Beyond the kill chain: What cybercriminals do with their money (Part 3)
In the third of our five-part series, Sophos X-Ops explores the more legally and ethically dubious business interests of financially motivated threat actors
Similar Posts
Shared secret: EDR killer in the kill chain
Bys sA look under the hood at a tool designed to disable protections
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Bys sThreat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities – CVE-2024-58136 (CVSS score: 9.0) – An improper protection of alternate path flaw…
Avantic Medical Lab hacked; patient data leaked by Everest Group
Bys sOn June 10, the Everest Group added a listing for Avantic Medical Lab to its leak site, accompanied by a one-week countdown clock and four screenshots containing patient information as proof of the claims. When the attack first occurred, and whether Everest had contacted Avantic before June 10, is unknown to DataBreaches, but on June…
New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices
Bys sCybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. “A key differentiator is its ability to bypass encrypted messaging,” ThreatFabric said in a report shared with The Hacker News. “By capturing content directly from the device screen after decryption,…
Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need
Bys sPython is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write. But in 2025, that trust comes with a serious risk. Every few weeks, we’re seeing fresh headlines about malicious packages uploaded to the Python Package Index (PyPI)—many going undetected until…
PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices
Bys sA new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023. French cybersecurity company Sekoia said it observed the unknown threat actors leveraging CVE-2023-20118 (CVSS score: 6.5), a critical security flaw impacting Cisco Small Business…