DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers
Ransomware actor exploited RMM to access multiple organizations; Sophos EDR blocked encryption on customer’s network
Similar Posts
Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
Bys sWhen Website Planet emailed me about an unencrypted and non-password-protected database containing 1,115,061 records with 2.49 GB of sensitive information from an adoption agency, the name Gladney Adoption Center rang a bell. I had seen that name before in the context of a data security incident. Reading the findings by Jeremiah Fowler, I was struck…
Defense Contractors Are Silencing Their Cybersecurity Watchdogs
Bys sMatthew LaGarde writes: The US Department of Defense’s implementation of a new cybersecurity framework, the Cybersecurity Maturity Model Certification 2.0 or CMMC, will require more than 300,000 military contracting companies to improve their cybersecurity protections. These safeguards are critically important, but it appears that more than half of military contractors are unprepared to meet these new requirements……
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
Bys sA new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as…
Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat
Bys sSource: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector. The end goal of the multi-stage campaign is to deliver a remote access trojan known as DCRat, according to…
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
Bys sA financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. “Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration,” Elastic
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Bys sFortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It’s tracked as CVE-2026-25089 (CVSS score: 9.1). “An