Tag: group

Ransomware-Attacke auf Buhlmann Group

Feb 5, 2026 1:24 PM

Tags: access, cyberattack, dark-web, germany, group, ransomware, usa

Die Buhlmann Group wurde von einer Ransomware-Bande angegriffen. Der Hauptsitz in Deutschland ist jedoch verschont geblieben. Buhlmann GroupAkira zählt zu den gefährlichsten Ransomware-Gruppen und ist bekannt für zahlreiche Angriffe auf deutsche Unternehmen. Nun hat es offenbar den Bremer Stahlhändler Buhlmann getroffen. In einem Darknet-Post verkündet die Hackergruppe, sensible Informationen von der Buhlmann Group gestohlen zu…
The silent security gap in enterprise AI adoption

Feb 5, 2026 1:24 PM

Tags: access, ai, api, backup, breach, business, cloud, compliance, computer, computing, control, credentials, cryptography, data, data-breach, encryption, exploit, finance, group, healthcare, infrastructure, malicious, risk, service, technology, threat, tool

InfoWorld explains in its analysis of why AI is all about inference now.This shift has happened quickly. In many organizations, AI systems have moved from pilot projects to core infrastructure in less than two years. Yet security architectures have not evolved at the same pace. The result is a widening gap between where sensitive data…
Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

Feb 5, 2026 1:24 PM

Tags: control, group, hacker, infrastructure, Internet, iran, tactics, threat

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of the month.”The threat actor stopped maintaining its…
DragonForce Ransomware Targets Critical Businesses to Exfiltrate Sensitive Data

Feb 5, 2026 12:14 PM

Tags: breach, cyber, dark-web, data, extortion, group, leak, ransomware, theft, threat

DragonForce is a ransomware group that emerged in late 2023 and has grown into a serious threat to businesses by combining data theft with file encryption. The group uses dual extortion: it steals sensitive data, encrypts systems, and then threatens to publish the stolen information on dark web leak sites if victims do not pay.”‹…
Amaranth-Dragon Exploits WinRAR Vulnerability for Persistent Access to Victim Systems

Feb 5, 2026 9:13 AM

Tags: access, attack, china, cyber, espionage, exploit, government, group, hacking, law, threat, tool, vulnerability

A new cyber-espionage threat group dubbedAmaranth-Dragon. Active throughout 2025, this group has launched highly targeted attacks against government and law enforcement agencies across Southeast Asia. Evidence links Amaranth-Dragon to APT-41, a notorious Chinese state-sponsored hacking group, due to shared tools and operational time zones (UTC+8). The group creates attack campaigns based on local geopolitical events, such…
1.5 million AI agents are at risk of going rogue

Feb 5, 2026 5:13 AM

Tags: access, ai, business, cio, credentials, governance, group, risk, tool

The real issue is invisible AI, not rogue AI: Manish Jain, principal research director at Info-Tech Research Group, said that as the “exponential” speed of AI development continues, his firm, based on experiences with CIOs and CDOs, predicts that there will be more AI agents globally by the year 2028 than the number of human…
CVE-2025-22225 in VMware ESXi now used in active ransomware attacks

Feb 5, 2026 12:13 AM

Tags: attack, cve, cybersecurity, exploit, flaw, group, infrastructure, ransomware, vmware, vulnerability

Ransomware groups now exploit VMware ESXi vulnerability CVE-2025-22225, patched by Broadcom in March 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirms that ransomware gangs are exploiting the VMware ESXi sandbox escape flaw CVE-2025-22225. The vulnerability is an arbitrary write issue in VMware ESXi. An attackers with privileges within the VMX process may trigger an arbitrary…
Harvard, UPenn Data Leaked in ShinyHunters Shakedown

Feb 4, 2026 10:14 PM

Tags: access, attack, cloud, cybercrime, data, data-breach, finance, group, leak, network, phishing

Leaked Financial and Admissions Data Includes Contact Details for ‘Top Donors’. Harvard University has been named as a victim and doxed by hack-and-leak group ShinyHunters, apparently as a result of the cybercrime group’s ongoing live phishing attacks that often attempt to trick IT help desks into giving attackers direct access to a victim’s network and…
Victims Are Rebuffing Ransomware Mass Data Theft Campaigns

Feb 4, 2026 9:14 PM

Tags: attack, data, group, leak, ransom, ransomware, russia, supply-chain, theft

Revenue From Supply-Chain Attacks by Clop Group Sharply Fell, Report Investigators. Once lucrative steal-and-leak campaigns pioneered by Russian ransomware group Clop look set to go the way of the dinosaurs. While an estimated 25% of victims paid a ransom in the inaugural campaign five years ago, the number of victims that paid fell to zero…
Hackers publish personal information stolen during Harvard, UPenn data breaches

