A notable breach has emerged from North Korea’s Kimsuky espionage group, with insiders leaking hundreds of gigabytes of sensitive internal files and tools to the public. This incident, which surfaced in early June 2025, reveals critical backdoors, phishing mechanisms, and reconnaissance strategies employed by the state-sponsored threat actor—marking an unusual…
Date: July 5, 2025
Category: Vulnerability / Botnet
Cybercriminals are exploiting exposed Java Debug Wire Protocol (JDWP) interfaces to gain code execution access and deploy cryptocurrency miners on compromised systems. According to Wiz researchers Yaara Shriki and Gili Tikochinski, “The attacker utilized a modified version of XMRig with a hard-coded configuration, allowing them to evade detection from suspicious command-line arguments that security measures often flag.” They added that the mining payload employed proxies to obscure the cryptocurrency wallet address, complicating investigations. The cloud security firm, recently acquired by Google Cloud, reported observing this activity on its honeypot servers running TeamCity, a well-known continuous integration and delivery (CI/CD) tool. JDWP, a debugging communication protocol for Java, enables users to manage Java applications in separate processes.
Alert: Exposed JDWP Interfaces Facilitate Cryptocurrency Mining Attacks; Hpingbot Targets SSH for DDoS July 5, 2025 In a troubling development within the cybersecurity landscape, threat actors are exploiting exposed Java Debug Wire Protocol (JDWP) interfaces to gain unauthorized code execution capabilities, subsequently deploying cryptocurrency miners on affected systems. Researchers from…
Date: July 5, 2025
Category: Vulnerability / Botnet
Cybercriminals are exploiting exposed Java Debug Wire Protocol (JDWP) interfaces to gain code execution access and deploy cryptocurrency miners on compromised systems. According to Wiz researchers Yaara Shriki and Gili Tikochinski, “The attacker utilized a modified version of XMRig with a hard-coded configuration, allowing them to evade detection from suspicious command-line arguments that security measures often flag.” They added that the mining payload employed proxies to obscure the cryptocurrency wallet address, complicating investigations. The cloud security firm, recently acquired by Google Cloud, reported observing this activity on its honeypot servers running TeamCity, a well-known continuous integration and delivery (CI/CD) tool. JDWP, a debugging communication protocol for Java, enables users to manage Java applications in separate processes.
Chinese Hackers Utilize CloudScout Toolset to Harvest Session Cookies from Cloud Services
Oct 28, 2024
Cloud Security / Cyber Attack
A Taiwan-based government entity and a religious organization have fallen victim to the China-linked threat actor known as Evasive Panda. This group employed an undocumented post-compromise toolset called CloudScout. According to ESET security researcher Anh Ho, “The CloudScout toolset can extract data from various cloud services by exploiting stolen web session cookies.” Integrated through a plugin, CloudScout operates in conjunction with MgBot, Evasive Panda’s primary malware framework. The .NET-based malware was detected between May 2022 and February 2023 and comprises 10 C# modules, three of which are specifically designed to steal data from Google Drive, Gmail, and Outlook, while the functions of the remaining modules are still unknown. Evasive Panda, also referred to as Bronze Highland, Daggerfly, and StormBamboo, is a cyber espionage group with a history of targeting various entities.
Chinese Hackers Exploit CloudScout Toolset to Steal Session Cookies from Cloud Services On October 28, 2024, reports surfaced highlighting the cyber operations of a China-linked threat actor known as Evasive Panda. This group targeted a governmental entity and a religious organization in Taiwan, deploying a previously undocumented post-compromise toolset identified…
Chinese Hackers Utilize CloudScout Toolset to Harvest Session Cookies from Cloud Services
Oct 28, 2024
Cloud Security / Cyber Attack
A Taiwan-based government entity and a religious organization have fallen victim to the China-linked threat actor known as Evasive Panda. This group employed an undocumented post-compromise toolset called CloudScout. According to ESET security researcher Anh Ho, “The CloudScout toolset can extract data from various cloud services by exploiting stolen web session cookies.” Integrated through a plugin, CloudScout operates in conjunction with MgBot, Evasive Panda’s primary malware framework. The .NET-based malware was detected between May 2022 and February 2023 and comprises 10 C# modules, three of which are specifically designed to steal data from Google Drive, Gmail, and Outlook, while the functions of the remaining modules are still unknown. Evasive Panda, also referred to as Bronze Highland, Daggerfly, and StormBamboo, is a cyber espionage group with a history of targeting various entities.
