Tag: hacking

Organised Crime Gang Steals £47 Million from UK Tax Office in Phishing Scam

Jun 9, 2025 5:55 PM

Tags: breach, crime, data, government, hacking, office, phishing, scam

An organised crime gang has stolen £47 million ($64 million) from the UK’s tax office by hacking into over 100,000 customer accounts and fraudulently claiming government payments. His Majesty’s Revenue and Customs (HMRC) confirmed the breach but assured taxpayers that no individuals lost money. According to HMRC, criminals used stolen personal data, likely obtained through…
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian, and Chinese Hacker Groups

Jun 9, 2025 4:54 PM

Tags: automation, chatgpt, china, communications, group, hacker, hacking, iran, malware, openai, russia, threat

OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things.”The [Russian-speaking] actor used our models to assist with developing and refining First…
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups

Jun 9, 2025 9:54 AM

Tags: automation, chatgpt, china, communications, group, hacker, hacking, iran, malware, openai, russia, threat

OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things.”The [Russian-speaking] actor used our models to assist with developing and refining First…
The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking

Jun 7, 2025 12:55 PM

Tags: apple, china, group, hacker, hacking, intelligence, iphone, terrorism, threat

Plus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more. First seen on wired.com Jump to article: www.wired.com/story/mystery-of-iphone-crashes-that-apple-denies-are-linked-to-chinese-hacking/
OpenAI takes down ChatGPT accounts linked to state-backed hacking, disinformation

Jun 6, 2025 4:54 PM

Tags: chatgpt, disinformation, hacking, malicious, malware, openai, scam, threat

State-backed threat actors from a handful of countries are using ChatGPT for a range of malicious purposes ranging from malware refinement to employment scams and social media disinformation campaigns. First seen on therecord.media Jump to article: therecord.media/openai-takes-down-chatgpt-accounts-hacking
Scattered Spider Hackers Target Tech Company Help-Desk Administrators

Jun 6, 2025 4:54 PM

Tags: breach, corporate, cyber, cyberattack, exploit, group, hacker, hacking, social-engineering, technology, threat, vulnerability

A newly identified wave of cyberattacks by the notorious Scattered Spider hacking group has zeroed in on help-desk administrators at major technology companies, leveraging advanced social engineering techniques to breach corporate defenses. Known for their adept use of psychological manipulation, these threat actors have demonstrated a chilling ability to exploit human vulnerabilities as effectively as…
Salesforce, Okta Targeted by Telephone-Wielding Hackers

Jun 6, 2025 1:55 AM

Tags: attack, cloud, data, hacker, hacking, okta, phishing, scam, theft

Hackers Impersonate IT Support Staff. A hacking collective linked to recent British retailer attacks is targeting cloud companies through or voice phishing scams for data theft from European hospitality, retail and education sectors. Hackers impersonate IT support staff. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/salesforce-okta-targeted-by-telephone-wielding-hackers-a-28604
Iranian Espionage Group Caught Spying on Kurdish Officials

Jun 6, 2025 12:55 AM

Tags: espionage, government, group, hacker, hacking, iran, iraq, tool

BladedFeline Hackers Spying on Kurdish Officials Since at Least 2017. An Iranian state espionage group stayed hidden for more than half-a-decade until security researchers spotted it in 2023, researchers said Thursday in a report detailing a growing arsenal of hacking tools it deployed against Kurdish and Iraqi government officials. First seen on govinfosecurity.com Jump to…
Breach Roundup: Ukraine Hacks Russian Warplane Maker

Jun 5, 2025 10:55 PM

Tags: breach, data, data-breach, hacking, north-korea, russia, threat, ukraine

Also, Crypter Takedown, Threat Intel Naming Accord and Regulators Ping CrowdStrike. This week, Ukraine hacked Tupelov, Russian hacking, crypter sites seized and the U.S. will seize North Korean IT worker crypto. Regulators probed CrowdStrike. A Rosetta Stone for intel. A Romanian man admitted to swatting, Lee Enterprises hack exposed data and an FBI vet joined…
Cryptohack Roundup: US SEC Drops Civil Case Against Binance

