It takes two: The 2025 Sophos Active Adversary Report
The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you
Similar Posts
KR: Yes24, the largest Internet bookstore in Korea, suffered its second ransomware attack in two months
Bys sThe following is translation by NAVER for Maiel Business Newspaper. DataBreaches is guessing that the “eat-dog” situation reference is what we call “dog-eat-dog” to refer to brutal competitor actions, but that’s just a guess. Kim Kyusik, Kim Yutae, and Yang Seiho report: Yes24, the largest Internet bookstore in Korea, suffered another “eat-dog” situation due to ransomware……
Some good news: downstream victims of mass data theft campaigns are less likely to pay — incident responders
Bys sMathew J. Schwartz reports: The Clop digital extortion gang for years perfected a method for wringing tens of millions out of cybercrime. Find a zero-day flaw, often in file transfer software, swarm vulnerable networks and post online the sensitive data of any victim unwilling to pay for a promise of data deletion. The Russian-speaking ransomware……
Global cybercrime crackdown: over 373,000 dark web sites shut down
Bys sFrom Europol, some impressive results: On 9 March 2026, a global operation led by German authorities and supported by Europol was launched against one of the largest networks of fraudulent platforms in the dark web. The investigation began in mid-2021 against the dark web platform “Alice with Violence CP”. During the investigation, authorities discovered that……
Booking.com warns customers their private travel details may have been accessed by ‘unauthorised party’
Bys sHere we go again? Lara Pearce reports: Popular travel website Booking.com has warned customers that their personal information including booking details and names may have been accessed by an “unauthorised third party”. Booking.com is one of the largest digital travel companies globally, with more than 28 million accommodation listings worldwide. The company sent emails to some of its Australian……
3.7 Million Telehealth Patients Allegedly Affected By Two Recent Breaches
Bys sHe hasn’t attracted much attention or media coverage yet, and he doesn’t have any leak site or Telegram account. However, those reporting breaches involving patient data should note a threat actor known as “Stuckin2019” (or simply “Stuck”). Two of his recent attacks allegedly affected telehealth entities and 3.7 million patients. OpenLoop Health On January 7,……
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Bys sCybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. “Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform