Tag: russia
-
FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation
FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft. A new threat intelligence report from SOCRadar’s Threat Research Unit (STRU), the team that first identified and named the FortiBleed campaign, goes deeper than anything published so far on what is shaping up to be one of the most significant…
-
FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation
FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft. A new threat intelligence report from SOCRadar’s Threat Research Unit (STRU), the team that first identified and named the FortiBleed campaign, goes deeper than anything published so far on what is shaping up to be one of the most significant…
-
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices.The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at First seen…
-
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices.The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at First seen…
-
Police raid malware network tied to Russia’s Evil Corp hacker group
An international operation targeted the SocGholish botnet, which has been linked to the Russia-based cybercrime group Evil Corp. First seen on therecord.media Jump to article: therecord.media/socgholish-botnet-disrupted
-
Cybercrime Initial Access Service SocGholish Disrupted
Police Seize Evil Corp-Tied Group’s Servers, Clean Subverted WordPress Sites. Long-running initial access service provider SocGholish, tied to Russian cybercrime stalwart Evil Corp, has been disrupted by law enforcement, which seized 106 botnet servers and cleaned 15,000 legitimate WordPress sites subverted by the group to launch ClickFix attacks pushing malware downloaders. First seen on govinfosecurity.com…
-
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices.The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at First seen…
-
Authorities Seize 106 Servers and 101 Domains in Major SocGholish Malware Takedown
Tags: cyber, cybercrime, exploit, group, infection, infrastructure, international, law, malware, russiaInternational law enforcement agencies have successfully seized 106 servers and 101 domains as part of a coordinated global effort against the SocGholish malware infrastructure, marking a major milestone in Operation Endgame. Announced on June 18, 2026, from The Hague, this operation targeted a crucial infection chain exploited by cybercriminal groups, including the infamous Russia-linked group…
-
Breach Roundup: ShinyHunters Leaks 26M MSG Records
Tags: attack, breach, cisa, cybersecurity, data, data-breach, email, leak, linux, ransomware, russia, supply-chainAlso, Arch Linux Attack, Estonia Quarantines Russian Emails, Joomla Flaw. This week, ShinyHunters leaked alleged Madison Square Garden data, a U.S. senator pressed CISA on regional staffing cuts, an Arch Linux supply-chain attack, Mackay Sugar began recovery from a ransomware attack, Novo Nordisk faced dueling breach claims – and more compelling cybersecurity news. First seen…
-
CISA Urges OT Resilience in Dark Remarks About Cyberattacks
Tags: banking, china, cisa, cyber, cyberattack, defense, infrastructure, Internet, military, resilience, russia, serviceVital Service Providers Need a Plan to Work Through Internet Outages, CISA Says. Critical U.S. infrastructure like water, power and even banking systems will be successfully hacked by enemy cyber warriors in the event of a military confrontation with a peer adversary like Russia or China, officials from the nation’s civilian cyber defense agency said.…
-
CISA Urges OT Resilience in Dark Remarks About Cyberattacks
Tags: banking, china, cisa, cyber, cyberattack, defense, infrastructure, Internet, military, resilience, russia, serviceVital Service Providers Need a Plan to Work Through Internet Outages, CISA Says. Critical U.S. infrastructure like water, power and even banking systems will be successfully hacked by enemy cyber warriors in the event of a military confrontation with a peer adversary like Russia or China, officials from the nation’s civilian cyber defense agency said.…
-
CISA Urges OT Resilience in Dark Remarks About Cyberattacks
Tags: banking, china, cisa, cyber, cyberattack, defense, infrastructure, Internet, military, resilience, russia, serviceVital Service Providers Need a Plan to Work Through Internet Outages, CISA Says. Critical U.S. infrastructure like water, power and even banking systems will be successfully hacked by enemy cyber warriors in the event of a military confrontation with a peer adversary like Russia or China, officials from the nation’s civilian cyber defense agency said.…
-
Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp
International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/law-enforcement-nukes-socgholish-malware-from-nearly-15-000-sites/
-
74,000 Fortinet firewall credentials exposed in FortiBleed data leak
Tags: breach, credentials, cybercrime, data, data-breach, firewall, fortinet, group, leak, russia, vpnA Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/18/fortinet-fortibleed-data-leak/
-
Cybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the world
An alleged Russian-speaking group of cybercriminals are reportedly compromising and targeting several major companies that use Fortinet Firewalls and VPNs through previously known passwords. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/17/cybercriminals-allegedly-hacked-tens-of-thousands-of-fortinet-firewalls-used-by-major-companies-all-over-the-world/
