It takes two: The 2025 Sophos Active Adversary Report
The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you
Similar Posts
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Bys sThreat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. “Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing…
A hacker used AI to automate an ‘unprecedented’ cybercrime spree, Anthropic says
Bys sReading this, I kept hoping that we’d find out it’s just a hoax. But alas… Kevin Collier reports: A hacker has exploited a leading artificial intelligence chatbot to conduct the most comprehensive and lucrative AI cybercriminal operation known to date, using it to do everything from find targets to write ransom notes. In a report……
PCI DSS 4.0 Mandates DMARC By 31st March 2025
Bys sThe payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. This is not an optional requirement as non-compliance may result…
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows – CVE-2024-49035 (CVSS score: 8.7) – An improper access control
ShinyHunters claim to be behind SSO-account data theft attacks
Bys sLawrence Abrams reports: The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. In these attacks, threat actors impersonate IT support and call employees, tricking them……
From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks
Bys sCybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT. The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said. “