Data Privacy, Data Security, Healthcare Nuance Reaches Settlement Amid Ongoing MOVEit Litigation Marianne Kolbasuk McGee (HealthInfoSec) • August 21, 2025 Image: Nuance, Progress Software Nuance Communications, a subsidiary of Microsoft, has consented to pay $8.5 million to resolve a class action lawsuit stemming from a 2023 cyberattack that exploited a…
May 08, 2025
Malware / Cyber Espionage
The nation-state threat group MirrorFace has been detected deploying malware named ROAMINGMOUSE in a cyber espionage operation aimed at government agencies and public institutions in Japan and Taiwan. This activity, identified by Trend Micro in March 2025, involved the use of spear-phishing tactics to deliver an upgraded version of a backdoor known as ANEL. “The ANEL file from the 2025 campaign introduced a new command for executing BOF (Beacon Object File) in memory,” noted security researcher Hara Hiroaki. “Additionally, this campaign may have utilized SharpHide to initiate the second-stage backdoor, NOOPDOOR.” MirrorFace, also identified as Earth Kasha, is believed to be a subgroup of APT10. In March 2025, ESET detailed a campaign named Operation AkaiRyū, which targeted a diplomatic organization within the European Union in August 2024 using the ANEL malware (also referred to as UPPERCUT).
MirrorFace Cyber Espionage Campaign Targets Government Entities in Japan and Taiwan May 8, 2025 – In a concerning trend in cyber warfare, the nation-state threat actor known as MirrorFace has been detected deploying a sophisticated malware variant named ROAMINGMOUSE. This campaign appears to be primarily focused on government bodies and…
May 08, 2025
Malware / Cyber Espionage
The nation-state threat group MirrorFace has been detected deploying malware named ROAMINGMOUSE in a cyber espionage operation aimed at government agencies and public institutions in Japan and Taiwan. This activity, identified by Trend Micro in March 2025, involved the use of spear-phishing tactics to deliver an upgraded version of a backdoor known as ANEL. “The ANEL file from the 2025 campaign introduced a new command for executing BOF (Beacon Object File) in memory,” noted security researcher Hara Hiroaki. “Additionally, this campaign may have utilized SharpHide to initiate the second-stage backdoor, NOOPDOOR.” MirrorFace, also identified as Earth Kasha, is believed to be a subgroup of APT10. In March 2025, ESET detailed a campaign named Operation AkaiRyū, which targeted a diplomatic organization within the European Union in August 2024 using the ANEL malware (also referred to as UPPERCUT).
Last updated: August 22, 2025 Recent health data breaches across the Asia-Pacific (APAC) region have led to stricter security regulations and enhanced enforcement measures. Organizations are now faced with the imperative to improve compliance protocols, implement comprehensive cybersecurity training for employees, and reinforce their strategies for responding to breaches. Filed…
Cyclops Ransomware Group Unveils Go-Based Info Stealer for Cybercriminals
Threat actors associated with the Cyclops ransomware have been identified promoting malware designed to steal sensitive information from compromised systems. According to a recent report by Uptycs, the group markets its offerings on forums, seeking a share of profits from those using its tools for malicious activities. Cyclops ransomware is particularly notable for its ability to target major desktop operating systems, including Windows, macOS, and Linux, while also terminating any processes that might hinder encryption. The macOS and Linux versions are developed in Golang, utilizing a sophisticated encryption method that combines both asymmetric and symmetric techniques. The Go-based info stealer targets Windows and Linux systems, gathering critical data such as operating system details, computer name, and other specifications.
Cyclops Ransomware Group Introduces Go-Based Info Stealer for Cybercriminals June 6, 2023 In recent developments within the cybercrime ecosystem, the Cyclops ransomware group has begun marketing a new variant of information-stealing malware, specifically designed to harvest sensitive data from compromised systems. According to a report from Uptycs, this threat actor…
Cyclops Ransomware Group Unveils Go-Based Info Stealer for Cybercriminals
Threat actors associated with the Cyclops ransomware have been identified promoting malware designed to steal sensitive information from compromised systems. According to a recent report by Uptycs, the group markets its offerings on forums, seeking a share of profits from those using its tools for malicious activities. Cyclops ransomware is particularly notable for its ability to target major desktop operating systems, including Windows, macOS, and Linux, while also terminating any processes that might hinder encryption. The macOS and Linux versions are developed in Golang, utilizing a sophisticated encryption method that combines both asymmetric and symmetric techniques. The Go-based info stealer targets Windows and Linux systems, gathering critical data such as operating system details, computer name, and other specifications.
