Extortion Group Conducts Social Engineering Campaign Impersonating Victim’s IT Department – The HIPAA Journal
Extortion Group Conducts Social Engineering Campaign Impersonating Victim's IT Department The HIPAA Journal
Extortion Group Conducts Social Engineering Campaign Impersonating Victim's IT Department The HIPAA Journal
Silent Ransom Group, a data theft and extortion group that targets law firms, healthcare organizations, and insurance and finance companies, […] The post Extortion Group Conducts Social Engineering Campaign Impersonating Victim’s IT Department appeared first on The HIPAA Journal.
The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks. [...]
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and…
Vulnerabilidades de alta severidade foram identificadas na extensão Angular Language Service para Visual Studio Code, conhecida como Angular.ng-template, permitindo cenários de execução remota de código contra máquinas de desenvolvedores. As falhas afetam versões anteriores à 21.…
Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other crede…
The Dutch National Police arrested a 35-year-old man suspected of hacking the professional football club Ajax Amsterdam (AFC Ajax) earlier this year. [...]
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and…
Relatório da Check Point Research aponta operações do grupo Nimbus Manticore, ligado à Guarda Revolucionária do Irã, contra setores de aviação e software nos Estados Unidos, Europa e Oriente Médio. Os ataques ocorreram entre fevereiro e abril, durante o conflito regional envolven…
O FBI emitiu um alerta sobre o Kali365, plataforma de phishing como serviço (PhaaS) identificada em abril com foco no Microsoft 365. O golpe não rouba a senha das vítimas, mas engana o usuário para que ele mesmo autorize o acesso de cibercriminosos a e-mails do Outlook, documento…
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. [...]
"BadHost" was found in Starlette, a package with 325 million weekly downloads.
In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.
TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it's not necessarily due to skill alone.
Cybercriminals are using SEO poisoning and fake Gemini and Claude installer sites to infect developers with fileless malware and steal data.
Anthropic says its Claude Mythos AI identified more than 10,000 software vulnerabilities in one month, including critical flaws in open-source code.
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and public-secto…
Códigos de uso único para acessar e recuperar contas da Microsoft foram enviados para diferentes endereços de e-mail, mesmo sem serem solicitados, nos últimos dias. É o que mostram relatos compartilhados com o Canaltech. Como a Microsoft quer reinventar a segurança digital na …
Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence (AI) tools to make their attacks faster, stronger, and much harder to s…
Um grupo APT iraniano passou a usar envenenamento de SEO para distribuir um instalador falso do Oracle SQL Developer e infectar máquinas Windows com uma nova backdoor. A campanha foi atribuída ao Nimbus Manticore, também rastreado como UNC1549, ligado ao Corpo da Guarda Revolucio…