Google’s Salesforce Instance Compromised: A Closer Look at Recent Cybersecurity Breach In a significant cybersecurity breach, Google has confirmed that its Salesforce instance was among those affected by unauthorized access. The intrusion took place in June, but the company only…
Topics: Cybercrime, Fraud Management & Cybercrime, Incident & Breach Response Ukrainian Hackers Uncover Evidence of Child Abduction Amid Ongoing Cyber Threats Anviksha More ( AnvikshaMore) • August 7, 2025 Information Security Media Group provides a weekly overview of significant cybersecurity…
India’s Cybersecurity Landscape: Average Data Breach Costs Reach ₹220 Million by 2025, IBM Report Reveals A recent report released by IBM reveals alarming trends in the cybersecurity landscape of India, indicating that the average cost of data breaches is projected…
Hackers Exploit Microsoft Teams to Distribute Enhanced Matanbuchus 3.0 Malware to Targeted Companies
July 16, 2025
Threat Intelligence / Vulnerability
Cybersecurity researchers have identified a new variant of the established malware loader Matanbuchus, which boasts enhanced stealth features to evade detection. Matanbuchus, a malware-as-a-service (MaaS) offering, serves as a launchpad for various next-stage payloads, including Cobalt Strike beacons and ransomware. Initially advertised in February 2021 on Russian-speaking cybercrime forums for a rental fee of $2,500, the malware has been utilized in ClickFix-like schemes to deceive users into visiting compromised yet legitimate sites. Over time, Matanbuchus’ delivery methods have evolved, incorporating phishing emails with malicious Google Drive links, drive-by downloads from compromised websites, harmful MSI installers, and malvertising. It has been instrumental in deploying numerous secondary payloads such as DanaBot, QakBot, and Cobalt Strike, all of which are precursors to ransomware attacks.
Hackers Exploit Microsoft Teams to Distribute Matanbuchus 3.0 Malware Targeting Businesses August 16, 2025 In a concerning development within the realm of cybersecurity, researchers have identified a new variant of the Matanbuchus malware loader, which has been refined to enhance…
Dec 02, 2024
Cyber Threats / Weekly Summary
Curious about the constant activity in the digital realm? Here’s a startling fact: hackers launch around 2,200 attacks daily, meaning there’s an attempt to breach a system every 39 seconds. While we typically focus on conventional hackers, sophisticated AI now creates phishing emails so realistic that even seasoned cybersecurity experts struggle to identify them. Even more alarming, some new malware acts like a digital chameleon, adapting to evade detection by monitoring efforts to eliminate it. This week’s recap is filled with captivating insights that will change how you view technology.
⚡ Threat Highlight:
T-Mobile Detects Unauthorized Access Attempts: The U.S. telecom giant uncovered unusual activity within its network, revealing that there were attempts to infiltrate their systems…
Cybersecurity Threats in Review: Key Developments from Nov 25 – Dec 1, 2024 Hackers are relentless in their pursuit of vulnerabilities within digital infrastructures, launching approximately 2,200 cyberattacks daily. This startling statistic translates to an intrusion attempt every 39 seconds,…
Targeted Data Exploitation of IT Workers Revealed in Recent Findings Recent investigations have unveiled a concerning scheme targeting IT professionals, highlighting a structured operation that gathers and exploits sensitive information. Documented evidence includes detailed listings of potential job opportunities within…
Endpoint Security, Governance & Risk Management, Internet of Things Security Four Vulnerabilities Expose Over 6,500 Camera Servers to Pre-Authentication Attacks Prajeet Nair (@prajeetspeaks) • August 7, 2025 An Axis 360-degree surveillance camera mounted on a brick wall in Barcelona, dated…
Home » AIRLINE NEWS » Data Breach at Air France-KLM: Passenger Information Compromised, Raising Phishing and Identity Theft Concerns Published on August 8, 2025 | By: TTW News Desk Image Credit: KLM In a troubling development, the Air France-KLM Group…
On July 17, 2025, Cisco revealed a critical security flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could enable attackers to execute arbitrary code on the operating system with elevated privileges. Labeled CVE-2025-20337, this vulnerability has a CVSS score of 10.0 and is akin to CVE-2025-20281, which was resolved by Cisco last month.
According to Cisco’s advisory, “Multiple vulnerabilities in a specific API of Cisco ISE and ISE-PIC could permit an unauthenticated, remote attacker to execute arbitrary code as root without requiring any valid credentials.” The vulnerabilities stem from inadequate validation of user-supplied input, allowing an attacker to exploit them through specially crafted API requests. A successful exploit could result in extensive control over the affected systems.
Cisco Issues Urgent Alert on High-Severity Vulnerability in ISE Software July 17, 2025 Vulnerability / Network Security Cisco has recently unveiled a serious security vulnerability affecting its Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC). Officially…
Kimsuky Hackers Linked to Credential Theft Using Russian Email Addresses
December 3, 2024
Threat Intelligence / Email Security
The North Korea-aligned threat group Kimsuky has been implicated in a series of phishing attacks utilizing email addresses that appear to originate from Russia, aimed at stealing user credentials. According to South Korean cybersecurity firm Genians, these phishing emails were predominantly sent from services in Japan and Korea until early September. However, starting in mid-September, a shift was noted with some emails crafted to look as if they were sent from Russia. This involves the exploitation of VK’s Mail.ru email service, which includes multiple alias domains such as mail.ru, internet.ru, bk.ru, inbox.ru, and list.ru. Genians has reported that Kimsuky has used these domains in phishing campaigns that impersonate financial institutions and popular internet sites like Naver. Additionally, some attacks have involved spoofing Naver’s MYBOX cloud storage service to deceive users into providing sensitive information.
Kimsuky Hackers Leverage Russian Email Domains in Credential Theft Operations December 3, 2024 Threat Intelligence / Email Security Recent investigations have revealed that Kimsuky, a North Korea-affiliated hacking group, has shifted its phishing tactics, now utilizing email addresses registered in…
