Beyond the kill chain: What cybercriminals do with their money (Part 4)
In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests
Similar Posts
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Bys sNew research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. “Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration…
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
Bys sA high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a…
Hong Kong govt office sorry for losing tapes with personal data
Bys sRTHK reports: The government office responsible for providing insolvency services has issued an apology after magnetic tapes containing information of about 76,000 people went missing. However, it stressed chances of a data leak is “extremely low”. The Official Receiver’s Office revealed on Monday that seven magnetic backup tapes were lost while being delivered from Immigration…
The Art of the Deal? Bitcoin fraudster tied to 2016 hacking of Democrats is Russian released in exchange for U.S teacher
Bys sMike Bedigan reports: A bitcoin money launderer, who prosecutors connected to the 2016 Russian interference in the U.S. election, has been released by Donald Trump in exchange for American school teacher Marc Fogel. Alexander Vinnik, 42, a Russian citizen, was charged in a 21-count superseding indictment in January 2017 and taken into custody in Greece. He was later extradited to the U.S….
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024
Bys sYou can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester). Stolen credentials…
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
Bys sEclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both…