Cybercrime, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Also: Spain Resists Pressure to Oust Huawei, North Korean Kimsuky Data Leaked Anviksha More (AnvikshaMore) • August 14, 2025 Image: Shutterstock/ISMG The Information Security Media Group (ISMG) regularly compiles significant cybersecurity incidents from around the globe. This week, a reported incident…
June 4, 2025
Threat Intelligence / Data Breach
Google has revealed insights into a financially driven threat group called UNC6040, which specializes in voice phishing (vishing) tactics aimed at infiltrating organizations’ Salesforce accounts for extensive data theft and extortion efforts. The tech giant’s threat intelligence team has linked this group to an online cybercrime network known as The Com. According to a report shared with The Hacker News, UNC6040 has successfully breached multiple networks by having its operators impersonate IT support staff in persuasive telephone-based social engineering campaigns. This method has effectively deceived English-speaking employees into taking actions that grant the attackers access or encourage them to share sensitive information.
Google Unveils Vishing Campaign Targeting Salesforce by Threat Group UNC6040 June 4, 2025 In a recent disclosure, Google has revealed insights into a financially motivated threat group known as UNC6040, which is reportedly executing sophisticated voice phishing, or vishing, operations aimed at infiltrating Salesforce instances. These attacks focus on large-scale…
June 4, 2025
Threat Intelligence / Data Breach
Google has revealed insights into a financially driven threat group called UNC6040, which specializes in voice phishing (vishing) tactics aimed at infiltrating organizations’ Salesforce accounts for extensive data theft and extortion efforts. The tech giant’s threat intelligence team has linked this group to an online cybercrime network known as The Com. According to a report shared with The Hacker News, UNC6040 has successfully breached multiple networks by having its operators impersonate IT support staff in persuasive telephone-based social engineering campaigns. This method has effectively deceived English-speaking employees into taking actions that grant the attackers access or encourage them to share sensitive information.
Data Breach at UnitedHealth Group Affects 192.7 Million Individuals Recent reports from the U.S. Department of Health and Human Services reveal that the data breach involving UnitedHealth Group last year impacted the personal information of approximately 192.7 million individuals. This figure surpasses the initial estimate of 190 million disclosed by…
Over 1,000 SOHO Devices Compromised in China-Linked LapDogs Cyber Espionage Operation
Jun 27, 2025
Threat Hunting / Vulnerability
Cybersecurity experts have uncovered a network of over 1,000 compromised small office/home office (SOHO) devices actively supporting an extensive cyber espionage campaign linked to China-based hacking groups. This operation, dubbed LapDogs by SecurityScorecard’s STRIKE team, reveals that victims are primarily located in the United States and Southeast Asia, with the network steadily expanding. Infections are also reported in Japan, South Korea, Hong Kong, and Taiwan, affecting sectors such as IT, networking, real estate, and media. The compromised devices include those from manufacturers like Ruckus Wireless, ASUS, Buffalo Technology, Cisco-Linksys, Cross DVR, D-Link, Microsoft, Panasonic, and Synology. At the core of the LapDogs operation is a custom backdoor known as ShortLeash, specifically designed to facilitate these attacks.
Over 1,000 SOHO Devices Compromised in Cyber Espionage Campaign Linked to China On June 27, 2025, cybersecurity experts reported the discovery of a significant network of more than 1,000 small office and home office (SOHO) devices that have been compromised for cyber espionage activities attributed to hacking groups with links…
Over 1,000 SOHO Devices Compromised in China-Linked LapDogs Cyber Espionage Operation
Jun 27, 2025
Threat Hunting / Vulnerability
Cybersecurity experts have uncovered a network of over 1,000 compromised small office/home office (SOHO) devices actively supporting an extensive cyber espionage campaign linked to China-based hacking groups. This operation, dubbed LapDogs by SecurityScorecard’s STRIKE team, reveals that victims are primarily located in the United States and Southeast Asia, with the network steadily expanding. Infections are also reported in Japan, South Korea, Hong Kong, and Taiwan, affecting sectors such as IT, networking, real estate, and media. The compromised devices include those from manufacturers like Ruckus Wireless, ASUS, Buffalo Technology, Cisco-Linksys, Cross DVR, D-Link, Microsoft, Panasonic, and Synology. At the core of the LapDogs operation is a custom backdoor known as ShortLeash, specifically designed to facilitate these attacks.
Posted on October 14, 2024
Category: Cybersecurity Recap
Get ready for your weekly update on the latest in cybersecurity! This week, we’re diving into everything from zero-day vulnerabilities and rogue AI to the FBI stepping into the crypto game—you won’t want to miss this! Let’s get started so we can beat the FOMO! ⚡
🔒 Threat Spotlight: GoldenJackal’s Air-Gapped Infiltration
Introducing GoldenJackal, the hacking group that’s been flying under your radar. They’ve developed a method to breach highly secure, air-gapped systems using stealthy worms distributed via infected USB drives (yes, you read that right!). ESET researchers have identified their operations targeting notable victims, including a South Asian embassy in Belarus and a European Union government entity.
