Summary: The notorious cybercriminal group Smishing Triad is targeting smartphone users in Pakistan with a large-scale smishing campaign aimed at stealing personal and financial information. Threat Actor: Smishing Triad | Smishing Triad Victim: Smartphone users in Pakistan | Pakistan Key Point : The…
Tag: DARK WEB
Summary: A former employee of Singapore-based NCS Group was sentenced to prison for accessing the company’s software test environment and wiping 180 virtual servers after his employment ended. Threat Actor: Kandula Nagaraju | Kandula Nagaraju Victim: NCS Group | NCS Group Key Point : A former employ…
The Smishing Triad group has launched a fresh smishing campaign targeting Pakistani mobile users, impersonating Pakistan Post via iMessage and SMS to steal personal and financial information. The operation uses stolen phone-number databases, mass messaging (50…
FortiGuard Labs’ Ransomware Roundup analyzes Shinra and Limpopo ransomware, highlighting how they encrypt data, hinder recovery, and evade defenses, with Fortinet protections and recommended mitigations. It also covers affected platforms (Windows and ESXi), vi…
A threat actor on a dark web forum is allegedly offering access to a cryptocurrency exchange’s system administrator panel for $30,000 USD. According to the post, the access includes RDP via a VPN, providing view-only access to the user database, including user portfolios, emails, and phone numbers. The threat actor indicates…
According to a threat actor on a dark web forum, patient data from a diagnostic lab named Anand Lab is on sale. According to the language of the post owner, they are initially selling 7,677,998 records of private patient information and the whole breach is 1.02 TB. Those who are interested…
Resecurity flags the Smishing Triad expanding its operations to Pakistan, impersonating Pakistan Post to steal personal and financial data from mobile users. The campaign uses local numbers, mass messaging, and smishing kits hosted on domains tied to delivery …
A threat actor from a dark web forum shared a post about alleged access to a company from South Africa. According to the post, the company operates in chemicals, and manufacturing sectors. The company name is not disclosed in the forum post but the post owner shares the revenue of the…
A threat actor uploaded an alleged database of www.gov.il to a dark web forum. The website where the data is leaked from is for Israeli citizens to deal with their government affairs and bureaucratic tasks. According to the post, the database was leaked due to an API vulnerability. The post owner…
Summary: This article discusses the discovery of 24 vulnerabilities in a biometric access system manufactured by a Chinese company, highlighting the potential security risks associated with biometrics. Threat Actor: N/A Victim: N/A Key Point : A biometric access system manufactured by a Chinese comp…
Secure SHell (SSH) is a standard protocol for secure terminal connections and is generally used for controlling remote Linux systems. Unlike Windows OS that individual users use for desktops, Linux systems mainly fulfill the role of servers providing web, database, FTP, DNS, and other services. Of course, Windows also supports these…
A threat actor is selling the data belonging to BlackBerry’s Cylance cybersecurity unit, he demanded $750,000. A threat actor, that goes online with the moniker Sp1d3r, is selling the stolen data for $750,000. The data includes 34 million customer and employee emails, customer / prospect email and PII, products used by…
In a dark web forum, a threat actor is claiming to have patient data from a hospital group. The post owner is selling the data from India’s Metro Group of Hospitals (metrohospitals.com). According to the threat actor, the database is 379 GB and it consists of approximately 1.5 million records of…
UNC5537 is a financially motivated threat actor group targeting Snowflake customer instances by leveraging credentials stolen from infostealer campaigns to access and exfiltrate data, followed by extortion. Mandiant and Snowflake notified hundreds of potential…
In a post from a dark web forum, a threat actor has claimed to have identified two critical 0-day vulnerabilities in the most recent version of OpenCart, a popular online store management system. The vulnerabilities stated by the threat actor include an SQL injection flaw and a broken access control issue….