The Breach News

Phishing Campaigns Employ Real-Time Email Validation for More Effective Credential Theft

April 14, 2025
Email Security / Cyber Attack

Cybersecurity experts are highlighting a new credential phishing method designed to ensure stolen information is linked to valid online accounts. Termed “precision-validating phishing” by Cofense, this strategy uses real-time email checks to target a select group of high-value individuals with counterfeit login screens. “This approach significantly increases the success rate for attackers by focusing solely on a curated list of verified email addresses,” the company stated. Unlike traditional “spray-and-pray” tactics that indiscriminately mass-distribute phishing emails, this advanced method elevates spear-phishing by interacting only with confirmed active and legitimate email accounts.

Phishing Campaigns Execute Real-Time Validations to Target High-Value Credentials April 14, 2025 Email Security / Cyber Attack Cybersecurity experts have identified an emerging credential phishing strategy that enhances the likelihood of stealing valid user information linked to legitimate online accounts. Dubbed “precision-validating phishing” by the cybersecurity firm Cofense, this method…

Read More

Phishing Campaigns Employ Real-Time Email Validation for More Effective Credential Theft

April 14, 2025
Email Security / Cyber Attack

Cybersecurity experts are highlighting a new credential phishing method designed to ensure stolen information is linked to valid online accounts. Termed “precision-validating phishing” by Cofense, this strategy uses real-time email checks to target a select group of high-value individuals with counterfeit login screens. “This approach significantly increases the success rate for attackers by focusing solely on a curated list of verified email addresses,” the company stated. Unlike traditional “spray-and-pray” tactics that indiscriminately mass-distribute phishing emails, this advanced method elevates spear-phishing by interacting only with confirmed active and legitimate email accounts.

TrickBot Linked to Over $724 Million in Cryptocurrency Theft and Extortion

Cybercriminals are intensifying their methods, departing from conventional data encryption tactics to adopt a more aggressive form of extortion known as quadruple extortion. This concerning development is detailed in the latest Ransomware Report 2025: Building Resilience Amid a Volatile Threat Landscape, published today by Akamai, a prominent player in cybersecurity…

Read MoreTrickBot Linked to Over $724 Million in Cryptocurrency Theft and Extortion

Why Palo Alto Is Investing $25 Billion in Identity Solutions

Access Management, Agentic AI, Identity & Access Management CyberArk Acquisition Enhances Palo Alto Networks’ Privileged Access Capabilities Michael Novinson (@MichaelNovinson) • July 30, 2025 Nikesh Arora, Chairman and CEO, Palo Alto Networks Nikesh Arora, CEO of Palo Alto Networks, announced the company’s intention to acquire CyberArk for $25 billion, driven…

Read MoreWhy Palo Alto Is Investing $25 Billion in Identity Solutions

Qantas Data Breach: ShinyHunters Collective Suspected in Australian Airline Hack

Qantas Cyber Attack Linked to ShinyHunters and Scattered Spider Qantas recently confirmed that it was targeted in a cyber attack that compromised the personal data of millions of its customers. Initial assessments from cybersecurity experts indicated that the attack might have been executed by the Scattered Spider hacking collective. However,…

Read MoreQantas Data Breach: ShinyHunters Collective Suspected in Australian Airline Hack

“Scattered Spider Linked to Cyberattacks on M&S and Co-op, Resulting in Up to $592M in Damages”

June 21, 2025
Cyber Attack / Critical Infrastructure

The April 2025 cyberattacks on U.K. retailers Marks & Spencer and Co-op have been deemed a “single combined cyber event” by the Cyber Monitoring Centre (CMC), an independent non-profit organization established by the insurance industry to assess significant cyber incidents. The CMC noted, “Given that one threat actor claimed responsibility for both M&S and Co-op, along with their close timing and the similar tactics, techniques, and procedures (TTPs), we have classified these incidents as a single combined cyber event.” These disruptions have been categorized as a “Category 2 systemic event,” with estimated financial repercussions ranging from £270 million ($363 million) to £440 million ($592 million). However, the cyberattack on Harrods, occurring around the same period, has not been included due to insufficient information regarding its cause.

