It takes two: The 2025 Sophos Active Adversary Report
The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you
Similar Posts
Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security
Bys sPasswork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting
Korea imposes 343 million won penalty on HAESUNG DS for data breach of 70,000 shareholders
Bys sKim Su-jeong reports: The Personal Information Protection Commission announced on the 24th that it imposed a penalty surcharge of 343 million won [USD $250,136.73] on HAESUNG DS, a semiconductor parts company, after it left vulnerabilities in its network security equipment unattended, resulting in a hacker attack that leaked personal information of over 70,000 shareholders. According…
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
Bys sAt least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver, indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and…
U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
Bys sRavie Lakshmanan reports: The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world. The sanctions also extend to its subsidiaries Aeza International Ltd.,…
Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat
Bys sSource: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector. The end goal of the multi-stage campaign is to deliver a remote access trojan known as DCRat, according to…
PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts
Bys sFortinet warns of a phishing campaign that uses legitimate links to take over the victims’ PayPal accounts. The post PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts appeared first on SecurityWeek.