Beyond the kill chain: What cybercriminals do with their money (Part 3)
In the third of our five-part series, Sophos X-Ops explores the more legally and ethically dubious business interests of financially motivated threat actors
Similar Posts
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including
Claude Code leak used to push infostealer malware on GitHub
Bys sBill Toulas reports: Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from Anthropic, designed to execute coding tasks directly in the terminal and act as an autonomous agent, capable of direct system interaction, LLM API……
Japan issues arrest warrant against teen suspected of cyberattack using AI
Bys sIslam Uddin reports: Japanese authorities have issued an arrest warrant against a teenager suspected of a cyberattack while using artificial intelligence, local media reported on Thursday. The arrest warrant has been issued for a 17-year-old boy on suspicion of carrying out a cyberattack on a major internet cafe operator using a program generated by artificial……
NHS investigates API flaw that exposed patient data
Bys sTeiss reports: The National Health Service (NHS) is investigating claims that an application programming interface (API) vulnerability at private healthcare provider Medefer left patient data exposed. The issue, initially raised by an IT whistleblower, has prompted scrutiny from the NHS, which has stated it will take further action if necessary. Medefer, a virtual healthcare provider…
Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
Bys sMicrosoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like…
Former Nuance employee admits breaching more than 1.2M Geisinger patient records
Bys sJohn Beauge reports the latest update in the case of Max Vance, also known as Andre J. Burk. Vance had been employed by Nuance Communications, a business associate of Geisinger Health. After his employment was terminated, he was still able to access Geisinger patient data. Geisinger detected the breach and notified Nuance. Now Beauge reports:……