A threat actor has been observed abusing compromised AWS keys to encrypt data in S3 buckets and demand a ransom payment in exchange for the encryption keys, cybersecurity firm Halcyon reports. As part of the identified attacks, the threat actor, tracked as Codefinger, relies on stolen credentials and on AWS’s Server-Side Encryption with Customer Provided […]

The US cybersecurity agency CISA is urging federal agencies to patch a second vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) enterprise solutions, based on evidence of active exploitation. Tracked as CVE-2024-12686, the flaw is a medium-severity command injection issue that was discovered during BeyondTrust’s investigation into the compromise of a limited […]

A significant number of Ivanti VPNs are still exposed to attacks exploiting a recent vulnerability, and the UK domain registry Nominet has emerged as a victim of exploitation.  Ivanti recently released patches for its Connect Secure VPN appliances to address CVE-2025-0282, a critical zero-day that allows remote, unauthenticated attackers to execute arbitrary code. When it […]

Information stealer malware allowed threat actors to compromise the credentials of multiple Telefonica employees and access the telecommunication giant’s internal ticketing system. The data breach came to light last week, after members of the Hellcat ransomware group (which previously claimed the attack on Schneider Electric) boasted on the BreachForums cybercrime forum about stealing customer data, […]

As security pros worry about AI taking their jobs, researchers at Microsoft insist that effective red-teaming still relies on human expertise, cultural awareness, and emotional intelligence — qualities that can’t be replicated by machines. The software giant says its AI red team rigorously tested more than 100 generative AI products and determined that human ingenuity […]

Threat actors are distributing information stealer malware masquerading as proof-of-concept (PoC) exploit code targeting a recent Windows Lightweight Directory Access Protocol (LDAP) vulnerability. Tracked as CVE-2024-49113 (CVSS score of 7.5) and leading to denial-of-service (DoS), the security defect was addressed on December 10 along with over 70 flaws, including a critical LDAP bug (CVE-2024-49112) that […]

The US Justice Department announced on Friday charges against three Russian nationals accused of operating two cryptocurrency mixers that were used for money laundering, including by ransomware groups. Charges of conspiracy to commit money laundering and operating an unlicensed money transmitting business were announced against Roman Vitalyevich Ostapenko, Alexander Evgenievich Oleynik, and Anton Vyachlavovich Tarasov.  […]

An emerging ransomware group named FunkSec has risen to fame after claiming responsibility for attacks on more than 80 victims in December 2024, Check Point reports. FunkSec appears to be involved in both hacktivism and cybercrime activities and its members are likely inexperienced threat actors currently looking to gain visibility and recognition, Check Point’s investigation […]

Juniper Networks kicked off 2025 with security updates that address dozens of vulnerabilities in the Junos OS platform, including multiple high-severity bugs. Patches were released last week to resolve a high-severity out-of-bounds read flaw in the routing protocol daemon (RPD) of Junos OS and Junos OS Evolved that could lead to denial-of-service (DoS) when processing […]

Chinese cyberspies targeted several offices, including ones dealing with foreign investments and sanctions, in the recent cyberattack aimed at the US Treasury Department, according to news reports. Little technical information has been made public regarding the Treasury hack while authorities are investigating the full extent of the breach.  It was revealed in late December 2024 […]