A series of previously unreported break-ins at Tennessee National Guard armories last fall highlights escalating security vulnerabilities across U.S. military facilities, igniting serious concerns over the susceptibility of these sites to theft and unauthorized access. Confidential information obtained from the Tennessee Fusion Center reveals that four break-ins occurred at various…
Data Privacy, Data Security, Fraud Management & Cybercrime More Than 918,000 Individuals Impacted by 2024 BianLian Data Theft Incident Marianne Kolbasuk McGee (HealthInfoSec) • August 11, 2025 Boston Children’s Health Physicians and its vendor ATSG have reached a settlement in a class action lawsuit linked to a data breach in…
Date: July 7, 2025
Categories: IoT Security / Cyber Resilience
The recent breach by Iranian hackers at U.S. water facilities serves as a stark reminder of the vulnerabilities lurking within our systems. Though they only accessed a single pressure station serving 7,000 residents, their method was alarmingly simple: they exploited the factory-set password “1111.” This incident highlights a pressing issue that the Cybersecurity and Infrastructure Security Agency (CISA) has been vocal about— the urgent need for manufacturers to eliminate default credentials, which have consistently proven to be a major security flaw.
As we await improved security protocols from manufacturers, the onus is on IT teams to take action. Whether overseeing critical infrastructure or standard business networks, allowing unchanged default passwords creates an open invitation for cyber attackers. This article explores why default passwords remain widespread, the business and technical implications they carry, and the steps manufacturers must take to enhance security measures.
Manufacturing Security: The Necessity of Eliminating Default Passwords On July 7, 2025, the cybersecurity landscape faced renewed scrutiny following a breach at U.S. water facilities orchestrated by Iranian hackers. While the attack resulted in the hackers gaining control over a single pressure station servicing approximately 7,000 individuals, it highlighted a…
Date: July 7, 2025
Categories: IoT Security / Cyber Resilience
The recent breach by Iranian hackers at U.S. water facilities serves as a stark reminder of the vulnerabilities lurking within our systems. Though they only accessed a single pressure station serving 7,000 residents, their method was alarmingly simple: they exploited the factory-set password “1111.” This incident highlights a pressing issue that the Cybersecurity and Infrastructure Security Agency (CISA) has been vocal about— the urgent need for manufacturers to eliminate default credentials, which have consistently proven to be a major security flaw.
As we await improved security protocols from manufacturers, the onus is on IT teams to take action. Whether overseeing critical infrastructure or standard business networks, allowing unchanged default passwords creates an open invitation for cyber attackers. This article explores why default passwords remain widespread, the business and technical implications they carry, and the steps manufacturers must take to enhance security measures.
Title: Navigating the AT&T Data Breach Settlement: What Business Owners Need to Know In recent developments, AT&T has reached a landmark settlement of $177 million related to a significant data breach that exposed sensitive customer information. This breach, which primarily affected customers who had entrusted their data to AT&T, underscores…
CISA Adds Four High-Risk Vulnerabilities to KEV Catalog Amid Ongoing Exploitation
July 8, 2025
Cyber Attacks / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included four critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The identified vulnerabilities are as follows:
CISA Expands KEV Catalog with Four Newly Identified Vulnerabilities Amid Active Exploitation On July 8, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of four critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This update comes in response to new evidence indicating that these vulnerabilities…
CISA Adds Four High-Risk Vulnerabilities to KEV Catalog Amid Ongoing Exploitation
July 8, 2025
Cyber Attacks / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included four critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The identified vulnerabilities are as follows:
Oct 30, 2024
Ransomware / Threat Intelligence
Threat actors associated with North Korea have been linked to a recent cyber incident involving the notorious Play ransomware, highlighting their financial motives. This activity, which took place between May and September 2024, is connected to a group known as Jumpy Pisces, also referred to as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (previously Plutonium), Operation Troy, Silent Chollima, and Stonefly. According to a new report from Palo Alto Networks’ Unit 42, “We have moderate confidence that Jumpy Pisces, or a segment of this group, is now collaborating with the Play ransomware collective.” This incident is particularly significant as it represents the first documented partnership between the Jumpy Pisces North Korean state-sponsored group and an underground ransomware operation. Active since at least 2009, Andariel is associated with North Korea’s Reconnaissance General Bureau (RGB) and has a history of deploying various cyber tactics.
Significant Cyber Attack Involves North Korean Collaboration with Play Ransomware Group October 30, 2024 In a notable development in the realm of cybersecurity, threat actors associated with North Korea have been identified as key players in a recent attack utilizing the Play ransomware variant. This collaboration highlights the increasing intersection…
Oct 30, 2024
Ransomware / Threat Intelligence
Threat actors associated with North Korea have been linked to a recent cyber incident involving the notorious Play ransomware, highlighting their financial motives. This activity, which took place between May and September 2024, is connected to a group known as Jumpy Pisces, also referred to as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (previously Plutonium), Operation Troy, Silent Chollima, and Stonefly. According to a new report from Palo Alto Networks’ Unit 42, “We have moderate confidence that Jumpy Pisces, or a segment of this group, is now collaborating with the Play ransomware collective.” This incident is particularly significant as it represents the first documented partnership between the Jumpy Pisces North Korean state-sponsored group and an underground ransomware operation. Active since at least 2009, Andariel is associated with North Korea’s Reconnaissance General Bureau (RGB) and has a history of deploying various cyber tactics.