admin

admin

  • Joined: September 10, 2024
  • Articles: 6283

ConnectWise Cyberattack: Nation-State Actor Suspected in Targeted Breach
May 30, 2025 | Vulnerability / Data Breach

ConnectWise, known for its remote access software ScreenConnect, has reported being targeted in a cyberattack believed to be orchestrated by a nation-state actor. On May 28, the company issued a brief advisory detailing that it had identified suspicious activity linked to the threat, which has affected a limited number of ScreenConnect customers. To investigate the incident further, ConnectWise has enlisted Google Mandiant for a forensic examination and has informed all impacted customers. While the company has not disclosed the specific number of affected customers, the timing of the breach, or the identity of the responsible party, it is important to note that just weeks prior, in late April 2025, ConnectWise addressed a high-severity vulnerability (CVE-2025-3935) with a CVSS score of 8.1 in ScreenConnect versions 25.2.3 and earlier.

ConnectWise Reports Cyberattack, Suspected Links to Nation-State Actor May 30, 2025 ConnectWise, known for its remote access and support platform ScreenConnect, has confirmed that it recently fell victim to a cyberattack potentially orchestrated by a nation-state threat actor. In a…

Major Vulnerability in Open VSX Registry Poses Supply Chain Risks for Millions of Developers

On June 26, 2025, cybersecurity analysts revealed a serious flaw in the Open VSX Registry (“open-vsx[.]org”), which, if exploited, could allow attackers to seize control of the entire Visual Studio Code extensions marketplace. This represents a significant supply chain threat. “This vulnerability gives attackers total authority over the extensions marketplace and, consequently, over millions of developer machines,” stated Oren Yomtov, a researcher at Koi Security. “By leveraging a CI issue, a malicious actor could release harmful updates to every extension available on Open VSX.” After responsibly disclosing the issue on May 4, 2025, the maintainers proposed several fixes, culminating in a final patch on June 25. The Open VSX Registry, an open-source alternative to the Visual Studio Marketplace, is maintained by the Eclipse Foundation and is used by various code editors, including Cursor, Windsurf, Google Cloud Shell Editor, and Gitpod.

Critical Vulnerability in Open VSX Registry Poses Major Supply Chain Risk for Developers On June 26, 2025, cybersecurity researchers revealed a significant vulnerability in the Open VSX Registry, an open-source platform available at “open-vsx[.]org.” This flaw has the potential to…

Joint Global Operation Leads to Arrests and Sanctions Against LockBit Ransomware and Evil Corp Members

October 3, 2024
Cybercrime / Ransomware

A coordinated international law enforcement effort has resulted in four arrests and the shutdown of nine servers associated with the LockBit (also known as Bitwise Spider) ransomware operation, targeting a once-prominent financially motivated cybercriminal group. Key developments include the apprehension of a suspected LockBit developer in France while on vacation outside Russia, the arrest of two individuals in the UK linked to an affiliate, and the capture of an administrator of a bulletproof hosting service in Spain used by the gang, according to Europol. Additionally, authorities have identified a Russian national, Aleksandr Ryzhenkov (known by several aliases including Beverley and Corbyn_Dallas), as a high-ranking member of the Evil Corp cybercrime group and a LockBit affiliate. Sanctions have been imposed on seven individuals and two entities connected to the e-crime organization. “The United States, in collaboration with our allies…”

LockBit Ransomware and Evil Corp Members Arrested in Global Law Enforcement Operation On October 3, 2024, a coordinated international law enforcement operation resulted in the arrest of four individuals and the dismantling of nine servers associated with the LockBit ransomware…

Digital Twins of AI Workers Create Emerging Insider Threats

Artificial Intelligence & Machine Learning, Black Hat, Events Researchers Highlight Risks of AI Bots in Cybersecurity Contexts Michael Novinson (@MichaelNovinson) • August 15, 2025 Matthew Canham, Executive Director, Cognitive Security Institute, and Ben Sawyer, Associate Professor, Industrial Engineering and Management…

New Vulnerabilities in Linux Enable Password Hash Theft Through Core Dumps in Ubuntu, RHEL, and Fedora

May 31, 2025
Vulnerability / Linux

Two critical information disclosure vulnerabilities have been discovered in Apport and systemd-coredump, core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Labeled as CVE-2025-5054 and CVE-2025-4598, both are race condition bugs that could allow local attackers to access sensitive data. Tools like Apport and systemd-coredump are essential for handling crash reports and core dumps within Linux systems. Saeed Abbasi, product manager at Qualys TRU, noted, “These race conditions enable a local attacker to exploit a SUID program and gain read access to the resultant core dump.” Below is a brief overview of the two vulnerabilities:

  • CVE-2025-5054 (CVSS score: 4.7): A race condition in the Canonical Apport package, versions up to 2.32.0, allowing local attackers to leak sensitive information through PID-reuse by leveraging namespaces.
  • CVE-2025-4598 (CVSS score: 4.7): A race condition in…

New Vulnerabilities Uncovered in Linux Core Dump Handlers Could Lead to Password Hash Theft May 31, 2025 Recent findings from the Qualys Threat Research Unit (TRU) have revealed two significant vulnerabilities within core dump handlers in popular Linux distributions, including…

MOVEit Transfer Under Heightened Threat as Scanning Activity Surges and CVE Vulnerabilities Come Under Fire

Network security firm GreyNoise has reported a “notable surge” in scanning activity targeting Progress MOVEit Transfer systems since May 27, 2025, indicating that cybercriminals may be gearing up for a new mass exploitation campaign or probing for unpatched vulnerabilities. MOVEit Transfer, widely utilized by businesses and government agencies for secure file sharing, is a prime target due to its handling of sensitive data.

“Prior to this date, scanning was minimal—typically fewer than 10 IP addresses were observed daily,” the firm stated. “However, on May 27, that number skyrocketed to over 100 unique IPs, followed by 319 on May 28.” Since then, the volume of scanning IPs has remained intermittently elevated, fluctuating between 200 and 300 daily, marking a “significant deviation” from normal patterns. GreyNoise reports that as many as 682 unique IPs have been flagged in connection with this increased activity.

Increased Threat Landscape for MOVEit Transfer Amidst Rising Scanning Activities June 27, 2025 In a recent update, cybersecurity firm GreyNoise has reported a significant surge in scanning activities targeting Progress MOVEit Transfer systems. This uptick, which began on May 27,…

Microsoft Alerts to Rising Use of File Hosting Services in Business Email Compromise Schemes

Microsoft has issued a warning about cyberattack strategies that exploit legitimate file hosting platforms like SharePoint, OneDrive, and Dropbox, commonly utilized in corporate environments as a tactic to evade defenses. These campaigns have diverse objectives, enabling threat actors to compromise identities and devices, facilitating business email compromise (BEC) incidents that lead to financial fraud, data theft, and further infiltration into networks.

The abuse of trusted internet services (LIS) is an increasingly prevalent risk factor, allowing adversaries to blend in with normal network activity, often circumventing traditional security measures and complicating threat attribution. This tactic, known as living-off-trusted-sites (LOTS), takes advantage of the inherent trust in these platforms to bypass email security protocols and deliver malware. Microsoft has noted a concerning trend in phishing attacks exploiting this strategy.

Microsoft Alerts on Increasing Use of File Hosting Services in Business Email Compromise Attacks October 9, 2024 Microsoft has issued a warning regarding a rise in cyber attack campaigns that exploit established file hosting services such as SharePoint, OneDrive, and…