Beyond the kill chain: What cybercriminals do with their money (Part 4)
In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests
Similar Posts
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
Bys sEclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both…
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems
Bys sTrend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws. “A vulnerability…
PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
Bys sMicrosoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. “The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish…
Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry
Bys sCybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is “@vietmoney/react-big-calendar,” which was uploaded to npm back in March 2021 by a user named…
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
Bys sCybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns. “Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns,”…
Zendesk ticket systems hijacked in massive global spam wave
Bys sLawrence Abrams reports: People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines. The wave of spam messages started on January 18th, with people reporting on social media that they received hundreds of emails. While the messages do not……