The group known as Silk Typhoon—previously referred to as Hafnium—has shifted its focus from exploiting vulnerabilities in Microsoft Exchange servers to targeting the information technology (IT) supply chain. This change in strategy aims to gain initial access to corporate networks, according to the Microsoft Threat Intelligence team’s recent report. Silk…
Ransomware Attack Strikes Highlands Oncology, Compromising Over 113,000 Patient Records Highlands Oncology, a healthcare provider based in the United States, has recently fallen victim to a significant ransomware attack that has compromised the personal information of more than 113,000 patients. This incident raises urgent concerns regarding the security of sensitive…
Recent findings from cybersecurity experts reveal a vulnerability in Google’s Quick Share data transfer tool for Windows, which can be manipulated to cause denial-of-service (DoS) issues or transmit files to users’ devices without their consent. This flaw underscores serious security concerns for users relying on this peer-to-peer file-sharing utility. Categorized…
A new cyber campaign known as Earth Bogle has emerged, showcasing the use of geopolitical themes to distribute the NjRAT remote access trojan across the Middle East and North Africa. This initiative underscores the evolving strategies employed by threat actors to exploit current events for malicious purposes. According to a…
Relevant topics include Third Party Risk Management, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Developer Compromised by Phishing Attack Involving a Malicious Email Authored by Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • September 9, 2025 Image: Shutterstock An attacker compromised 18 widely-used npm packages by embedding cryptocurrency theft malware after…
The recent report emphasizes the significant yet often overlooked role of resellers and brokers in the spyware supply chain, describing this group as “a notably under-researched set of actors.” These intermediaries are said to obscure the relationships among vendors, suppliers, and buyers, frequently facilitating connections to emerging regional markets. Sarah…
On September 10, the Cyberspace Administration of China announced administrative sanctions against Dior’s Shanghai branch, a luxury brand owned by LVMH. This action stems from the unauthorized transfer of customers’ personal data to the company’s headquarters in France, highlighting significant compliance lapses in data protection practices. The investigation into Dior…
A sophisticated supply chain attack initially aimed at Coinbase has now been linked to a wider campaign targeting users of the “tj-actions/changed-files” GitHub Action. This breach is believed to have originated from the theft of a personal access token (PAT) connected to the SpotBugs project, unveiled by Palo Alto Networks’…
Recent reports have illuminated the continued digital aggression from the Russian state-sponsored hacking group, Gamaredon, which is employing Telegram as a tool to target military and law enforcement sectors in Ukraine. This tactic signifies a notable evolution in the methods used by the actors, who have a history of cyber…
