A recent data breach at iiNet, one of Australia’s largest internet service providers, has spotlighted the ongoing security vulnerabilities in the nation’s digital infrastructure. This incident, which compromised personal information of over 280,000 customers, highlights the escalating challenge of safeguarding consumer data in an environment where cyber threats are both…
June 11, 2025
Ransomware / Cybersecurity
Former affiliates of the Black Basta ransomware group are reportedly sticking to familiar tactics, utilizing email bombing and Microsoft Teams phishing to gain sustained access to targeted networks. Recent reports from ReliaQuest, shared with The Hacker News, reveal that attackers have begun incorporating Python script execution along with these methods, using cURL requests to retrieve and deploy malicious payloads. This evolution indicates that threat actors are adapting and reorganizing despite challenges faced by the Black Basta identity following the public leak of its internal communications earlier this February. The cybersecurity firm found that 50% of Teams phishing incidents recorded between February and May 2025 originated from onmicrosoft[.]com domains, with breached domains contributing to 42% of all attacks during that timeframe. This approach proves particularly stealthy, enabling attackers to masquerade as legitimate traffic.
Former Black Basta Operatives Leverage Microsoft Teams and Python in 2025 Cyber Attacks June 11, 2025 A resurgence of cybercrime tactics has emerged from erstwhile operations linked to the Black Basta ransomware group, with recent attacks revealing a continued reliance on traditional methods like email bombing and phishing through Microsoft…
June 11, 2025
Ransomware / Cybersecurity
Former affiliates of the Black Basta ransomware group are reportedly sticking to familiar tactics, utilizing email bombing and Microsoft Teams phishing to gain sustained access to targeted networks. Recent reports from ReliaQuest, shared with The Hacker News, reveal that attackers have begun incorporating Python script execution along with these methods, using cURL requests to retrieve and deploy malicious payloads. This evolution indicates that threat actors are adapting and reorganizing despite challenges faced by the Black Basta identity following the public leak of its internal communications earlier this February. The cybersecurity firm found that 50% of Teams phishing incidents recorded between February and May 2025 originated from onmicrosoft[.]com domains, with breached domains contributing to 42% of all attacks during that timeframe. This approach proves particularly stealthy, enabling attackers to masquerade as legitimate traffic.
Published: Jul 07, 2023
Category: Endpoint Security / Ransomware
Ransomware attacks pose a severe challenge for organizations globally, and the threat level continues to escalate. Recently, Microsoft’s Incident Response team delved into the BlackByte 2.0 ransomware attacks, revealing the alarming speed and destructive impact of these cyber assaults. Their findings underscore that cybercriminals can execute a complete attack—from initial infiltration to inflicting considerable damage—in just five days. Hackers swiftly breach systems, encrypt critical data, and demand ransom for its release. This drastically reduced timeline presents significant hurdles for organizations striving to bolster their defenses against such threats. BlackByte ransomware operates in the final phase of the attack, employing an 8-digit key to encrypt files. The investigation highlighted that attackers leverage a potent mix of tactics, particularly exploiting unpatched Microsoft Exchange Servers.
BlackByte 2.0 Ransomware: A Rapid Assault on Organizations On July 7, 2023, Microsoft’s Incident Response team released findings highlighting the alarming speed and impact of BlackByte 2.0 ransomware attacks, which are proving to be an escalating threat for organizations worldwide. The investigations revealed that cybercriminals can orchestrate a complete attack—from…
Published: Jul 07, 2023
Category: Endpoint Security / Ransomware
Ransomware attacks pose a severe challenge for organizations globally, and the threat level continues to escalate. Recently, Microsoft’s Incident Response team delved into the BlackByte 2.0 ransomware attacks, revealing the alarming speed and destructive impact of these cyber assaults. Their findings underscore that cybercriminals can execute a complete attack—from initial infiltration to inflicting considerable damage—in just five days. Hackers swiftly breach systems, encrypt critical data, and demand ransom for its release. This drastically reduced timeline presents significant hurdles for organizations striving to bolster their defenses against such threats. BlackByte ransomware operates in the final phase of the attack, employing an 8-digit key to encrypt files. The investigation highlighted that attackers leverage a potent mix of tactics, particularly exploiting unpatched Microsoft Exchange Servers.
Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development Claude Models May Terminate Unsafe Conversations in Certain Scenarios Rashmi Ramesh (rashmiramesh_) • August 20, 2025 Image: Shutterstock Recently, Anthropic unveiled a safeguard feature for its Claude AI platform, enabling specific models to terminate conversations deemed persistently…
May 13, 2025
Category: Zero-Day / Vulnerability
A Türkiye-linked threat actor has exploited a zero-day vulnerability in the Indian enterprise communication tool Output Messenger as part of a cyber espionage campaign that began in April 2024. According to the Microsoft Threat Intelligence team, these exploits have led to the collection of sensitive user data from targets in Iraq. The focus of the attacks appears to align with the Kurdish military in Iraq, consistent with the previously documented objectives of the group known as Marbled Dust. This threat group, which has also been referred to as Silicon, Cosmic Wolf, Sea Turtle, Teal Kurma, and UNC1326, has been active since at least 2017. However, it wasn’t until 2019 that Cisco Talos documented their activities against both public and private entities in the Middle East and North Africa. Early last year, the group was also noted for targeting telecommunications and media sectors.
