It takes two: The 2025 Sophos Active Adversary Report
The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you
Similar Posts
China accuses US of launching ‘advanced’ cyberattacks, names alleged NSA agents
Bys s
Laurie Chen, Farah Master and Liz Lee report: China accused the United States National Security Agency (NSA) on Tuesday of launching “advanced” cyberattacks during the Asian Winter Games in February, targeting essential industries. Police in the northeastern city of Harbin said three alleged NSA agents to a wanted list and also accused the University of…
North Korean Hackers Tied to $1.3B in Stolen Crypto in 2024
Bys s
Researchers Trace 61% of Known Losses This Year to Pyongyang-Backed HackersHackers tied to North Korea’s cash-strapped totalitarian dictatorship this year stole a record amount of cryptocurrency, totaling $1.34 billion across 47 incidents, or about double their known haul for 2023, reported blockchain analytics firm Chainalysis.
Ukrainian National Extradited from Spain to Face Conspiracy to Use Ransomware Charge
Bys s
A press release from the Department of Justice Defendant Allegedly Took Part in Global Ransomware Scheme Using “Nefilim” Ransomware Strain Thursday, May 1, 2025 Earlier today, in federal court in Brooklyn, a superseding indictment was unsealed charging Artem Stryzhak with conspiracy to commit fraud and related activity, including extortion, in connection with computers, for his…
Taipei’s Mackay Memorial Hospital patient information allegedly sold online
Bys s
Michael Nakhiengchanh reports: Taipei’s Mackay Memorial Hospital apologized Thursday to the public for an information leak caused by a cyberattack earlier this month. On Feb. 9, the hospital was hit by ransomware called “Crazy Hunter,” causing over 500 computers to crash and reportedly up to 32.5 GB of information stolen, per CNA. The leaked data allegedly includes personal…
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
Bys s
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that’s primarily designed to target users in Spain and Turkey. “Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility…
Meta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks
Bys s
A high-severity security flaw has been disclosed in Meta’s Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the…