Norwegian authorities have attributed a recent cyber intrusion at a dam in Bremanger to pro-Russian hackers, who exploited a weak password to gain access and opened a water valve for four hours. Officials describe this incident as part of a broader hybrid warfare strategy directed at Europe. Confirming the breach,…
Read more on Blockchain & Cryptocurrency, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Breaking: Trump Signs Pro-Crypto Executive Order, Credix Disappears Post $4.5M Hack Written by Rashmi Ramesh (@rashmiramesh_) • August 14, 2025 Read more Image: Shutterstock This week’s cybersecurity roundup by Information Security Media Group highlights significant incidents in…
June 9, 2025
Cybersecurity / Hacking News
Every security alert unveils a deeper narrative. It could indicate a system under scrutiny or reveal a gradual erosion of trust—manifesting through delayed responses, unusual activities, or unnoticed control gaps. This week, we dive deeper to uncover what’s truly significant. Whether it stems from flawed design, concealed access, or unintentional misuse, understanding where to direct your focus is crucial. For those tasked with safeguarding systems, data, or individuals, these updates are not just important—they’re vital. These insights illuminate the mindset of attackers and identify areas where vulnerabilities remain.
Google Issues Critical Patches for Actively Exploited Chrome 0-Day
Google has rolled out updates for Chrome versions 137.0.7151.68/.69 on Windows and macOS, and 137.0.7151.68 for Linux, addressing a critical out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine known to be actively exploited. The company acknowledged the contributions of security researchers Clement Lecigne and Benoît Sevens from Google T…
Weekly Cybersecurity Report: Chrome Exploit, Data Destruction Tools, and Zero-Click iPhone Breaches On June 9, 2025, significant developments in cybersecurity have come to light, shedding light on the evolving landscape of digital threats. At the core of these events is the ongoing battle for system integrity and public trust. This…
June 9, 2025
Cybersecurity / Hacking News
Every security alert unveils a deeper narrative. It could indicate a system under scrutiny or reveal a gradual erosion of trust—manifesting through delayed responses, unusual activities, or unnoticed control gaps. This week, we dive deeper to uncover what’s truly significant. Whether it stems from flawed design, concealed access, or unintentional misuse, understanding where to direct your focus is crucial. For those tasked with safeguarding systems, data, or individuals, these updates are not just important—they’re vital. These insights illuminate the mindset of attackers and identify areas where vulnerabilities remain.
Google Issues Critical Patches for Actively Exploited Chrome 0-Day
Google has rolled out updates for Chrome versions 137.0.7151.68/.69 on Windows and macOS, and 137.0.7151.68 for Linux, addressing a critical out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine known to be actively exploited. The company acknowledged the contributions of security researchers Clement Lecigne and Benoît Sevens from Google T…
Italy’s digital agency, AGID, has confirmed the authenticity of claims made by a cybercriminal known as mydocs, regarding a series of data breaches that have compromised several hotels across the nation. The attacker alleges to have infiltrated the booking systems of various Italian hotels, capturing sensitive identification documents from thousands…
June 30, 2025
Cybercrime / Vulnerability
The cybercriminal group known as Blind Eagle has been definitively linked to the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs reported last week that they established this connection through digital assets associated with Proton66, unveiling an active threat cluster that utilizes Visual Basic Script (VBS) files as its entry point and deploys ready-made remote access trojans (RATs). While VBS may appear outdated, it remains a favored choice among threat actors. They often utilize bulletproof hosting providers like Proton66, which disregard abuse reports and legal requests for takedowns. This tolerance allows attackers to operate phishing websites, command-and-control servers, and malware delivery systems seamlessly. Trustwave identified a series of domains with similar naming conventions (e.g., gfast.duckdns[.]org, njfast.duckdns[.]org) starting in…
Blind Eagle Exploits Proton66 Hosting for Cyber Attacks on Colombian Banks June 30, 2025 Cybersecurity Update A recent report by Trustwave SpiderLabs has traced the activities of the cyber threat group known as Blind Eagle, attributing their operations with high confidence to the Russian hosting service Proton66. This analysis arose…
June 30, 2025
Cybercrime / Vulnerability
The cybercriminal group known as Blind Eagle has been definitively linked to the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs reported last week that they established this connection through digital assets associated with Proton66, unveiling an active threat cluster that utilizes Visual Basic Script (VBS) files as its entry point and deploys ready-made remote access trojans (RATs). While VBS may appear outdated, it remains a favored choice among threat actors. They often utilize bulletproof hosting providers like Proton66, which disregard abuse reports and legal requests for takedowns. This tolerance allows attackers to operate phishing websites, command-and-control servers, and malware delivery systems seamlessly. Trustwave identified a series of domains with similar naming conventions (e.g., gfast.duckdns[.]org, njfast.duckdns[.]org) starting in…
On October 16, 2024, Cyber Attack / Banking Trojan
A new spear-phishing initiative in Brazil has been discovered, spreading the banking malware Astaroth (also known as Guildma) through obfuscated JavaScript to evade security measures. According to Trend Micro’s recent analysis, this campaign has particularly affected various sectors, including manufacturing, retail, and government agencies. Malicious emails often disguise themselves as official tax documents, exploiting the urgency of personal income tax submissions to lure victims into downloading the malware. Trend Micro is monitoring this cluster of threat activity under the name Water Makara. Additionally, Google’s Threat Analysis Group (TAG) has identified a similar campaign, dubbed PINEAPPLE, that also targets Brazilian users with the same malware. Both operations begin with phishing messages masquerading as communications from official entities.
