The Breach News

Blind Eagle Exploits Proton66 Hosting for Phishing and RAT Operations Targeting Colombian Banks

June 30, 2025
Cybercrime / Vulnerability

The cybercriminal group known as Blind Eagle has been definitively linked to the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs reported last week that they established this connection through digital assets associated with Proton66, unveiling an active threat cluster that utilizes Visual Basic Script (VBS) files as its entry point and deploys ready-made remote access trojans (RATs). While VBS may appear outdated, it remains a favored choice among threat actors. They often utilize bulletproof hosting providers like Proton66, which disregard abuse reports and legal requests for takedowns. This tolerance allows attackers to operate phishing websites, command-and-control servers, and malware delivery systems seamlessly. Trustwave identified a series of domains with similar naming conventions (e.g., gfast.duckdns[.]org, njfast.duckdns[.]org) starting in…

Blind Eagle Exploits Proton66 Hosting for Cyber Attacks on Colombian Banks June 30, 2025 Cybersecurity Update A recent report by Trustwave SpiderLabs has traced the activities of the cyber threat group known as Blind Eagle, attributing their operations with high confidence to the Russian hosting service Proton66. This analysis arose…

Read More

Blind Eagle Exploits Proton66 Hosting for Phishing and RAT Operations Targeting Colombian Banks

June 30, 2025
Cybercrime / Vulnerability

The cybercriminal group known as Blind Eagle has been definitively linked to the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs reported last week that they established this connection through digital assets associated with Proton66, unveiling an active threat cluster that utilizes Visual Basic Script (VBS) files as its entry point and deploys ready-made remote access trojans (RATs). While VBS may appear outdated, it remains a favored choice among threat actors. They often utilize bulletproof hosting providers like Proton66, which disregard abuse reports and legal requests for takedowns. This tolerance allows attackers to operate phishing websites, command-and-control servers, and malware delivery systems seamlessly. Trustwave identified a series of domains with similar naming conventions (e.g., gfast.duckdns[.]org, njfast.duckdns[.]org) starting in…

Astaroth Banking Malware Emerges in Brazil Through Targeted Spear-Phishing Campaign

On October 16, 2024, Cyber Attack / Banking Trojan

A new spear-phishing initiative in Brazil has been discovered, spreading the banking malware Astaroth (also known as Guildma) through obfuscated JavaScript to evade security measures. According to Trend Micro’s recent analysis, this campaign has particularly affected various sectors, including manufacturing, retail, and government agencies. Malicious emails often disguise themselves as official tax documents, exploiting the urgency of personal income tax submissions to lure victims into downloading the malware. Trend Micro is monitoring this cluster of threat activity under the name Water Makara. Additionally, Google’s Threat Analysis Group (TAG) has identified a similar campaign, dubbed PINEAPPLE, that also targets Brazilian users with the same malware. Both operations begin with phishing messages masquerading as communications from official entities.

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack On October 16, 2024, reports surfaced detailing a resurgence of the Astaroth banking malware, also known as Guildma, targeting Brazilian entities through a sophisticated spear-phishing campaign. The ongoing threat involves the use of obfuscated JavaScript to bypass traditional security measures, allowing…

Read More

Astaroth Banking Malware Emerges in Brazil Through Targeted Spear-Phishing Campaign

On October 16, 2024, Cyber Attack / Banking Trojan

A new spear-phishing initiative in Brazil has been discovered, spreading the banking malware Astaroth (also known as Guildma) through obfuscated JavaScript to evade security measures. According to Trend Micro’s recent analysis, this campaign has particularly affected various sectors, including manufacturing, retail, and government agencies. Malicious emails often disguise themselves as official tax documents, exploiting the urgency of personal income tax submissions to lure victims into downloading the malware. Trend Micro is monitoring this cluster of threat activity under the name Water Makara. Additionally, Google’s Threat Analysis Group (TAG) has identified a similar campaign, dubbed PINEAPPLE, that also targets Brazilian users with the same malware. Both operations begin with phishing messages masquerading as communications from official entities.