Feb 4, 2026 8:15 PM

Tags: breach, cybercrime, data, extortion, group, hacker, hacking

The prolific cybercrime group ShinyHunters took responsibility for hacking Harvard and the University of Pennsylvania, and published the stolen data on its extortion website. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/04/hackers-publish-personal-information-stolen-during-harvard-upenn-data-breaches/
Missbrauch von Group Policies und vielfältige Tools – LongNosedGoblin spioniert Regierungen in Asien aus

Feb 4, 2026 5:13 PM

Tags: group, tool

First seen on security-insider.de Jump to article: www.security-insider.de/hackergruppe-longnosedgoblin-asien-regierungsnetzwerke-malware-a-56bcecb3325df3a82e684a85676d9ac8/
New Amaranth Dragon cyberespionage group exploits WinRAR flaw

Feb 4, 2026 4:13 PM

Tags: attack, china, cyberespionage, espionage, exploit, flaw, government, group, law, threat, vulnerability

A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-amaranth-dragon-cyberespionage-group-exploits-winrar-flaw/
Big Breach or Smooth Sailing? Mexican Gov’t Faces Leak Allegations

Feb 4, 2026 4:13 PM

Tags: breach, data, data-breach, government, group, leak, risk

A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/big-breach-or-nada-de-nada-mexican-govt-faces-leak-allegations
Big Breach or Nada de Nada? Mexican Gov’t Faces Leak Allegations

Feb 4, 2026 3:13 PM

Tags: breach, data, data-breach, government, group, leak, risk

A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/big-breach-or-nada-de-nada-mexican-govt-faces-leak-allegations
Russian hackers exploited a critical Office bug within days of disclosure

Feb 4, 2026 2:13 PM

Tags: access, attack, cisa, cloud, control, cve, data, data-breach, detection, email, espionage, exploit, flaw, framework, github, group, hacker, infection, intelligence, kev, malicious, malware, microsoft, mitigation, office, risk, russia, update, vulnerability, windows

One campaign, two infection paths: ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.In…
Zero trust in practice: A deep technical dive into going fully passwordless in hybrid enterprise environments

Feb 4, 2026 12:14 PM

Tags: access, attack, authentication, backup, breach, business, cloud, compliance, credentials, cybersecurity, data, endpoint, group, Hardware, identity, infrastructure, lessons-learned, network, password, phishing, phone, risk, service, technology, update, windows, zero-trust

Architecture decisions: Hybrid authentication flows and Windows Hello for Business: Once your prerequisites are in place, you face critical architectural decisions that will shape your deployment for years to come. The primary decision point is whether to use Windows Hello for Business, FIDO2 security keys or phone sign-in as your primary authentication mechanism.In my experience,…
From Clawdbot to Moltbot to OpenClaw: Security Experts Detail Critical Vulnerabilities and 6 Immediate Hardening Steps for the Viral AI Agent

Feb 4, 2026 6:13 AM

Tags: access, ai, api, attack, authentication, computer, container, control, crypto, cve, data, data-breach, detection, docker, email, flaw, github, group, Hardware, injection, Internet, leak, login, malicious, malware, open-source, password, privacy, remote-code-execution, risk, scam, skills, software, threat, tool, unauthorized, vulnerability

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users must prioritize to mitigate this enormous agentic AI security risk. Key takeaways Moltbot takes an…
Full Spectrum AI Security: FireTail’s Platform Update for the AI-Enabled Workforce FireTail Blog

Feb 4, 2026 1:13 AM

Tags: access, ai, api, browser, chatgpt, chrome, ciso, cloud, control, corporate, data, email, governance, grc, group, jobs, LLM, monitoring, risk, service, skills, technology, tool, unauthorized, update, vulnerability

Feb 03, 2026 – Jeremy Snyder – The rise of generative AI has changed how businesses operate. In almost every company, leaders are looking for ways to use AI to work faster and smarter. However, this shift has created a major challenge for security teams. Most of the AI activity inside an organization is currently…
Chinese Money Laundering Jargon via Google’s Gemini

Feb 4, 2026 12:13 AM

Tags: breach, cctv, china, country, crime, crypto, data, finance, fraud, google, group, guide, Internet, iphone, jobs, nvidia, organized, phone, qr, risk, scam, service, software, theft

After having a short discussion with Gemini about Chinese Money Laundering, I could tell we weren’t quite connecting on my Mandarin-assistance requests, so I shared an example post from a Telegram “Crime-as-a-Service” group that was part of a Chinese Guarantee Syndicate. For context, these posts were made in the Tudou Guarantee Syndicate’s group dedicated to…
HoneyMyte Hacker Group Expands CoolClient Malware With New Advanced Toolset

