Threat Intelligence Executive Report – Volume 2025, Number 3
This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during March and April
Similar Posts
Insightin Health discloses its second data security incident in two years (1)
Bys sOn March 4, 2026, Insightin Health, a vendor that provides data analytics and technology solutions to healthcare payers, submitted a breach notification letter to the California Attorney General’s Office. Of note, it stated, in part: What Happened? Insightin used a file-transfer tool called GoAnywhere to move data between Insightin and your health plan. On September……
U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
Bys sYet another reminder of the insider threat: a press release from the Department of Justice. Ironically, this insider worked for the Insider Threat Division of the Defense Intelligence Agency. An IT specialist employed by the Defense Intelligence Agency (DIA) was arrested today for attempting to transmit national defense information to an officer or agent of…
New OMB Memo Imposes Detailed New Disclosure Requirement on Government Contractors Utilizing LLMs
Bys sOdia Kagan of FoxRothschild writes: If you are a government contractor offering government agencies products utilizing Large Language Models (LLM), your disclosure requirements just increased. Per a new memo from the Office of the Management of the Budget (OMB), when procuring LLM’s, government agencies must require vendors to provide sufficient information for the agencies to be able……
Akira doesn’t keep its promises to victims — SuspectFile
Bys sOver on SuspectFile, @amvinfe has been busy exposing Akira’s false promises to its victims. In two posts this week, he reports on what happened with one business in New Jersey and one in Germany that decided to pay Akira’s ransom demands. He was able to report on it all because Akira failed to secure its…
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Bys sCybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. “Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim
Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants
Bys sThe threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex. “Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and…