Jun 5, 2025 8:54 PM

Tags: crypto, group, hacker, hacking, lazarus

Also: Criminal Charges in France Against Suspected Crypto Millionaire Kidnappers. This week, U.S. SEC dropped its civil case against Binance, Zhao; France charged 25 in crypto kidnap plot; Hackers stole $3 million in Force Bridge exploit. A Singapore court rejected Wazirx restructuring plan, and BitMEX thwarted a Lazarus Group hacking attempt. First seen on govinfosecurity.com…
Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands

Jun 5, 2025 5:54 PM

Tags: apt, group, hacking, india, intelligence, malware, tactics, threat

The threat actor known as Bitter has been assessed to be a state-backed hacking group that’s tasked with gathering intelligence that aligns with the interests of the Indian government.That’s according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis.”Their diverse toolset shows consistent coding patterns across malware families, particularly in…
Members of ViLE Hacker Group Arrested for Hacking DEA Portal

Jun 5, 2025 4:55 PM

Tags: cyber, cybercrime, extortion, group, hacker, hacking, law

Two members of the cybercriminal group “ViLE” were sentenced this week in Brooklyn federal court for their roles in a high-profile hacking and extortion scheme targeting a U.S. federal law enforcement web portal. Sagar Steven Singh, known online as “Weep,” received a 27-month prison sentence, while Nicholas Ceraolo, also known as “Convict,” “Anon,” and “Ominous,”…
New evidence links long-running hacking group to Indian government

Jun 5, 2025 2:54 PM

Tags: cyber, cybersecurity, espionage, government, group, hacking, india

Two cybersecurity companies issued reports tying a cyber-espionage group known as Bitter or TA397 more directly to the Indian government. First seen on therecord.media Jump to article: therecord.media/india-cyber-espionage-bitter-ta397
ViLE gang members sentenced for DEA portal breach, extortion

Jun 5, 2025 2:54 PM

Tags: breach, cybercrime, extortion, group, hacking, law

Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vile-gang-members-sentenced-for-breaching-law-enforcement-portal/
Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware

Jun 5, 2025 2:54 PM

Tags: attack, cyber, government, group, hacking, iran, iraq, malware, threat

An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024.The activity is tied to a threat group ESET tracks as BladedFeline, which is assessed with medium confidence to be a sub-cluster within OilRig, a known Iranian nation-state cyber actor. It’s said to…
ViLE gang members sentenced for extortion, police portal breach

Jun 5, 2025 11:55 AM

Tags: breach, cybercrime, extortion, group, hacking, law

Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vile-gang-members-sentenced-for-breaching-law-enforcement-portal/
LockBit Crackdown Fragmented Russian Cybercrime Groups

Jun 4, 2025 8:55 PM

Tags: cybercrime, group, hacking, international, law, lockbit, ransomware, russia

Onslought Also Paved Way for Rise of English-Speaking Hackers. An international law enforcement crackdown on the LockBit ransomware group caused fragmentation and distrust among Russian-speaking cybercrime groups, paving the way for English-speaking hacking groups to gain prominence, experts said Tuesday during a London conference. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/lockbit-crackdown-fragmented-russian-cybercrime-groups-a-28585
Unpatched Buffer Overflow in Schneider Home Devices

Jun 4, 2025 7:55 PM

Tags: hacker, hacking, injection, vulnerability

Vulnerability Could Enable Remote Code Injection Attacks. When the lights start flickering in homes equipped with Schneider Electric end-of-life smart switches, it could be hackers, now that the French company disclosed a remotely exploitable vulnerability that won’t receive a patch. No hacking has been reported to date. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/unpatched-buffer-overflow-in-schneider-home-devices-a-28584
APT37 Hackers Fake Academic Forum Invites to Deliver Malicious LNK Files via Dropbox Platform

Jun 4, 2025 1:55 PM

Tags: cyber, email, group, hacker, hacking, korea, malicious, north-korea, phishing, spear-phishing

The North Korean state-sponsored hacking group APT37 has launched a sophisticated spear phishing campaign in March 2025, targeting activists focused on North Korean issues. Disguised as invitations to an academic forum hosted by a South Korean national security think tank, these emails cleverly referenced a real event titled “Trump 2.0 Era: Prospects and South Korea’s…
The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare

