The infamous INC Ransomware group has asserted responsibility for a significant data breach involving Dollar Tree, a prominent American retail chain recognized for offering products primarily at $1.25 or lower. Despite its budget-friendly pricing strategy, Dollar Tree ranks among Fortune 500 companies, reporting revenues of $17.58 billion for the fiscal…
Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Senator Maintains Hold on Trump’s CISA Nominee Amid Report Delays Chris Riotta (@chrisriotta)• July 30, 2025 Image: Adam McCullough/Shutterstock The U.S. Cybersecurity and Infrastructure Security Agency (CISA) plans to release a previously withheld report addressing vulnerabilities in telecom infrastructure.…
Recent findings indicate that British organizations employing artificial intelligence (AI) in their cybersecurity frameworks are witnessing significant reductions in data breach costs, with savings amounting to hundreds of thousands of pounds. This assertion is supported by the UK-specific segment of IBM’s Cost of a Data Breach Report, which was released…
Hackers Exploit 70+ Microsoft Exchange Servers to Deploy Keyloggers for Credential Theft
June 24, 2025
Vulnerability / Malware
Unidentified threat actors have been targeting publicly exposed Microsoft Exchange servers to inject malicious code into login pages for credential harvesting. A recent analysis by Positive Technologies revealed two types of JavaScript keyloggers on the Outlook login page: one that saves captured data to a locally accessible file and another that transmits it directly to an external server. The Russian cybersecurity firm reported that these attacks affected 65 victims across 26 countries and continue a campaign first noted in May 2024, which targeted organizations in Africa and the Middle East. Initial findings indicated at least 30 victims among government agencies, banks, IT firms, and educational institutions, with evidence of compromises dating back to 2021. The attack chains exploit known vulnerabilities in Microsoft systems.
Cybersecurity Alert: Hackers Compromise Over 70 Microsoft Exchange Servers to Capture Credentials Date: June 24, 2025 In a concerning development for organizations reliant on Microsoft Exchange, unidentified threat actors have been targeting publicly accessible servers to deploy malicious code on login pages designed to capture user credentials. A recent analysis…
Hackers Exploit 70+ Microsoft Exchange Servers to Deploy Keyloggers for Credential Theft
June 24, 2025
Vulnerability / Malware
Unidentified threat actors have been targeting publicly exposed Microsoft Exchange servers to inject malicious code into login pages for credential harvesting. A recent analysis by Positive Technologies revealed two types of JavaScript keyloggers on the Outlook login page: one that saves captured data to a locally accessible file and another that transmits it directly to an external server. The Russian cybersecurity firm reported that these attacks affected 65 victims across 26 countries and continue a campaign first noted in May 2024, which targeted organizations in Africa and the Middle East. Initial findings indicated at least 30 victims among government agencies, banks, IT firms, and educational institutions, with evidence of compromises dating back to 2021. The attack chains exploit known vulnerabilities in Microsoft systems.
Exploitation of Command Line Vulnerability in Gemini CLI Raises Alarm for Users In a recent cybersecurity incident, researcher Cox has identified a significant vulnerability in the Gemini Command Line Interface (CLI). The exploit allows malicious commands to execute without sufficient oversight following a ‘grep’ command, which compromises user security and…
Finance & Banking , Industry Specific , Security Operations New Malware Targets Brazilian Financial Sector Using Microsoft UI Automation Rashmi Ramesh (rashmiramesh_) • July 29, 2025 Image: Shutterstock/ISMG A newly identified variant of the Coyote banking Trojan has emerged as the first malware to utilize Microsoft’s UI Automation…
Data Breach in Women’s Safety App Sparks Cybersecurity Concerns In a troubling turn of events, the women-only dating safety app known as Tea has experienced significant security breaches that have exposed sensitive user data. Initially conceived as a platform for women to anonymously share reviews and warnings about potential partners,…
Jun 26, 2025
Threat Intelligence / Ransomware
Cybersecurity experts are highlighting a wave of cyberattacks aimed at financial institutions across Africa, dating back to at least July 2023. These attacks leverage a combination of open-source and publicly available tools to sustain access. Researchers from Palo Alto Networks’ Unit 42 are monitoring this activity under the label CL-CRI-1014, where “CL” stands for “cluster” and “CRI” signifies “criminal motivation.” The primary objective appears to be gaining initial access to systems, which is then sold to other criminal actors in underground forums, effectively turning the threat actor into an initial access broker (IAB). “The threat actor mimics signatures from legitimate applications to create forged file signatures, camouflaging their toolset and concealing malicious activities,” noted researchers Tom Fakterman and Guy Levi. “Threat actors frequently spoof legitimate products for illicit purposes.” The attacks are marked by the use of tools such as PoshC2 and others.
Cyber Criminals Utilize Open-Source Tools to Target African Financial Institutions June 26, 2025 Threat Intelligence / Ransomware Recent investigations have revealed a troubling trend of cyber attacks aimed at financial institutions across Africa, with reports indicating that this wave of attacks began as early as July 2023. Cybersecurity experts at…
Jun 26, 2025
Threat Intelligence / Ransomware
Cybersecurity experts are highlighting a wave of cyberattacks aimed at financial institutions across Africa, dating back to at least July 2023. These attacks leverage a combination of open-source and publicly available tools to sustain access. Researchers from Palo Alto Networks’ Unit 42 are monitoring this activity under the label CL-CRI-1014, where “CL” stands for “cluster” and “CRI” signifies “criminal motivation.” The primary objective appears to be gaining initial access to systems, which is then sold to other criminal actors in underground forums, effectively turning the threat actor into an initial access broker (IAB). “The threat actor mimics signatures from legitimate applications to create forged file signatures, camouflaging their toolset and concealing malicious activities,” noted researchers Tom Fakterman and Guy Levi. “Threat actors frequently spoof legitimate products for illicit purposes.” The attacks are marked by the use of tools such as PoshC2 and others.
3rd Party Risk Management, Data Breach Notification, Data Security More Than 410,000 Patients Reported Affected, Likely More to Come Marianne Kolbasuk McGee (HealthInfoSec) • July 29, 2025 Image: Oracle Following revelations of a hacking incident earlier this year that compromised legacy patient data from Cerner electronic health record (EHR) servers,…