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack On October 16, 2024, reports surfaced detailing a resurgence of the Astaroth banking malware, also known as Guildma, targeting Brazilian entities through a sophisticated spear-phishing campaign. The ongoing threat involves the use of obfuscated JavaScript to bypass traditional security measures, allowing…
On October 16, 2024, Cyber Attack / Banking Trojan
A new spear-phishing initiative in Brazil has been discovered, spreading the banking malware Astaroth (also known as Guildma) through obfuscated JavaScript to evade security measures. According to Trend Micro’s recent analysis, this campaign has particularly affected various sectors, including manufacturing, retail, and government agencies. Malicious emails often disguise themselves as official tax documents, exploiting the urgency of personal income tax submissions to lure victims into downloading the malware. Trend Micro is monitoring this cluster of threat activity under the name Water Makara. Additionally, Google’s Threat Analysis Group (TAG) has identified a similar campaign, dubbed PINEAPPLE, that also targets Brazilian users with the same malware. Both operations begin with phishing messages masquerading as communications from official entities.
The second Trump administration faces its first major incident in federal cybersecurity. A recent breach of the U.S. federal judiciary’s electronic case filing system, uncovered around July 4, has forced several courts to revert to backup paper-filing procedures. The hack compromised sealed court records and may have endangered the identities…
Data Governance, Data Security, Healthcare HHS Releases New Guidance to Support Interoperability Initiative ‘Make Health IT Great Again’ Marianne Kolbasuk McGee (HealthInfoSec) • August 13, 2025 Image: Getty Images Millions of patients across the United States may be unaware of their rights under HIPAA regarding access to medical records. As…
On June 11, 2025, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains associated with 69 information-stealing malware variants. Conducted between January and April 2025, the operation—codename Operation Secure—was a collaborative effort involving law enforcement agencies from 26 countries. This initiative focused on identifying servers, mapping physical networks, and executing targeted takedowns.
According to INTERPOL, these coordinated actions led to the removal of 79% of the suspicious IP addresses identified. Participating countries reported seizing 41 servers, recovering over 100 GB of data, and arresting 32 individuals linked to illegal cyber activities. Vietnamese authorities alone apprehended 18 suspects, confiscating various devices, SIM cards, registration documents, and $11,500 in cash. Additional house raids in Sri Lanka resulted in the arrest of 12 more individuals, with two suspects apprehended in Nauru. The Hong Kong Police also played a crucial role in the operation, as stated by INTERPOL.
INTERPOL Disrupts Over 20,000 Malicious IP Addresses in Operation Secure On June 11, 2025, INTERPOL announced a significant crackdown on cybercrime, revealing the dismantling of more than 20,000 malicious IP addresses linked to 69 variants of information-stealing malware. The initiative, termed Operation Secure, involved a coordinated effort from law enforcement…
On June 11, 2025, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains associated with 69 information-stealing malware variants. Conducted between January and April 2025, the operation—codename Operation Secure—was a collaborative effort involving law enforcement agencies from 26 countries. This initiative focused on identifying servers, mapping physical networks, and executing targeted takedowns.
According to INTERPOL, these coordinated actions led to the removal of 79% of the suspicious IP addresses identified. Participating countries reported seizing 41 servers, recovering over 100 GB of data, and arresting 32 individuals linked to illegal cyber activities. Vietnamese authorities alone apprehended 18 suspects, confiscating various devices, SIM cards, registration documents, and $11,500 in cash. Additional house raids in Sri Lanka resulted in the arrest of 12 more individuals, with two suspects apprehended in Nauru. The Hong Kong Police also played a crucial role in the operation, as stated by INTERPOL.