The First Major Federal Cybersecurity Crisis of Trump 2.0 Has Hit

The second Trump administration faces its first major incident in federal cybersecurity. A recent breach of the U.S. federal judiciary’s electronic case filing system, uncovered around July 4, has forced several courts to revert to backup paper-filing procedures. The hack compromised sealed court records and may have endangered the identities…

Read MoreThe First Major Federal Cybersecurity Crisis of Trump 2.0 Has Hit

Feds Release Additional HIPAA Guidelines to Enhance Patient Access

Data Governance, Data Security, Healthcare HHS Releases New Guidance to Support Interoperability Initiative ‘Make Health IT Great Again’ Marianne Kolbasuk McGee (HealthInfoSec) • August 13, 2025 Image: Getty Images Millions of patients across the United States may be unaware of their rights under HIPAA regarding access to medical records. As…

Read MoreFeds Release Additional HIPAA Guidelines to Enhance Patient Access

INTERPOL Takes Down Over 20,000 Malicious IPs Tied to 69 Malware Variants in Operation Secure

On June 11, 2025, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains associated with 69 information-stealing malware variants. Conducted between January and April 2025, the operation—codename Operation Secure—was a collaborative effort involving law enforcement agencies from 26 countries. This initiative focused on identifying servers, mapping physical networks, and executing targeted takedowns.

According to INTERPOL, these coordinated actions led to the removal of 79% of the suspicious IP addresses identified. Participating countries reported seizing 41 servers, recovering over 100 GB of data, and arresting 32 individuals linked to illegal cyber activities. Vietnamese authorities alone apprehended 18 suspects, confiscating various devices, SIM cards, registration documents, and $11,500 in cash. Additional house raids in Sri Lanka resulted in the arrest of 12 more individuals, with two suspects apprehended in Nauru. The Hong Kong Police also played a crucial role in the operation, as stated by INTERPOL.

INTERPOL Disrupts Over 20,000 Malicious IP Addresses in Operation Secure On June 11, 2025, INTERPOL announced a significant crackdown on cybercrime, revealing the dismantling of more than 20,000 malicious IP addresses linked to 69 variants of information-stealing malware. The initiative, termed Operation Secure, involved a coordinated effort from law enforcement…

Read More

INTERPOL Takes Down Over 20,000 Malicious IPs Tied to 69 Malware Variants in Operation Secure

On June 11, 2025, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains associated with 69 information-stealing malware variants. Conducted between January and April 2025, the operation—codename Operation Secure—was a collaborative effort involving law enforcement agencies from 26 countries. This initiative focused on identifying servers, mapping physical networks, and executing targeted takedowns.

According to INTERPOL, these coordinated actions led to the removal of 79% of the suspicious IP addresses identified. Participating countries reported seizing 41 servers, recovering over 100 GB of data, and arresting 32 individuals linked to illegal cyber activities. Vietnamese authorities alone apprehended 18 suspects, confiscating various devices, SIM cards, registration documents, and $11,500 in cash. Additional house raids in Sri Lanka resulted in the arrest of 12 more individuals, with two suspects apprehended in Nauru. The Hong Kong Police also played a crucial role in the operation, as stated by INTERPOL.

Ohio Man Loses $583 in Smoothie King Data Breach: Tips for Protecting Yourself – WRAL.com

Data Breach at Smoothie King Results in Significant Loss for Ohio Man In a recent incident highlighting the vulnerabilities in the digital security of businesses, an Ohio man has reported a loss of $583 due to a data breach involving his Smoothie King account. This incident underscores the importance of…

Read MoreOhio Man Loses $583 in Smoothie King Data Breach: Tips for Protecting Yourself – WRAL.com

Urgent Security Update: Chrome Zero-Day CVE-2025-6554 Targeted by Active Attacks

Jul 01, 2025
Vulnerability / Browser Security

Google has issued a critical security update to address a zero-day vulnerability in its Chrome browser, currently being exploited in the wild. The flaw, identified as CVE-2025-6554, has a CVSS score of 8.1 and is classified as a type confusion issue within the V8 JavaScript and WebAssembly engine. According to the National Institute of Standards and Technology (NIST), “Type confusion in V8 in Google Chrome prior to version 138.0.7204.96 allowed remote attackers to perform arbitrary read/write operations through a specially crafted HTML page.” This type of vulnerability poses significant risks, potentially enabling attackers to execute arbitrary code, crash systems, or install malicious software. Zero-day vulnerabilities are particularly alarming, as they are often exploited by attackers before a patch is available, leading to possible spyware installations, drive-by downloads, or other harmful actions simply through user interactions.

