Tag: hacking
-
ShinyHunters Claims BreachForums Seized by Law Enforcement, Now a Honeypot
Tags: authentication, breach, communications, cyber, data, hacking, infrastructure, law, privacy, threatThe threat actor known as ShinyHunters has publicly disclosed what they claim is a covert seizure of BreachForums, a notorious online platform used for trading stolen data and discussing illicit hacking activities. According to ShinyHunters’ announcement, the forum’s core infrastructure, including its official Pretty Good Privacy (PGP) key used for cryptographic authentication and secure communications,…
-
Dutch Investigators Blame Hacks on Multiple Threat Actors
NCSC-NL Says Hack of Citrix NetScaler Flaw Also Targeted Critical Infrastructure. A preliminary assessment by the Dutch NCSC into a suspected Russian hacking campaign has concluded that more than one group likely carried out the May breach of the country’s law enforcement network. Investigators say hacks of Citrix NetScaler flaw also targeted critical infrastructure. First…
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Dutch Investigators Blame Multiple Threat Actors on Hacks
NCSC-NL Says Hack of Citrix NetScaler Flaw Also Targeted Critical Infrastructure. A preliminary assessment by the Dutch NCSC into a suspected Russian hacking campaign has concluded that more than one group likely carried out the May breach of the country’s law enforcement network. Investigators say hacks of Citrix NetScaler flaw also targeted critical infrastructure. First…
-
Details emerge on WinRAR zero-day attacks that infected PCs with malware
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian ‘RomCom’ hacking group to drop different malware payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/details-emerge-on-winrar-zero-day-attacks-that-infected-pcs-with-malware/
-
Two groups exploit WinRAR flaws in separate cyber-espionage campaigns
A prominent hacking operation known as RomCom and a lesser-known group tracked as Paper Werewolf or Goffee each exploited a zero-day vulnerability in WinRAR software this summer, researchers said. First seen on therecord.media Jump to article: therecord.media/winrar-zero-day-exploited-romcom-paper-werewolf-goffee-hackers
-
How ShinyHunters Hacking Group Stole Customer Data from Salesforce
Hackers posed as Salesforce IT staff, using vishing to trick employees into installing malicious software for data theft and extortion. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-salesforce-vishing-attack-shinyhunters/
-
Operation Chakra V: Call Center Scammers and your PII
Here we have another cautionary tale about off-shoring customer service when faced with the reality of Call Center Scams that commit fraud via Tech Support Scams and Government Impersonation. In this case, FirstIdea, an Indian company is charged with committing fraud against at least 100 victims from Australia and the UK. FirstIdea.us, according to their…
-
Nigerian man extradited from France to US over hacking and fraud allegations
A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the… First seen on hackread.com Jump to article: hackread.com/nigerian-extradited-france-us-hacking-fraud-allegations/
-
North Korean cyber-espionage group ScarCruft adds ransomware in recent attack
A North Korean state-linked hacking group known for spying added some “newly observed” ransomware to its kit in a campaign targeting South Koreans, researchers said. First seen on therecord.media Jump to article: therecord.media/scarcruft-north-korea-hackers-add-ransomware
-
Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from Victims
The threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over $1 million in cryptocurrency from victims. This coordinated assault, uncovered by Koi Security researchers, leverages a staggering 650 hacking tools comprising 150 weaponized Firefox extensions and nearly 500 malicious Windows executables demonstrating…
-
Hacker Extradited to U.S. for $2.5 Million Tax Fraud Scheme
Chukwuemeka Victor Amachukwu, also known as Chukwuemeka Victor Eletuo and So Kwan Leung, was extradited from France to the United States to face charges related to sophisticated hacking, wire fraud, and aggravated identity theft operations. The 39-year-old Nigerian national was presented before U.S. Magistrate Judge Robert W. Lehrburger in the Southern District of New York,…
-
Die wichtige Rolle der SaaS-Datensicherung nach Angriffen von Salt Typhoon
Datensicherung überdenken nach Cyberangriffen von Salt Typhoon. Stärkung der Resilienz in einer SaaS-gesteuerten Geschäftswelt. Die chinesische, mutmaßlich staatlich unterstützte Hacking-Kampagne mit dem Namen Salt Typhoon hat vor einem halben Jahr mit einem massiven Cyberangriff auf die globale Telekommunikation Aufsehen erregt. Seitdem sorgt sie weiterhin für Schlagzeilen und die Branche ist nach wie vor… First seen…
-
Nigerian accused of hacking tax preparation businesses extradited to US
Prosecutors accuse Chukwuemeka Victor Amachukwu, who was arrested in France, of multiple fraud schemes, including tax refund fraud and identity theft. First seen on cyberscoop.com Jump to article: cyberscoop.com/nigerian-extradited-charged-tax-refund-fraud/
-
Hacker extradited to US for stealing $3.3 million from taxpayers
Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-extradited-to-us-for-stealing-33-million-from-taxpayers/