Turkish Hackers Exploit Zero-Day Vulnerability in Output Messenger to Deploy Golang Backdoors on Kurdish Servers Published: May 13, 2025 In a notable instance of cyber espionage, a Türkiye-affiliated threat actor has successfully leveraged a zero-day vulnerability in Output Messenger, an enterprise communication platform from India. This breach, which has been…
May 13, 2025
Category: Zero-Day / Vulnerability
A Türkiye-linked threat actor has exploited a zero-day vulnerability in the Indian enterprise communication tool Output Messenger as part of a cyber espionage campaign that began in April 2024. According to the Microsoft Threat Intelligence team, these exploits have led to the collection of sensitive user data from targets in Iraq. The focus of the attacks appears to align with the Kurdish military in Iraq, consistent with the previously documented objectives of the group known as Marbled Dust. This threat group, which has also been referred to as Silicon, Cosmic Wolf, Sea Turtle, Teal Kurma, and UNC1326, has been active since at least 2017. However, it wasn’t until 2019 that Cisco Talos documented their activities against both public and private entities in the Middle East and North Africa. Early last year, the group was also noted for targeting telecommunications and media sectors.
Cybercriminals have increasingly exploited the Vibe Coding Service to establish malicious websites aimed at unsuspecting users. This troubling trend has raised alarms within the cybersecurity community as it indicates a shift in the tactics employed by adversaries seeking to capitalize on popular tools. The target of these attacks includes various…
ConnectWise to Update ScreenConnect Code Signing Certificates Following Security Concerns
June 12, 2025
Vulnerability / Software Security
ConnectWise has announced plans to rotate the digital code signing certificates for ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security risks. This decision follows concerns raised by a third-party researcher regarding the handling of specific configuration data in earlier versions of ScreenConnect. While the company has not publicly detailed the issue, additional information has been provided in a non-public FAQ for customers, which later surfaced on Reddit. The concern relates to ScreenConnect’s method of storing configuration data in an unsigned area of the installer, which is utilized for passing connection information (such as the callback URL for the agent) without compromising the signature.
ConnectWise to Update ScreenConnect Code Signing Certificates in Response to Security Concerns June 12, 2025 In a significant security development, ConnectWise has announced its intention to rotate the digital code signing certificates that are employed to authenticate ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables. This decision…
ConnectWise to Update ScreenConnect Code Signing Certificates Following Security Concerns
June 12, 2025
Vulnerability / Software Security
ConnectWise has announced plans to rotate the digital code signing certificates for ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security risks. This decision follows concerns raised by a third-party researcher regarding the handling of specific configuration data in earlier versions of ScreenConnect. While the company has not publicly detailed the issue, additional information has been provided in a non-public FAQ for customers, which later surfaced on Reddit. The concern relates to ScreenConnect’s method of storing configuration data in an unsigned area of the installer, which is utilized for passing connection information (such as the callback URL for the agent) without compromising the signature.
Malicious actors took advantage of an undisclosed vulnerability in Revolut’s payment systems, leading to the theft of over $20 million in early 2022, as reported by the Financial Times. The breach, which has not been made public, originated from inconsistencies between Revolut’s U.S. and European operations, resulting in erroneous refunds using the company’s funds when certain transactions were declined. The issue was first identified in late 2021, but before it could be resolved, organized crime groups exploited the loophole by prompting individuals to initiate costly purchases that would be declined. These refunded amounts were subsequently withdrawn from ATMs. While the exact technical details of the vulnerability remain unclear, approximately $23 million was stolen in total, with some of the funds retrieved by tracking those who had withdrawn cash.
Revolut Reports $20 Million Loss Following Exploitation of Payment System Vulnerability July 10, 2023 In early 2022, Revolut fell victim to a significant security breach, leading to a loss exceeding $20 million due to exploitation of an undisclosed flaw within its payment systems. This incident was brought to light by…
Malicious actors took advantage of an undisclosed vulnerability in Revolut’s payment systems, leading to the theft of over $20 million in early 2022, as reported by the Financial Times. The breach, which has not been made public, originated from inconsistencies between Revolut’s U.S. and European operations, resulting in erroneous refunds using the company’s funds when certain transactions were declined. The issue was first identified in late 2021, but before it could be resolved, organized crime groups exploited the loophole by prompting individuals to initiate costly purchases that would be declined. These refunded amounts were subsequently withdrawn from ATMs. While the exact technical details of the vulnerability remain unclear, approximately $23 million was stolen in total, with some of the funds retrieved by tracking those who had withdrawn cash.
Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Recent Breaches Heighten Concerns Over Operational Setbacks in the Water Sector Chris Riotta (@chrisriotta) • August 20, 2025 Image: Alex Stemmer/Shutterstock Recent reports indicate that Russia has instigated a series of cyberattacks on vulnerable water utilities throughout Europe, presenting…