Jun 4, 2025 12:55 PM

Tags: ai, conference, hacker, hacking

In the very near future, victory will belong to the savvy blackhat hacker who uses AI to generate code at scale. First seen on wired.com Jump to article: www.wired.com/story/youre-not-ready-for-ai-hacker-agents/
Russian military hacking unit uncovered

Jun 3, 2025 9:55 PM

Tags: hacking, military, russia

First seen on scworld.com Jump to article: www.scworld.com/brief/russian-military-hacking-unit-uncovered
Growth Hacking 2.0: From Traditional SEO to AI-Powered Answer Engine Optimization

Jun 3, 2025 5:54 PM

Tags: ai, google, hacking, saas, strategy

Growth hacking has evolved from viral loops and cold outreach to AI-powered Answer Engine Optimization (AEO). As Google launches AI search and businesses shift from traditional SEO to AEO, B2B SaaS must adapt their strategies to thrive in this new era of conversational search and AI discovery. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/growth-hacking-2-0-from-traditional-seo-to-ai-powered-answer-engine-optimization/
Getting the Most Value Out of the OSCP: After the Exam

Jun 2, 2025 10:54 PM

Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windows

In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
Microsoft and CrowdStrike partner to link hacking group names

Jun 2, 2025 7:54 PM

Tags: crowdstrike, group, hacking, microsoft, threat

Microsoft and CrowdStrike announced today that they’ve partnered to connect the aliases used for specific threat groups without actually using a single naming standard. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-and-crowdstrike-partner-to-link-hacking-group-names/
Evolving attacks by the UTG015 hacking operation detailed

May 30, 2025 10:55 PM

Tags: attack, hacking

First seen on scworld.com Jump to article: www.scworld.com/brief/evolving-attacks-by-the-utg-q-015-hacking-operation-detailed
Thousands of ASUS Routers Hit by Persistent Backdoor

May 29, 2025 7:55 PM

Tags: access, attack, backdoor, botnet, firmware, hacker, hacking, router, update

Persistent Attack Grants Remote SSH Access via Exploit. Someone – possibly nation-state hackers – appears to be constructing a botnet from thousands of Asus routers in hacking that survives a firmware patch and reboots. Nearly 9,000 routers have been compromised and the number is growing, say researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/thousands-asus-routers-hit-by-persistent-backdoor-a-28539
Thousands of ASUS routers compromised in sophisticated hacking campaign

May 29, 2025 6:55 PM

Tags: cisco, exploit, hacking, router, threat

Researchers have previously linked the suspected threat actor, dubbed ViciousTrap, to the exploitation of Cisco routers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/thousands-asus-routers-compromised-hacking/749259/
6 rising malware trends every security pro should know

May 29, 2025 8:55 AM

Tags: adobe, ai, antivirus, apple, attack, awareness, backdoor, business, captcha, cloud, corporate, cybercrime, data, defense, detection, encryption, endpoint, exploit, extortion, framework, group, hacking, incident response, infrastructure, intelligence, Internet, law, leak, macOS, malicious, malware, network, password, phishing, powershell, programming, pypi, ransom, ransomware, service, social-engineering, software, supply-chain, tactics, theft, threat, tool, update, vulnerability, worm

Malicious packages targeting developer environments: Threat actors are systematically compromising the software supply chain by embedding malicious code within legitimate development tools, libraries, and frameworks that organizations use to build applications.”These supply chain attacks exploit the trust between developers and package repositories,” Immersive’s McCarthy tells CSO. “Malicious packages often mimic legitimate ones while running harmful…
APT41 malware abuses Google Calendar for stealthy C2 communication

May 29, 2025 12:55 AM

Tags: china, cloud, control, google, group, hacking, malicious, malware

The Chinese APT41 hacking group uses a new malware named ‘ToughProgress’ that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apt41-malware-abuses-google-calendar-for-stealthy-c2-communication/
Revenue Cycle Management Firm’s Data Breach Total Soars

May 28, 2025 10:55 PM

Tags: breach, data, data-breach, hacking, healthcare, service, soar

ALN Medical Management Now Says 1.82 Million Affected in 2024 Hacking Incident. The number of people affected by a March 2024 hack on a healthcare revenue cycle management and billing services provider has soared in recent weeks to more than 1.82 million, as the company continues to file updated breach reports to state and federal…