Tag: group
-
Volvo Group hit in massive Conduent data breach
A Conduent breach exposed data of nearly 17,000 Volvo Group North America employees as the total impact rises to 25 million people. A data breach at business services provider Conduent has impacted at least 25 million people, far more than initially reported. Volvo Group North America confirmed that the security breach exposed data of nearly…
-
Google Warns of ‘Relentless’ Cyber Siege on Defense Industry
Nation State Hackers Escalating Attacks on US Defense Industrial Base, Report Says. A new report from Google Threat Intelligence Group warns that state-backed hackers are escalating attacks on the defense industrial base, shifting from classic espionage to supply-chain compromise, workforce infiltration and battlefield-adjacent cyber operations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/google-warns-relentless-cyber-siege-on-defense-industry-a-30729
-
Billing Services Firm Notifying Medical Lab Patients of Hack
Ransomware Gang Everest Claims It Has Leaked All Stolen Data. A revenue cycle management software firm is notifying an undisclosed number of patients of several medical diagnostic labs that their sensitive information, including diagnoses and treatments, was stolen in a November hack. Ransomware gang Everest Group claims it has leaked all the data. First seen…
-
Fake Out: 0APT Data-Leak Ransomware Group Branded a Scam
Bitcoin Joining Fee for Affiliates and No Proven Victims Cited by Researchers. Newcomer ransomware group 0APT is being branded a likely scam operation, not least after a list of over 200 supposed victims turned out to be bogus, if not entirely AI-generated – never mind a 1 bitcoin joining fee for would-be affiliates and outdated…
-
Volvo Group North America customer data exposed in Conduent hack
Volvo Group North America disclosed that it suffered an indirect data breach stemming from the compromise of IT systems at American business services giant Conduent, of which Volvo is a customer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/volvo-group-north-america-customer-data-exposed-in-conduent-hack/
-
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware
High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phorpiex-phishing-global-group/
-
New Cybercrime Group 0APT Accused of Faking Hundreds of Breach Claims
Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying. First seen on hackread.com Jump to article: hackread.com/cybercrime-group-0apt-faking-breach-claims/
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
TeamPCP Turns Cloud Misconfigurations Into a Self-Propagating Cybercrime Platform
Tags: api, attack, cloud, cyber, cybercrime, data-breach, docker, group, infrastructure, kubernetes, malware, threat, vulnerabilityTeamPCP, operating under aliases including PCPcat, ShellForce, and DeadCatx3, emerged in late 2025 as a cloud-native cybercrime operation that transforms misconfigured infrastructure into automated attack platforms. Unlike traditional malware groups, this threat actor doesn’t break into systems they walk through doors left open by exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and React2Shell-vulnerable…
-
China-linked APT UNC3886 targets Singapore telcos
China-linked group UNC3886 targeted Singapore ‘s telecom sector in a cyber espionage campaign, Singapore’s Cyber Security Agency revealed. Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) ran Operation CYBER GUARDIAN to protect the telecom sector. Since July 2025, investigations showed China-linked UNC3886 launched a targeted campaign against all four major…
-
Attackers Weaponize Windows Shortcut Files to Deploy Global Group Ransomware
A high-volume phishing campaign leveraging the Phorpiex botnet has been distributing GLOBAL GROUP ransomware through weaponized Windows shortcut files. The attack begins with an email attachment named Document.doc.lnk. Windows’ default behavior of hiding known file extensions makes this shortcut appear as a legitimate Word document to unsuspecting users. Attackers enhance deception by borrowing icons from…
-
Fancy Bear Exploits Microsoft Zero-Day to Deploy Backdoors and Email Stealers
Fancy Bear has launched a sophisticated campaign exploiting a critical zero-day vulnerability in Microsoft RTF files to target users across Central and Eastern Europe. The operation, dubbed >>Operation Neusploit,<< demonstrates the group's continued evolution in tradecraft and its strategic focus on regions of geopolitical interest to Russia. The group embedded malicious code within specially crafted…
-
State-sponsored hackers targeting defence sector employees, Google says
Cyber-espionage campaigns are targeting employees directly, including through hiring processes, report claimsDefence companies, their hiring processes and their employees have become a key target of state-sponsored cyber-espionage campaigns, according to a report from Google released before the Munich Security Conference.The report catalogues a “relentless barrage of cyber operations”, most by state-sponsored groups, against EU and…
-
Bloody Wolf Cybercrime Group Uses NetSupport RAT to Breach Organizations