Scattered Spider Linked to Cyberattacks on M&S and Co-op, Resulting in Significant Financial Losses In April 2025, the U.K. retailers Marks & Spencer (M&S) and Co-op fell victim to a series of coordinated cyberattacks, now recognized as a “single combined cyber event” by the Cyber Monitoring Centre (CMC). This independent,…

Read More

“Scattered Spider Linked to Cyberattacks on M&S and Co-op, Resulting in Up to $592M in Damages”

June 21, 2025
Cyber Attack / Critical Infrastructure

The April 2025 cyberattacks on U.K. retailers Marks & Spencer and Co-op have been deemed a “single combined cyber event” by the Cyber Monitoring Centre (CMC), an independent non-profit organization established by the insurance industry to assess significant cyber incidents. The CMC noted, “Given that one threat actor claimed responsibility for both M&S and Co-op, along with their close timing and the similar tactics, techniques, and procedures (TTPs), we have classified these incidents as a single combined cyber event.” These disruptions have been categorized as a “Category 2 systemic event,” with estimated financial repercussions ranging from £270 million ($363 million) to £440 million ($592 million). However, the cyberattack on Harrods, occurring around the same period, has not been included due to insufficient information regarding its cause.

Hackers Embed 4G-Enabled Raspberry Pi in Bank Network in a Quest for Wealth

In a recent cybersecurity incident, attackers leveraged physical access to install a Raspberry Pi device directly into a bank’s internal network, as reported by Nam Le Phuong, a Senior Digital Forensics and Incident Response Specialist at Group-IB. This device was strategically connected to the same network switch as an ATM,…

Read MoreHackers Embed 4G-Enabled Raspberry Pi in Bank Network in a Quest for Wealth

Significant Vulnerabilities Discovered in Dahua Cameras

Endpoint Security, Internet of Things Security Unauthenticated Vulnerabilities Enable Complete Remote Code Execution Prajeet Nair (@prajeetspeaks) • July 30, 2025 A Dahua Hero C1 smart camera. (Image: Dahua) Unauthenticated attackers can remotely control Dahua Hero C1 smart cameras by exploiting certain firmware vulnerabilities, as stated by Bitdefender in a coordinated…

Read MoreSignificant Vulnerabilities Discovered in Dahua Cameras

IBM: Shadow AI Breaches Lead to $670K Increase in Costs; 97% of Companies Unprepared

The Rising Threat of Shadow AI: A Growing Challenge for Organizations Organizations are increasingly facing a hidden risk known as Shadow AI, a phenomenon that has been tagged as a staggering $670,000 issue that many aren’t even aware exists. Recent findings from IBM’s 2025 Cost of a Data Breach Report,…

Read MoreIBM: Shadow AI Breaches Lead to $670K Increase in Costs; 97% of Companies Unprepared

DHS Issues Warning: Potential Cyber Attacks from Pro-Iranian Hackers Following U.S. Airstrikes on Iranian Nuclear Sites

June 23, 2025
Hacktivism / Cyber Warfare

The U.S. government has issued a warning regarding possible cyber attacks from pro-Iranian groups in response to airstrikes on Iranian nuclear facilities, a key development in the ongoing Iran–Israel conflict that began on June 13, 2025. The Department of Homeland Security (DHS) highlighted a “heightened threat environment,” indicating that cyber actors are poised to target U.S. networks.

According to the DHS bulletin, “Low-level cyber attacks against U.S. networks by pro-Iranian hacktivists are likely, and actors linked to the Iranian government may also initiate attacks.” The department emphasized that both hacktivists and Iranian state-affiliated actors frequently exploit inadequately secured U.S. networks and internet-connected devices for disruptive cyber operations. This alert follows President Donald Trump’s announcement of U.S. military airstrikes on three Iranian nuclear sites at Fordo, Natanz, and…

DHS Issues Alert on Potential Cyber Threats from Pro-Iranian Hackers Following Military Strikes On June 23, 2025, the Department of Homeland Security (DHS) issued a warning regarding an increased risk of cyber-attacks from pro-Iranian hacker groups. This alert follows the recent military action taken by the United States, which involved…

Read More

DHS Issues Warning: Potential Cyber Attacks from Pro-Iranian Hackers Following U.S. Airstrikes on Iranian Nuclear Sites

June 23, 2025
Hacktivism / Cyber Warfare

The U.S. government has issued a warning regarding possible cyber attacks from pro-Iranian groups in response to airstrikes on Iranian nuclear facilities, a key development in the ongoing Iran–Israel conflict that began on June 13, 2025. The Department of Homeland Security (DHS) highlighted a “heightened threat environment,” indicating that cyber actors are poised to target U.S. networks.

According to the DHS bulletin, “Low-level cyber attacks against U.S. networks by pro-Iranian hacktivists are likely, and actors linked to the Iranian government may also initiate attacks.” The department emphasized that both hacktivists and Iranian state-affiliated actors frequently exploit inadequately secured U.S. networks and internet-connected devices for disruptive cyber operations. This alert follows President Donald Trump’s announcement of U.S. military airstrikes on three Iranian nuclear sites at Fordo, Natanz, and…