Feb 3, 2026 11:14 PM

Tags: apt, backdoor, cyber, espionage, group, hacker, malware

The HoneyMyte APT group, also known as Mustang Panda and Bronze President, continues expanding its cyber-espionage operations across Asia and Europe, with Southeast Asia being the most heavily targeted region. Recent investigations reveal that the group has significantly enhanced its malware arsenal during 2025, introducing new capabilities to the CoolClient backdoor and deploying multiple browser…
Op Neusploit: Russian APT28 Uses Microsoft Office Flaw in Malware Attacks

Feb 3, 2026 8:13 PM

Tags: attack, control, email, exploit, flaw, group, malware, microsoft, office, russia, ukraine

A new campaign by the Russian-linked group APT28, called Op Neusploit, exploits a Microsoft Office flaw to steal emails for remote control of devices in Ukraine, Slovakia, and Romania. First seen on hackread.com Jump to article: hackread.com/op-neusploit-russia-apt28-microsoft-office-malware/
Frequently Asked Questions About Notepad++ Supply Chain Compromise

Feb 3, 2026 8:13 PM

Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windows

Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
Compromise of Notepad++ Equals Software Supply Chain Fallout

Feb 3, 2026 7:13 PM

Tags: attack, backdoor, china, exploit, group, infrastructure, open-source, software, supply-chain, vulnerability, windows

Hacked Infrastructure Delivered Chinese Nation-State Group’s Backdoor, Experts Warn. The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors. First seen on…
From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain

Feb 3, 2026 5:14 PM

Tags: access, ai, attack, ciso, cloud, credentials, detection, framework, group, iam, least-privilege, LLM, monitoring, training

Lateral movement, LLMjacking, and GPU abuse: Once administrative access was obtained, the attacker moved laterally across 19 distinct AWS principals, assuming multiple roles and creating new users to spread activity across identities. This approach enabled persistence and complicated detection, the researchers noted.The attackers then shifted focus to Amazon Bedrock, enumerating available models and confirming that…
Notepad++ supply chain attack: Researchers reveal details, IoCs, targets

Feb 3, 2026 3:13 PM

Tags: attack, china, group, supply-chain, update

Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/notepad-supply-chain-attack-iocs-targets/
APT28 exploits Microsoft Office flaw in Operation Neusploit

Feb 3, 2026 2:13 PM

Tags: exploit, flaw, group, microsoft, office, russia, vulnerability

Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation Neusploit, a campaign that exploits a newly disclosed Microsoft Office vulnerability. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations…
Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack

Feb 3, 2026 1:13 PM

Tags: access, ai, apt, attack, backdoor, china, control, cybersecurity, detection, edr, email, espionage, exploit, framework, government, group, incident response, infrastructure, malicious, malware, microsoft, network, software, supply-chain, tool, update

Rapid7 identifies custom malware: Cybersecurity firm Rapid7 also published a detailed technical analysis corroborating Ho’s disclosure and identifying the attack as part of a broader campaign deploying previously undocumented malware. Rapid7’s investigation uncovered a custom backdoor the firm dubbed “Chrysalis,” alongside Cobalt Strike and Metasploit frameworks.”Forensic analysis conducted by the MDR team suggests that the…
Chollima APT Hackers Weaponize LNK Files to Deploy Sophisticated Malware

Feb 3, 2026 11:13 AM

Tags: apt, attack, cyber, email, group, hacker, korea, malware, north-korea, phishing, spear-phishing, threat

In March 2025, the Ricochet Chollima APT group, widely recognized as APT37 and linked to North Korean state-sponsored operations, launched a targeted spear-phishing campaign against activists focused on North Korean affairs. The threat actors initiated the attack chain via spear-phishing emails impersonating a North Korea-focused security expert based in South Korea. The emails referenced legitimate…
APT28 Exploits Active Microsoft Office Zero-Day to Deliver Malware

Feb 3, 2026 11:13 AM

Tags: attack, cyber, exploit, group, malware, microsoft, office, russia, threat, ukraine, vulnerability, zero-day

The Russia-linked advanced persistent threat group APT28 has been observed actively exploiting a zero-day vulnerability in Microsoft Office to deliver malware through a sophisticated multi-stage attack campaign. Security researchers from Zscaler ThreatLabz identified this new operation, dubbed Operation Neusploit, targeting users across Central and Eastern Europe with weaponized RTF documents. The campaign specifically targeted Ukraine,…
Notepad++ Attack Breakdown Reveals Sophisticated Malware and Actionable IoCs

Feb 3, 2026 11:13 AM

Tags: access, apt, attack, backdoor, china, cyber, espionage, group, infrastructure, malware

A complex espionage campaign attributed to Chinese APT group Lotus Blossom, active since 2009. The investigation uncovered a sophisticated compromise of Notepad++ distribution infrastructure that delivered Chrysalis, a previously undocumented custom backdoor with extensive remote access capabilities. The attack chain began at IP address 95.179.213.0, where execution of notepad++.exe and GUP.exe preceded download of a…