Two British teenagers face serious cybercrime charges related to a major attack on Transport for London and other U.S. healthcare networks. The case highlights the increasing threat of organized cybercriminal groups targeting critical infrastructure and healthcare sectors in both the UK and the US. #TransportforLondon #ScatteredSpider…
Tag: CRITICAL INFRASTRUCTURE
OSINT converts publicly available data into security insights to identify vulnerabilities and potential attack paths before attackers act. It emphasizes systematic collection, analysis, and interpretation of open information to uncover threats, adversaries, and techniques that could enable breaches.
Hashtags: #OSINT #WizTI…
A significant data breach at Italy’s FS Italiane Group and its IT services provider Almaviva led to the leak of 2.3 terabytes of sensitive information. The leaked data includes internal documents, contracts, and technical data, raising concerns about cybersecurity in critical infrastructure sectors. #Almaviva #FSItalianeGroup
Group-IB Threat Intelligence details a MuddyWater espionage campaign targeting international organizations worldwide, using compromised mailboxes accessed via NordVPN to dispatch phishing emails that deliver malicious Word documents. The operation deploys Phoe……
An exploitation campaign has emerged, targeting a recent RCE vulnerability in Microsoft Windows Server Update Services (WSUS) to distribute the ShadowPad backdoor used by Chinese state-aligned APT groups. Immediate patching and security measures are crucial to prevent further breaches. #CVE202559287 #ShadowPad…
The FCC has reversed cybersecurity regulations aimed at protecting telecommunications networks after Chinese hackers breached major U.S. companies during the Salt Typhoon campaign. Critics argue that deregulation weakens national security efforts amid ongoing threats from Chinese state-backed cyber espionage. #SaltTyphoon #ChineseHackers…
The US, UK, and Australia have imposed sanctions on Russian BPH service providers, their subsidiaries, and associated individuals for supporting cybercriminal activities such as ransomware and DDoS attacks. These actions aim to disrupt the infrastructure used in cyber threats targeting critical infrastructure and organizations worldwide. #MediaLand #AezaGroup…
A Chinese state-sponsored group has compromised over 50,000 Asus routers worldwide by exploiting known vulnerabilities, establishing a persistent espionage network. This campaign, linked to Operation WrtHug, leverages high-severity bugs in the AiCloud service and involves the installation of long-lasting TLS certificates. #OperationWrtHug #AsusRouterVulnerabilities…
Cyble and BOCRA have signed an MoU to enhance Botswana’s cybersecurity defenses through advanced threat intelligence and capacity building initiatives. This collaboration aims to improve incident response, reduce cyber risks, and develop a skilled cybersecurity workforce in Botswana. #DarkWebMonitoring #BotswanaCybersecurity…
A threat actor claims to have compromised the internal networks of the Fiscalía General del Estado de Guanajuato, resulting in data theft and system disruption. The breach involved domain controller access, data encryption, and security disablement, impacting critical government systems. #Guanajuato #Cyberattack…
Media Land, a Russian bulletproof hosting provider, was sanctioned by the U.S. and allies for supporting ransomware gangs like Lockbit and BlackSuit, as well as enabling cybercriminal activities including DDoS attacks on U.S. infrastructure. The sanctions also targeted sister companies and front organizations, highlighting international efforts to combat illicit hosting services…
The United States, UK, and Australia have imposed sanctions on Russian bulletproof hosting providers supporting cybercriminal groups, including ransomware gangs and DDoS attackers. These measures target entities like Media Land, associated with notorious gangs such as LockBit, Black Basta, and Evil Corp, to disrupt their malicious infrastructure. #MediaLand #LockBit #BlackBasta #EvilCorp
Mate, an AI-driven SOC startup, has secured $15.5 million in seed funding to enhance its intelligent incident response platform. Its solution leverages AI agents and LLMs to automatically investigate, resolve, and escalate security incidents, reducing response times and false positives. #Mate #AIincidentresponse…
Cloudflare’s recent service outage was caused by a latent bug after a routine configuration change, not a cyberattack. The incident affected major online platforms and critical organizations, highlighting the importance of robust service stability. #Cloudflare #LatentBug…
Sandworm (also tracked as APT44, Seashell Blizzard, and Voodoo Bear) conducted intrusions against Ukrainian organizations using exploited web services and a custom webshell called LocalOlive, then relied on living-off-the-land techniques to conduct reconnaissance, persistence, and credential theft. The campaign and associated emulation highlight specific TTPs—including LSASS dumping, scheduled task persistence, and…