Beyond the kill chain: What cybercriminals do with their money (Part 4)
In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests
Similar Posts
WestJet investigates cyberattack disrupting internal systems
Bys sLawrence Abrams reports: WestJet, Canada’s second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. “WestJet is aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users,” reads a security advisory on WestJet’s site. “We have activated specialized…
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
Bys sA dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department…
12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training
Bys sA dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding the problem when LLMs end up suggesting insecure coding practices…
Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries
Bys sA subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. “This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations,” the
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
Bys sCybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer “advanced license validation and registry optimization utilities for high-performance Node.js applications.” It was uploaded to npm by a user named “Kodane” on July 28, 2025. The
Three Password Cracking Techniques and How to Defend Against Them
Bys sPasswords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods. The following are the three common techniques…