Beyond the kill chain: What cybercriminals do with their money (Part 2)
In the second of our five-part series, Sophos X-Ops investigates the so-called ‘white’ (legitimate) business interests of threat actors
Similar Posts
How To Browse Faster and Get More Done Using Adapt Browser
Bys sAs web browsers evolve into all-purpose platforms, performance and productivity often suffer. Feature overload, excessive background processes, and fragmented workflows can slow down browsing sessions and introduce unnecessary friction, especially for users who rely on the browser as a primary work environment. This article explores how adopting a lightweight, task-focused browser, like
ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
Bys sSome weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everything in this one, too. Weird delivery tricks, old problems coming back in…
Smiley calls for data sharing once Providence gets its schools back from state
Bys sAlexander Castro reports; The City of Providence wants to investigate consolidating certain data sources across municipal and school district networks when its schools return from state to local control. The district superintendent is concerned about the plan’s finer points when it comes to data sharing. (Photo illustration by Alexander Castro/Rhode Island Current) Some systems get…
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Bys sUnknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
Bys sThe Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo. The activity, first observed on January 26, 2026, has resulted in the deployment of new…
UK: More details emerge about ransomware attack on HCRG by Medusa
Bys sIn a recent report in The Register about an attack by Medusa on HCRG in the U.K., Iain Thomson reported, “For now, then, HCRG is still operational – a stark contrast to what happened in Texas last year, when the University Medical Center in Lubbock was forced to severely limit operations and turn away ambulances following…