New York Attorney General Files Suit Against Early Warning Services Over Zelle Fraud Controls August 13, 2025 In a significant legal move, New York Attorney General Letitia James has initiated a lawsuit against Early Warning Services, LLC (EWS), the operator…
June 09, 2025
Wazuh Server Vulnerability
A critical security flaw in the Wazuh Server, now patched, has been exploited by threat actors to deploy two distinct variants of the Mirai botnet for executing distributed denial-of-service (DDoS) attacks. Akamai, which identified these exploitation efforts in late March 2025, reports that the campaign is targeting CVE-2025-24016 (CVSS score: 9.9), a dangerous deserialization vulnerability enabling remote code execution on affected Wazuh servers. This vulnerability impacts all server software versions from 4.4.0 onward and was addressed in February 2025 with the release of version 4.9.1. A proof-of-concept (PoC) exploit became publicly available around the same time. The issue stems from the Wazuh API, where parameters in the DistributedAPI are serialized as JSON and then deserialized using “as_wazuh_object” in the framework/wazuh/core/cluster/common.py file. Malicious actors can exploit this vulnerability by injecting harmful JSON…
Two Separate Botnets Exploit Wazuh Server Vulnerability for Mirai-Based Attacks On June 9, 2025, cybersecurity experts reported that a critical vulnerability in the Wazuh Server is being actively exploited by malicious actors to deploy two different variants of the Mirai…
May 15, 2023
Cyber Threat / Malware
A fresh cyber threat has emerged, targeting government, aviation, education, and telecom sectors across South and Southeast Asia. This campaign, linked to a newly identified hacking group, began in mid-2022 and extended into early 2023. Symantec, a division of Broadcom Software, has dubbed this activity “Lancefly,” identifying a sophisticated backdoor known as Merdoor. Investigation reveals that this custom implant may have been in use as early as 2018. The campaign’s objectives appear to focus on intelligence gathering, given the tools employed and the specific targets chosen. According to Symantec’s analysis shared with The Hacker News, “The backdoor is deployed very selectively, impacting only a limited number of networks and devices over the years, indicating a highly targeted approach.” Additionally, the attackers appear to possess an updated version of the ZXShell rootkit.
Researchers Identify Sophisticated Backdoor and Custom Implant Amid Extended Cyber Campaign May 15, 2023 A newly identified hacking group has executed a sustained cyber campaign impacting key sectors including government, aviation, education, and telecommunications across South and Southeast Asia. This…
Data Breach Notification, Data Security, Fraud Management & Cybercrime DaVita’s Stolen Data Surfaced on Dark Web Following Ransomware Attack by Interlock Marianne Kolbasuk McGee ( HealthInfoSec) • August 22, 2025 Image: DaVita In a troubling development for patient data security,…
Concerns Rise as Doctor’s Safety and Cybersecurity Incidents Escalate A doctor whose hospital was recently targeted by a subpoena has expressed growing concerns for personal safety, stating, “I’m looking over my shoulder driving home.” This heightened sense of vulnerability is…
April 30, 2025
Malware / Data Breach
Everyone has a cybersecurity story to share, often involving family members. Here’s a familiar scenario: “The strangest thing happened with my streaming account. I got locked out, changed my password, and when I got back in, all my shows had disappeared! Everything was in Spanish, and there were all these unfamiliar shows. Isn’t that strange?”
This describes a common account takeover attack. Essentially, a streaming account is compromised—often due to weak or reused passwords—and the access is sold on a digital black market, typically advertised as “LIFETIME STREAMING SERVICE ACCOUNT – $4 USD.”
While this may seem like a minor annoyance for most, a quick reset of your credentials and a call to your bank to get a new credit card usually remedy the situation, allowing you to return to binge-watching your favorite series without much fuss.
Customer Account Takeovers: The Hidden Multi-Billion Dollar Challenge On April 30, 2025, the cybersecurity landscape continues to evolve with concerning revelations surrounding customer account takeovers. These incidents, while often dismissed as minor annoyances, represent a significant and escalating threat to…
Data Breach at Orange Belgium Exposes 850,000 Customer Records In a significant cyber incident, Orange Belgium has acknowledged a data breach that has impacted approximately 850,000 customers. The breach occurred following a targeted cyberattack on one of the company’s internal…
China-Linked Cyber Espionage Group Targets Over 70 Organizations Across Diverse Sectors
June 9, 2025
Government Security / Cyber Espionage
Recent reconnaissance efforts against American cybersecurity firm SentinelOne are part of a larger wave of intrusions affecting various targets between July 2024 and March 2025. “The victims include a South Asian government agency, a European media outlet, and over 70 organizations spanning numerous sectors,” noted SentinelOne security researchers Aleksandar Milenkoski and Tom Hegel in a recent report. Affected sectors include manufacturing, government, finance, telecommunications, and research. Notably, an IT services and logistics firm was compromised while managing equipment logistics for SentinelOne staff during the breach in early 2025. This malicious activity has been confidently linked to threat actors associated with China, with some attacks attributed to a cluster known as PurpleHaze, which overlaps with recognized Chinese cyber espionage groups labeled APT15.
Over 70 Organizations Affected by Cyber Espionage Linked to China June 9, 2025 Government Security / Cyber Espionage A recent report has unveiled significant cyber espionage activities against a diverse range of organizations, orchestrated by a group with ties to…
May 16, 2023
Network Security / Threat Intelligence
The Chinese state-sponsored group known as Mustang Panda has been connected to a series of sophisticated, targeted attacks aimed at European foreign affairs entities since January 2023. According to researchers Itay Cohen and Radoslaw Madej from Check Point, these intrusions involve a custom firmware implant specifically designed for TP-Link routers. This implant includes several malicious components, featuring a custom backdoor dubbed “Horse Shell” that allows attackers to maintain persistent access, establish anonymous infrastructure, and facilitate lateral movement within compromised networks. Furthermore, the implant’s firmware-agnostic design enables its components to be integrated into various firmware from different vendors. The Israeli cybersecurity firm is monitoring this threat group, also known as Camaro Dragon, along with other aliases such as BASIN, Bronze President, Earth Preta, HoneyMyte, RedDelta, and Red Lich.
Mustang Panda Hackers Target European Foreign Affairs with TP-Link Router Exploit On May 16, 2023, it was reported that the Chinese state-sponsored hacking group, known as Mustang Panda, has orchestrated a series of sophisticated and targeted attacks against European foreign…
Data Breach Notification, Data Security, Fraud Management & Cybercrime Threat Actors Breached a Rural Michigan Health System for Approximately Two Months; BianLian Claims Responsibility Marianne Kolbasuk McGee (HealthInfoSec) • August 22, 2025 Image: Aspire Rural Health System A rural health…