Google Addresses Active Chrome Zero-Day Vulnerability CVE-2025-6554 With Security Update On July 1, 2025, Google announced critical security updates for its Chrome browser, designed to remedy a zero-day vulnerability labeled CVE-2025-6554. This flaw, currently being exploited in the wild, has received a CVSS score of 8.1, indicating its severity. Classified…

Read More

Urgent Security Update: Chrome Zero-Day CVE-2025-6554 Targeted by Active Attacks

Jul 01, 2025
Vulnerability / Browser Security

Google has issued a critical security update to address a zero-day vulnerability in its Chrome browser, currently being exploited in the wild. The flaw, identified as CVE-2025-6554, has a CVSS score of 8.1 and is classified as a type confusion issue within the V8 JavaScript and WebAssembly engine. According to the National Institute of Standards and Technology (NIST), “Type confusion in V8 in Google Chrome prior to version 138.0.7204.96 allowed remote attackers to perform arbitrary read/write operations through a specially crafted HTML page.” This type of vulnerability poses significant risks, potentially enabling attackers to execute arbitrary code, crash systems, or install malicious software. Zero-day vulnerabilities are particularly alarming, as they are often exploited by attackers before a patch is available, leading to possible spyware installations, drive-by downloads, or other harmful actions simply through user interactions.

SideWinder APT Launches Covert Multi-Stage Assault on Middle East and Africa

October 17, 2024
Malware / Cyber Espionage

An advanced persistent threat (APT) known as SideWinder, with suspected links to India, has initiated a wave of attacks targeting high-profile organizations and critical infrastructure in the Middle East and Africa. This group, also referred to as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04, may initially appear low-skilled due to its reliance on publicly available exploits, malicious LNK files, scripts, and common remote access tools (RATs). However, Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov suggest that their true capabilities become evident upon closer examination of their operational tactics. The group’s targets include government and military sectors, logistics, telecommunications, financial institutions, universities, and oil trading firms in countries such as Bangladesh, Djibouti, Jordan, and Malaysia.

SideWinder APT Targets Middle East and Africa in Cohesive Multi-Stage Attacks October 17, 2024 Recent reports indicate that an advanced persistent threat (APT) group, identified as SideWinder, is actively executing a series of sophisticated cyberattacks against notable infrastructures and organizations in the Middle East and Africa. This group, also referred…

Read More

SideWinder APT Launches Covert Multi-Stage Assault on Middle East and Africa

October 17, 2024
Malware / Cyber Espionage

An advanced persistent threat (APT) known as SideWinder, with suspected links to India, has initiated a wave of attacks targeting high-profile organizations and critical infrastructure in the Middle East and Africa. This group, also referred to as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04, may initially appear low-skilled due to its reliance on publicly available exploits, malicious LNK files, scripts, and common remote access tools (RATs). However, Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov suggest that their true capabilities become evident upon closer examination of their operational tactics. The group’s targets include government and military sectors, logistics, telecommunications, financial institutions, universities, and oil trading firms in countries such as Bangladesh, Djibouti, Jordan, and Malaysia.

Nuclear Experts Warn: The Integration of AI with Nuclear Weapons Is Inevitable

Experts in the field of nuclear warfare are increasingly convinced that artificial intelligence will soon play a crucial role in the management and potential deployment of lethal weapons. However, there remains significant uncertainty regarding the specific implications of this integration. In mid-July, Nobel laureates convened at the University of Chicago…

Read MoreNuclear Experts Warn: The Integration of AI with Nuclear Weapons Is Inevitable