Endpoint Security, Video CEO Amir Ben-Efraim: Acquisition Incorporates AI-Driven File Sanitization into Browser Tools Michael Novinson (MichaelNovinson) • August 21, 2025 Amir Ben-Efraim, co-founder and CEO, Menlo Security (Image: Menlo Security) Menlo Security has fortified its cybersecurity framework by acquiring Votiro, a move that addresses critical challenges concerning file sanitization…
TPG Telecom Suffers Cyberattack: Sensitive Data Compromised TPG Telecom, one of Australia’s leading telecommunications companies, has disclosed a cybersecurity incident it referred to as a “limited” attack. However, the scope of the data breach suggests otherwise, as it has resulted in the unauthorized access and theft of a significant amount…
On June 11, 2025, Microsoft unveiled patches for 67 security vulnerabilities, among which is a zero-day flaw in Web Distributed Authoring and Versioning (WebDAV) that has been actively exploited. Of these vulnerabilities, 11 are classified as Critical, while 56 are deemed Important. The update addresses 26 remote code execution issues, 17 information disclosure vulnerabilities, and 14 privilege escalation risks. Additionally, the patches follow the resolution of 13 vulnerabilities in the Chromium-based Edge browser since last month’s Patch Tuesday. The zero-day exploit, designated CVE-2025-33053 (CVSS score: 8.8), allows remote code execution through deceptive URLs. Microsoft credited Check Point researchers Alexandra Gofman and David Driker for identifying and reporting this critical vulnerability. Notably, CVE-2025-33053 marks the first zero-day vulnerability…
Microsoft Addresses 67 Security Vulnerabilities, Including Actively Exploited WebDAV Zero-Day On June 11, 2025, Microsoft announced a significant security update aimed at patching 67 identified vulnerabilities, among which is a concerning zero-day exploit related to Web Distributed Authoring and Versioning (WebDAV). This specific vulnerability has been reportedly exploited in the…
On June 11, 2025, Microsoft unveiled patches for 67 security vulnerabilities, among which is a zero-day flaw in Web Distributed Authoring and Versioning (WebDAV) that has been actively exploited. Of these vulnerabilities, 11 are classified as Critical, while 56 are deemed Important. The update addresses 26 remote code execution issues, 17 information disclosure vulnerabilities, and 14 privilege escalation risks. Additionally, the patches follow the resolution of 13 vulnerabilities in the Chromium-based Edge browser since last month’s Patch Tuesday. The zero-day exploit, designated CVE-2025-33053 (CVSS score: 8.8), allows remote code execution through deceptive URLs. Microsoft credited Check Point researchers Alexandra Gofman and David Driker for identifying and reporting this critical vulnerability. Notably, CVE-2025-33053 marks the first zero-day vulnerability…
Jun 08, 2023
Ransomware / Zero-Day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about the ongoing exploitation of a newly identified critical flaw in Progress Software’s MOVEit Transfer application, which is being used to deploy ransomware. “The Cl0p Ransomware Group, also known as TA505, reportedly began taking advantage of an undisclosed SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) solution,” the agencies noted. “Internet-facing MOVEit Transfer web applications were compromised with a web shell called LEMURLOOT, which was then utilized to extract data from the underlying databases.” This notorious cybercrime group has also issued a deadline to several affected organizations, demanding contact by June 14, 2023, or they risk having their stolen information disclosed. Microsoft is monitoring this activity under the name Lace Tempest (also known as Storm).
Clop Ransomware Group Likely Aware of MOVEit Transfer Vulnerability Since 2021 In a concerning development for organizations utilizing Progress Software’s MOVEit Transfer application, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint advisory highlighting the active exploitation of a newly…
Jun 08, 2023
Ransomware / Zero-Day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about the ongoing exploitation of a newly identified critical flaw in Progress Software’s MOVEit Transfer application, which is being used to deploy ransomware. “The Cl0p Ransomware Group, also known as TA505, reportedly began taking advantage of an undisclosed SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) solution,” the agencies noted. “Internet-facing MOVEit Transfer web applications were compromised with a web shell called LEMURLOOT, which was then utilized to extract data from the underlying databases.” This notorious cybercrime group has also issued a deadline to several affected organizations, demanding contact by June 14, 2023, or they risk having their stolen information disclosed. Microsoft is monitoring this activity under the name Lace Tempest (also known as Storm).
Artificial Intelligence and Cybersecurity: Copilot Vulnerability Exposed By Pooja Tikekar August 21, 2025 In a recent development, Microsoft has discreetly addressed a vulnerability in its Copilot AI, which allowed users to manipulate access logs concerning corporate files. As the company intensifies its integration of this large language model into its…
