Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream
Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365.
Similar Posts
Data from Insight Hospital and Medical Center Leaked on Dark Web
Bys sOn or about January 26, 2026, Insight Hospital and Medical Center (“Insight”) in Chicago issued a substitute notice. It states that in September 2025, Insight learned of unusual activity within its network. An investigation subsequently determined that an unauthorized individual accessed the network between August 22, 2025 and September 11, 2025. As of the date……
Two teenage suspected Scattered Spider members charged in UK over TfL hack
Bys sAlexander Martin reports: Two suspected members of the Scattered Spider cybercrime collective have been arrested and charged in the United Kingdom following an investigation into the hack of Transport for London (TfL) last year. The National Crime Agency (NCA) announced on Thursday that Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall,……
ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
Bys sThe Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create…
The PIPC Sanctions Woori Card for Data Breaches, Imposing KRW 13.45 billion
Bys sThe Personal Information Protection Commission (PIPC) held its seventh plenary meeting of 2025 and reached a decision to sanction Woori Card Co., Ltd. (Woori Card) for data breaches on March 26, 2025. Administrative sanctions by the PIPC are as follows: A penalty for violations (Gwajingguem) of KRW 13.45 billion; A publication order of sanction results…
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
Bys sEvery security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: “So, are we actually safer now?” Crickets. The room goes quiet because an honest answer requires context – which is something that patch counts…
ICE takes steps to deport the Australian hacker known as “DR32”
Bys sThe strange case of “DR32” just got a bit stranger. It looks like the Australian national will get a plane ticket back to Australia courtesy of Homeland Security. David Kee Crees, an Australian national who had also been known online as “Abdilo,” “Notavirus,” “Surivaton”, and “Grey Hat Mafia’s Bitch,” was extradited to the U.S. from…