator DentaQuest. The cybercrime gang added the company to its Tor data leak site in May, and the data was…
Silent Ransom Group targets law firms with fake IT support calls

Jun 7, 2026 4:42 PM

Tags: attack, cybersecurity, data, extortion, group, law, ransom, service, social-engineering, theft

The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/silent-ransom-group-targets-law-firms-with-fake-it-support-calls/
New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams

Jun 6, 2026 9:42 PM

Tags: authentication, cloud, cybersecurity, data, extortion, group, mfa, microsoft, phishing, scam, threat

Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments. First seen on hackread.com Jump to article: hackread.com/pink-extortion-microsoft-365-cloud-data-vishing-scams/
UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins

Jun 6, 2026 11:43 AM

Tags: cyber, finance, google, group, intelligence, law, mandiant, monitoring, office, phishing, ransom, service, threat, tool

Threat cluster UNC3753, widely tracked as Silent Ransom Group or Luna Moth, is actively targeting professional, legal, and financial services in the United States. According to Mandiant’s Google Threat Intelligence Group (GTIG), this financially motivated campaign leverages a highly effective combination of voice phishing, remote monitoring and management abuse, and unprecedented physical office intrusions. Attackers…
Pro-Russian hacker group launches ‘Patriotic Online Games’ campaign targeting European organizations

Jun 6, 2026 5:42 AM

Tags: group, hacker, russia

First seen on scworld.com Jump to article: www.scworld.com/brief/pro-russian-hacker-group-launches-patriotic-online-games-campaign-targeting-european-organizations
Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure

Jun 5, 2026 8:43 PM

Tags: attack, cybersecurity, data-breach, dns, group, infrastructure, intelligence, law, malicious, network, ransom

Researchers exposed the Silent Ransom Group ‘s Fast Flux infrastructure as the FBI warns of ongoing attacks targeting U.S. law firms and businesses. Resecurity uncovered the Silent Ransom Group (SRG)’s Fast Flux network infrastructure and shares available intelligence with the cybersecurity community to disrupt their malicious activities and enable ISP/DNS providers to counter this threat.…
Chinese APT deploys new malware to keep access to hacked networks

Jun 5, 2026 8:43 PM

Tags: access, apt, backdoor, china, espionage, group, malware, microsoft, network

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-apt-deploys-new-malware-to-keep-access-to-hacked-networks/
Google and FBI warn of ransomware group that sends fake IT workers to hack victims in person

Jun 5, 2026 6:42 PM

Tags: access, breach, cybercrime, data, google, group, law, office, ransom, ransomware

Cybercriminals, part of a gang known as Silent Ransom Group, have sent people pretending to be IT support employees to law firms’ offices, where the criminals have stolen data using USB drives or remote access tools. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/05/google-and-fbi-warn-of-ransomware-group-that-sends-fake-it-workers-to-hack-victims-in-person/
Silent Ransom Group (SRG): Uncovering DNS Fast Flux Infrastructure

Jun 5, 2026 5:42 PM

Tags: dns, group, infrastructure, ransom

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/silent-ransom-group-srg-uncovering-dns-fast-flux-infrastructure
Infosecurity Europe: Practical Lessons From Lloyds’ Agentic AI Security Playbook

Jun 5, 2026 2:42 PM

Tags: ai, banking, governance, group

Lloyds Banking Group shared its approach for securing agentic AI workflows, with a mix of hands on experimentation and cross functional governance First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lloyds-agentic-ai-security-playbook/
China’s TA4922 Expands Cybercrime Attacks Globally

Jun 5, 2026 12:42 AM

Tags: attack, china, cybercrime, group

One of the world’s most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-ta4922-cybercrime-attacks-globally
Russia seeks to label two anti-Kremlin hacker groups as ‘extremist’

Jun 4, 2026 8:42 PM

Tags: cyberattack, government, group, hacker, infrastructure, russia

The groups have previously claimed responsibility for cyberattacks targeting critical infrastructure and government institutions in Russia and Belarus. First seen on therecord.media Jump to article: therecord.media/russia-seeks-extremist-label-for-hacker-groups
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It

Jun 4, 2026 7:43 PM

Tags: access, ai, cybersecurity, defense, group, infrastructure, network, unauthorized

Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic’s Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group claimed that it had gained access…
China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa

Jun 4, 2026 7:43 PM

Tags: attack, china, cybercrime, germany, group, malware, phishing, rat

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa.These efforts have been complemented by a “rapid operational tempo” and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), as…
Lazarus Group Uses npm Brandjacking Campaign to Target Developers

Jun 4, 2026 3:42 PM

Tags: credentials, group, lazarus, malware, north-korea, tool

North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk. First seen on hackread.com Jump to article: hackread.com/lazarus-group-npm-brandjacking-target-developers/
China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa

Jun 4, 2026 2:42 PM

Tags: attack, china, cybercrime, germany, group, malware, phishing, rat

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa.These efforts have been complemented by a “rapid operational tempo” and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), as…
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Jun 4, 2026 2:42 PM

Tags: attack, backdoor, cybercrime, cybersecurity, google, group, macOS, malicious, malware, network

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell.According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two…
Proofpoint: TA4922 Deploys New RAT and Loader Arsenal

Jun 4, 2026 11:42 AM

Tags: china, cloud, cyber, cybercrime, detection, group, malware, rat, service, tactics, threat, tool

A rapidly evolving threat cluster tracked as TA4922, a Chinese-speaking cybercriminal actor deploying a diverse and expanding malware arsenal that now includes Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT. The group is notable for its high operational tempo, shifting tactics, and ability to blend custom malware with legitimate tools and cloud services, complicating detection efforts across…
JINX-0164 Targets Crypto Firms With macOS Malware

Jun 4, 2026 10:42 AM

Tags: access, crypto, cyber, endpoint, group, macOS, malware, social-engineering, software, threat

A series of targeted intrusions against cryptocurrency organizations, attributing the activity to a newly identified threat actor tracked as JINX-0164. The campaign combines advanced social engineering, custom macOS malware, and deep access into development and CI/CD environments, enabling attackers to pivot from individual developer endpoints to critical software distribution systems. The group primarily targets developers…
29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming

Jun 4, 2026 9:42 AM

Tags: crime, group, international, law, network

International Operation KRATOS led by Europol dismantled illegal streaming networks, leading to 29 arrests and nine crime groups taken down. An international law enforcement operation, codenamed Operation KRATOS and involving 13 countries (Belgium, Bulgaria, Croatia, France, Greece, Ireland, Italy, the Netherlands, Poland, Romania, Spain, the UK, and the US), spent seven months quietly dismantling the…