🔔 Top Headlines
Mozilla has released a patch for a critical Firefox zero-day vulnerability…
THN Cybersecurity Recap: Key Threats and Developments (October 7 – October 13) October 14, 2024 As we delve into this week’s cybersecurity landscape, numerous developments highlight the urgency and complexity of the current threats. Among them is the emergence of GoldenJackal, a previously obscure hacking group that has made headlines…
Posted on October 14, 2024
Category: Cybersecurity Recap
Get ready for your weekly update on the latest in cybersecurity! This week, we’re diving into everything from zero-day vulnerabilities and rogue AI to the FBI stepping into the crypto game—you won’t want to miss this! Let’s get started so we can beat the FOMO! ⚡
🔒 Threat Spotlight: GoldenJackal’s Air-Gapped Infiltration
Introducing GoldenJackal, the hacking group that’s been flying under your radar. They’ve developed a method to breach highly secure, air-gapped systems using stealthy worms distributed via infected USB drives (yes, you read that right!). ESET researchers have identified their operations targeting notable victims, including a South Asian embassy in Belarus and a European Union government entity.
🔔 Top Headlines
Mozilla has released a patch for a critical Firefox zero-day vulnerability…
Cryptocurrency Fraud, Finance & Banking, Fraud Management & Cybercrime US Treasury Sanctions Cryptocurrency Exchange for Laundering $100 Million Linked to Ransomware Chris Riotta (@chrisriotta) • August 14, 2025 (Image: Shutterstock) The U.S. Department of the Treasury has imposed sanctions against Garantex, a cryptocurrency exchange with Russian connections, as part of…
The U.S. Department of Justice (DoJ) announced on Wednesday the seizure of cryptocurrency assets and around 145 domains associated with the underground carding platform BidenCash. According to the DoJ, “BidenCash operators streamlined the process of buying and selling stolen credit cards and personal information.” The marketplace, which charges fees for transactions, launched in March 2022 to replace Joker’s Stash and other carding forums like UniCC. Since its inception, BidenCash has reportedly served over 117,000 users, facilitated the trafficking of more than 15 million payment card numbers and personal data, and generated at least $17 million in revenue.
U.S. Department of Justice Seizes 145 Domains Linked to BidenCash Carding Marketplace On June 5, 2025, the U.S. Department of Justice (DoJ) announced a significant action against the illicit carding marketplace known as BidenCash, seizing approximately 145 domains linked to both the clearnet and dark web. This operation is part…
The U.S. Department of Justice (DoJ) announced on Wednesday the seizure of cryptocurrency assets and around 145 domains associated with the underground carding platform BidenCash. According to the DoJ, “BidenCash operators streamlined the process of buying and selling stolen credit cards and personal information.” The marketplace, which charges fees for transactions, launched in March 2022 to replace Joker’s Stash and other carding forums like UniCC. Since its inception, BidenCash has reportedly served over 117,000 users, facilitated the trafficking of more than 15 million payment card numbers and personal data, and generated at least $17 million in revenue.
Two Individuals Plead Guilty in Fraud Scheme Involving Stolen Patient Data In a significant legal development, Wilkins Estrella and Charlene Marte have both pled guilty to charges of conspiracy to commit wire fraud and bank fraud. This plea took place on August 7, 2025, before U.S. District Judge Gregory H.…
China Accuses U.S. of Inventing Volt Typhoon to Distract from Its Own Hacking Activities
Oct 15, 2024
National Security / Cybersecurity
China’s National Computer Virus Emergency Response Center (CVERC) has intensified its assertions that the alleged hacking group Volt Typhoon is a U.S. invention. In collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, the agency claims that the U.S. government, intelligence agencies, and Five Eyes allies are engaged in cyber espionage against China, as well as France, Germany, Japan, and internet users worldwide. It further asserted that there is “ironclad evidence” of the U.S. conducting false flag operations to obscure its own cyberattacks, accusing it of fabricating the “so-called threat of Chinese cyber operations” and establishing a “large-scale global internet surveillance network.” The agency pointed out that the U.S. has employed supply chain attacks, implanted backdoors in internet products, and initiated “pre-positioning” strategies, entirely…
China Denounces U.S. Claims Regarding Volt Typhoon as a Deception to Obscure Its Own Cyber Operations October 15, 2024 National Security / Cyber Threat Analysis In a recent statement, China’s National Computer Virus Emergency Response Center (CVERC) has reiterated its assertion that the cyber threat actor dubbed “Volt Typhoon” is…
China Accuses U.S. of Inventing Volt Typhoon to Distract from Its Own Hacking Activities
Oct 15, 2024
National Security / Cybersecurity
China’s National Computer Virus Emergency Response Center (CVERC) has intensified its assertions that the alleged hacking group Volt Typhoon is a U.S. invention. In collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, the agency claims that the U.S. government, intelligence agencies, and Five Eyes allies are engaged in cyber espionage against China, as well as France, Germany, Japan, and internet users worldwide. It further asserted that there is “ironclad evidence” of the U.S. conducting false flag operations to obscure its own cyberattacks, accusing it of fabricating the “so-called threat of Chinese cyber operations” and establishing a “large-scale global internet surveillance network.” The agency pointed out that the U.S. has employed supply chain attacks, implanted backdoors in internet products, and initiated “pre-positioning” strategies, entirely…