-
US Authorities Extradite Nigerian Man Accused of Hacking and Fraud
A Nigerian man accused of hacking, fraud and identity theft has been extradited from France to the US to face charges First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-authorities-extradite-nigerian/
-
Microsoft increases Zero Day Quest prize pool to $5 million
Microsoft will offer up to $5 million in bounty awards at this year’s Zero Day Quest hacking contest, which the company describes as the “largest hacking event in history.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-announces-5-million-prize-pool-for-zero-day-quest-hacking-contest/
-
Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer
The cybercrime D4rk4rmy added the Monte-Carlo Société des Bains de Mer to the list of victims on its Tor dark web leak site. The cybercrime group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer (SBM). The company is Monaco’s premier luxury hospitality group, established in 1863. It operates iconic properties like the…
-
Black Hat 2025: Latest news and insights
Tags: access, ai, api, attack, ciso, cloud, conference, crowdstrike, cvss, cyber, cybersecurity, data, defense, email, exploit, finance, firmware, flaw, group, hacker, hacking, identity, Internet, LLM, malicious, malware, reverse-engineering, sap, service, threat, tool, training, update, usa, vulnerability, windowsBlack Hat USAAugust 2-7, 2025Las Vegas, NVBlack Hat USA 2025 returns to the Mandalay Bay Convention Center in Las Vegas on August 2-7. The annual event is a perennial magnet for cybersecurity professionals, researchers, vendors and othersThe week kicks off on August 2 with four days of cybersecurity training courses. The courses cover a range…
-
Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits
Meta backs Pwn2Own Ireland 2025 in Cork, offering up to $1M for WhatsApp exploits; targets include phones and wearables, Oct 2124 via Zero Day Initiative. Meta is sponsoring ZDI’s Pwn2Own Ireland 2025 hacking competition, where participants can earn big prizes for smartphone, WhatsApp and wearable device exploits. Participants can earn up to $1 million for…
-
Pwn2Own hacking contest pays $1 million for WhatsApp exploit
The Zero Day Initiative is offering a $1 million reward to security researchers who will demonstrate a zero-click WhatsApp exploit at its upcoming Pwn2Own Ireland 2025 hacking contest. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pwn2own-hacking-contest-pays-1-million-for-whatsapp-exploit/
-
SentinelLabs uncovers China’s hidden cyber-espionage arsenal
CSOonline that the most important pieces of new information gleaned from the findings are that “China’s contracting ecosystem forces many companies and individuals to collaborate on intrusions. This means many China-based Advanced Persistent Threats (APTs) may actually contain many different companies with many different clients.”The nation’s diverse private sector offensive ecosystem, he said, “supports a…
-
Breach Roundup: Did China Have a Sneak Peek Into ToolShell?
Also: ToolShell Hits South Africa, Most Americans Are Online Fraud Victims. This week: Did China sneak a peek into ToolShell? ToolShell hacking in South Africa, Cisco flaws, an Arizona woman sentenced for aiding North Korea. Most Americans scammed online, a NASCAR data breach and a claimed data leak at France’s Naval Group. Orange telecom disrupted.…
-
Kremlin monitors foreign embassies in Moscow through cyber-espionage at ISP level
In a warning to foreign embassies in Moscow, Microsoft said a Russian state-backed hacking group known as Secret Blizzard or Turla has been using internet service providers for adversary-in-the-middle (AiTM) attacks. First seen on therecord.media Jump to article: therecord.media/russia-fsb-turla-espionage-foreign-embassies-isp-level
-
The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers. First seen on wired.com Jump to article: www.wired.com/story/russia-fsb-turla-secret-blizzard-apolloshadow-isp-cyberespionage/
-
Chinese Silk Typhoon Hackers File Over 10 Patents for Advanced Intrusive Hacking Tools
A SentinelLABS investigation has revealed that businesses linked to the Chinese advanced persistent threat (APT) group Hafnium, also known as Silk Typhoon, have submitted more than ten patents for highly intrusive forensics and data exfiltration methods. These patents, registered by firms named in recent U.S. Department of Justice (DOJ) indictments, detail offensive capabilities, including encrypted…
-
Patents by Silk Typhoon-linked company shed light on Beijing’s offensive hacking capabilities
Researchers have discovered more than 10 patents for powerful offensive cybersecurity technologies filed by a prominent Chinese company allegedly involved in Beijing’s Silk Typhoon campaign. First seen on therecord.media Jump to article: therecord.media/patents-silk-typhoon-company-beijing
-
Hackers plant 4G Raspberry Pi on bank network in failed ATM heist
The UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank’s network to bypass security defenses in a newly discovered attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-plant-4g-raspberry-pi-on-bank-network-in-failed-atm-heist/
-
Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools
Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities.The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to…