-
UK critical infrastructure hit by 200 cyber incidents in a year, agency says
Head of National Cyber Security Centre says UK in ‘ongoing contest with capable adversaries’ and AI could add to threatThe UK’s critical national infrastructure has been hit by more than 200 cyber incidents over the past year and state-linked assailants were behind three-quarters of the attacks, according to the state cybersecurity body.Richard Horne, the chief…
-
UK critical infrastructure hit by 200 cyber incidents in a year, agency says
Head of National Cyber Security Centre says UK in ‘ongoing contest with capable adversaries’ and AI could add to threatThe UK’s critical national infrastructure has been hit by more than 200 cyber incidents over the past year and state-linked assailants were behind three-quarters of the attacks, according to the state cybersecurity body.Richard Horne, the chief…
-
Estonia to quarantine emails sent from Russian .ru domain before they reach government officials
Estonia will require additional security screening for emails sent from Russia’s .ru top-level domain before they reach government officials, according to the country’s minister of justice and digital affairs. First seen on therecord.media Jump to article: therecord.media/estonia-quarantine-russian-emails
-
Russian and Chinese Actors Use AI Translation and Visual Content in Malign Influence Operations
AI is reshaping foreign malign influence operations in subtle but consequential ways. Our analysis of pro-Russia and pro-China inauthentic accounts on X across 20242026 shows actors are not leveraging AI primarily to flood platforms with volume. Instead, they are using AI to refine content quality, create more believable personas, and broaden linguistic and visual reach…
-
Cyberattack on Russian tech firm Astral disrupts business, government services for week
According to customer complaints, the disruption affected a range of services used by businesses, leading to interruptions in cash register operations, difficulties selling certain regulated goods, loss of access to customer portals and corporate email and problems with electronic human resources document management systems and authentication using digital certificates. First seen on therecord.media Jump to…
-
Russia-Aligned Hackers Exploit Old WinRAR Vulnerability to Target Ukrainian Organizations
CVE-2025-8088, a WinRAR path traversal vulnerability patched in July 2025, remains a potent initial access vector for multiple intrusion sets targeting Ukraine. Analysis of attacks through April 2026 shows at least two distinct campaigns exploiting this vulnerability: a compiled-stealer chain attributed to an intrusion set we temporarily label SHADOW-EARTH-066 (tracked by CERT”‘UA as UAC”‘0226) and…
-
Russian national charged in connection with Void Blizzard cyberespionage campaign
First seen on scworld.com Jump to article: www.scworld.com/brief/russian-national-charged-in-connection-with-void-blizzard-cyber-espionage-campaign
-
Breach Roundup: CISA Says Agencies Should ‘Patch Smarter’
Also, France Probes Tchap Breach, M&S Cancels Bonuses, June Patch Tuesday. This week, CISA tightened patching rules, hackers provoked AI scanners. An accused Russian intel hacker appeared in court. Microsoft warned of AI-themed attacks. M&S canceled bonuses. France probed a Tchap breach. NHS trusts disclosed stolen data and a Telegram campaign targeted Russian troops. First…
-
Cryptohack Roundup: Sentencing in $97M Laundering Case
Also: Zcash Patches Flaw, $32M Humanity Protocol Hack. This week, a key player in a $97M laundering scheme got prison time, Humanity Protocol suffered $32M in losses, Zcash patched a flaw, the EU targeted crypto platforms tied to Russia, authorities froze $3.8M in illicit funds and researchers exposed a Trezor chip weakness. First seen on…
-
Russian national charged in connection with Void Blizzard espionage campaign
Denis Obrezko accused of orchestrating cyberattacks that compromised at least 11 U.S. companies as part of the Kremlin-linked group’s sprawling espionage operation.\ First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-national-charged-void-blizzard-cyber-espionage/
-
Ransomware group The Gentlemen linked to Russian national
First seen on scworld.com Jump to article: www.scworld.com/brief/ransomware-group-the-gentlemen-linked-to-russian-national
-
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/russian-groups-winrar-flaw-ukrainian-orgs
-
Hackers pose as women seeking romance to spy on Russian soldiers
The group, dubbed SiribClone by Russian cybersecurity firm F6, has been active since at least the summer of 2025 and has primarily targeted members of the Russian armed forces stationed in border regions and combat zones. First seen on therecord.media Jump to article: therecord.media/hackers-pose-as-women-seeking-romance-russian-military
-
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released.The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw that…
-
Armenia’s pro-Europe party wins election despite Russia-linked disinformation
Pashinyan’s Civil Contract party won nearly 50% of Sunday’s vote, defeating the pro-Russian Strong Armenia party led by Russian-Armenian billionaire Samvel Karapetyan, which received around 23% of the vote. First seen on therecord.media Jump to article: therecord.media/armenia-pro-europe-party-wins-election-despite-russia-disinformation