The latest campaign, they have switched to misusing a legitimate remote administration tool called NetSupport RAT. A cybercriminal group known as >>Stan Ghouls<< (or Bloody Wolf) has launched a fresh wave of attacks targeting organizations across Central Asia and Russia. Active since at least 2023, this group focuses heavily on the manufacturing, finance, and IT…
-
Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges
Difference are ‘stark’: Principal AI Security Researcher at LayerX Security Roy Paz said that he tested DXT against Perplexity’s Comet, OpenAI’s Atlas, and Microsoft’s CoPilot, and the differences were stark.”When you ask Copilot, Atlas, or Perplexity to use a tool, then it will use that tool for you. But Claude DXT allows tools to talk…
-
Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges
Difference are ‘stark’: Principal AI Security Researcher at LayerX Security Roy Paz said that he tested DXT against Perplexity’s Comet, OpenAI’s Atlas, and Microsoft’s CoPilot, and the differences were stark.”When you ask Copilot, Atlas, or Perplexity to use a tool, then it will use that tool for you. But Claude DXT allows tools to talk…
-
Fallout from latest Ivanti zero-days spreads to nearly 100 victims
Shadowserver scans have identified 86 compromised instances, and researchers warn multiple threat groups are involved. First seen on cyberscoop.com Jump to article: cyberscoop.com/ivanti-zero-day-vulnerabilities-netherlands-european-commission-shadowserver/
-
Warlock Gang Breaches SmarterTools Via SmarterMail Bugs
The ransomware group breached SmarterTools through a vulnerability in the company’s own SmarterMail product. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/warlock-gang-breaches-smartertools-smartermail-bugs
-
Hackers Deliver Global Group Ransomware Offline via Phishing Emails
Global Group ransomware is delivered through phishing emails and can encrypt files offline without any internet connection. First seen on hackread.com Jump to article: hackread.com/hackers-global-group-ransomware-offline-phishing-emails/
-
China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign
The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector.”UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore’s telecommunications sector,” CSA said. “All four of Singapore’s major telecommunications operators (‘telcos’) M1, SIMBA Telecom, Singtel, and First seen on thehackernews.com Jump…
-
Ransomware group breached SmarterTools via flaw in its SmarterMail deployment
SmarterTools, the company behind the popular Microsoft Exchange alternative SmarterMail, has been breached by a ransomware-wielding group that leveraged a recently fixed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/09/smartertools-breach-smartermail-vulnerability/
-
Singapore says China-linked hackers targeted telecom providers in major spying campaign
Singapore authorities said Monday that a sophisticated China-linked cyber espionage group carried out a targeted campaign against all four of the country’s major telecommunications operators. First seen on therecord.media Jump to article: therecord.media/singapore-attributes-telecoms-hacks-unc3886
-
ScarCruft Exploits Trusted Cloud Services and OLE Documents to Deliver Malware
The North Korean-backed advanced persistent threat (APT) group known as ScarCruft has significantly evolved its attack techniques. In a departure from their established methods, the group is now using a sophisticated OLE-based dropper to distribute its signature malware, ROKRAT. This new campaign highlights the group’s ability to abuse legitimate cloud services like pCloud and Yandex…
-
Black Basta Ransomware Integrates BYOVD Technique to Evade Defenses
A recent campaign by the Black Basta ransomware group has revealed a significant shift in attack tactics. This is a departure from standard operations, where attackers typically deploy a separate tool to turn off security software before running the actual ransomware. In this specific campaign, the ransomware payload bundles a vulnerable driver known as the…
-
State-Backed Hackers Target Military Officials, Journalists via Signal
A suspected state-sponsored hacking group is actively targeting high-profile individuals across Europe. The Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) have identified a coordinated espionage campaign aimed at military officials, diplomats, politicians, and investigative journalists.”‹ Instead, they are using >>social engineering<< to weaponize the legitimate…
-
State actor targets 155 countries in ‘Shadow Campaigns’ espionage op
A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the “Shadow Campaigns,” where it targeted government infrastructure in 155 countries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/state-actor-targets-155-countries-in-shadow-campaigns-espionage-op/
-
China’s Salt Typhoon hackers broke into Norwegian companies
Norway’s government accused China’s Salt Typhoon hacking group of conducting a cyberespionage campaign in the country. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/06/chinas-salt-typhoon-hackers-broke-into-norwegian-companies/
-
State-backed phishing attacks targeting military officials and journalists on Signal
German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military officials, diplomats, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/06/state-linked-phishing-europe-journalists-signal/