Significant Drop in Data Breaches in Nigeria: Context and Implications In the second quarter of 2025, Nigeria experienced a notable 73% reduction in reported data breaches, a decrease from 120,000 in the first quarter to 31,800. Despite this decline, cybersecurity firm Surfshark reported over 152,000 compromised accounts across various sectors…
Jul 24, 2025
Vulnerability / Ransomware
Microsoft has disclosed that a threat actor, identified as Storm-2603, is actively exploiting vulnerabilities in SharePoint to deploy Warlock ransomware on targeted systems. In an update released Wednesday, the company noted that these insights stem from ongoing analysis and threat intelligence regarding Storm-2603’s exploitation activities. This financially motivated actor is suspected to be based in China and has previously been linked to the deployment of both Warlock and LockBit ransomware. The attack chain involves exploiting CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability, targeting unpatched on-premises SharePoint servers to facilitate the deployment of the spinstall0.aspx web shell. “This initial access enables command execution via the w3wp.exe process that supports SharePoint,” Microsoft stated. “Storm-2603 subsequently initiates a series of discovery commands, including…”
Storm-2603 Exploits SharePoint Vulnerabilities to Deploy Warlock Ransomware on Unpatched Systems On July 24, 2025, Microsoft disclosed that the cyber group known as Storm-2603 is actively exploiting vulnerabilities in SharePoint software to deploy Warlock ransomware on targeted systems. This revelation is based on an extensive analysis and threat intelligence from…
Jul 24, 2025
Vulnerability / Ransomware
Microsoft has disclosed that a threat actor, identified as Storm-2603, is actively exploiting vulnerabilities in SharePoint to deploy Warlock ransomware on targeted systems. In an update released Wednesday, the company noted that these insights stem from ongoing analysis and threat intelligence regarding Storm-2603’s exploitation activities. This financially motivated actor is suspected to be based in China and has previously been linked to the deployment of both Warlock and LockBit ransomware. The attack chain involves exploiting CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability, targeting unpatched on-premises SharePoint servers to facilitate the deployment of the spinstall0.aspx web shell. “This initial access enables command execution via the w3wp.exe process that supports SharePoint,” Microsoft stated. “Storm-2603 subsequently initiates a series of discovery commands, including…”
U.S. Imposes Sanctions on Chinese Cybersecurity Firm Linked to Treasury Hack Associated with Silk Typhoon
Jan 18, 2025
Cyber Espionage / Telecom Security
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has enacted sanctions against a Chinese cybersecurity firm and a Shanghai-based cyber operative for their suspected connections to the Silk Typhoon group and the recent breach of the federal agency’s systems. The Treasury stated in a press release that “malicious cyber actors linked to the People’s Republic of China (PRC) continue to target U.S. government networks, including the recent compromise of Treasury’s information technology systems and sensitive critical infrastructure.” The sanctions specifically target Yin Kecheng, identified as a cyber operative for over a decade and associated with China’s Ministry of State Security (MSS). Kecheng is believed to be linked to the recent breach of Treasury’s network, which was revealed earlier this month and involved a hack of BeyondTrust’s systems, allowing threat actors to access some of the company’s Remote Support SaaS infrastructure.
U.S. Treasury Sanctions Chinese Cybersecurity Firm Over Treasury Network Breach Connected to Silk Typhoon On January 18, 2025, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against a Chinese cybersecurity firm and a cyber actor based in Shanghai, citing their suspected connections to the notorious Salt…
U.S. Imposes Sanctions on Chinese Cybersecurity Firm Linked to Treasury Hack Associated with Silk Typhoon
Jan 18, 2025
Cyber Espionage / Telecom Security
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has enacted sanctions against a Chinese cybersecurity firm and a Shanghai-based cyber operative for their suspected connections to the Silk Typhoon group and the recent breach of the federal agency’s systems. The Treasury stated in a press release that “malicious cyber actors linked to the People’s Republic of China (PRC) continue to target U.S. government networks, including the recent compromise of Treasury’s information technology systems and sensitive critical infrastructure.” The sanctions specifically target Yin Kecheng, identified as a cyber operative for over a decade and associated with China’s Ministry of State Security (MSS). Kecheng is believed to be linked to the recent breach of Treasury’s network, which was revealed earlier this month and involved a hack of BeyondTrust’s systems, allowing threat actors to access some of the company’s Remote Support SaaS infrastructure.
The ongoing debate over the use of online tracking tools by both HIPAA and non-HIPAA regulated health entities remains a critical issue, highlighted by concerns surrounding data privacy, regulations, and legal implications. Elizabeth Hodge, a partner at Akerman law firm, emphasized that health information represents one of the most sensitive…
Access Restricted: The Growing Threat of Shadow AI In today’s digital landscape, unauthorized artificial intelligence (AI) usage has emerged as a significant cybersecurity risk, often referred to as “shadow AI.” Recently, a concerning article highlighted this burgeoning threat, prompting urgent conversations among industry leaders and cybersecurity professionals. The target of…
Jul 24, 2025
Offensive Security / Security Validation
Just as you wouldn’t limit your blue team to annual assessments, why accept a lackluster schedule for your offensive security? Cybersecurity teams face mounting pressure to proactively uncover network vulnerabilities before attackers can exploit them. Unfortunately, many organizations still treat offensive security as a one-time event—an annual penetration test, sporadic red team exercises, or a last-minute audit before compliance deadlines. This isn’t effective defense; it’s merely performative.
Adversaries operate continuously, with evolving tools and tactics. New vulnerabilities are often turned into exploits within hours of a patch release. If your offensive validation isn’t just as agile, you’re not only falling behind—you’re leaving yourself vulnerable. It’s time to transition from annual pentests and establish an Offensive Security Operations Center.
Annual Penetration Tests Are Not Enough: The Case for an Offensive Security Operations Center In a rapidly evolving cybersecurity landscape, the traditional approach of conducting penetration tests once a year is becoming increasingly inadequate. While continuous threats loom over organizations, many still perceive offensive security measures as isolated events—such as…
Jul 24, 2025
Offensive Security / Security Validation
Just as you wouldn’t limit your blue team to annual assessments, why accept a lackluster schedule for your offensive security? Cybersecurity teams face mounting pressure to proactively uncover network vulnerabilities before attackers can exploit them. Unfortunately, many organizations still treat offensive security as a one-time event—an annual penetration test, sporadic red team exercises, or a last-minute audit before compliance deadlines. This isn’t effective defense; it’s merely performative.
Adversaries operate continuously, with evolving tools and tactics. New vulnerabilities are often turned into exploits within hours of a patch release. If your offensive validation isn’t just as agile, you’re not only falling behind—you’re leaving yourself vulnerable. It’s time to transition from annual pentests and establish an Offensive Security Operations Center.
DoNot Team Linked to New Tanzeem Android Malware Aimed at Intelligence Gathering
The threat group known as DoNot Team is associated with a new Android malware linked to highly targeted cyber attacks. The malware, identified as Tanzeem (meaning “organization” in Urdu) and its update variant, was discovered by cybersecurity firm Cyfirma in October and December 2024. These applications share nearly identical functionalities, with only slight user interface changes. Cyfirma’s Friday analysis pointed out, “While designed as a chat application, it fails to operate after installation, crashing once the required permissions are granted.” The app’s name indicates a focus on targeting specific individuals or groups both domestically and internationally. DoNot Team, also known as APT-C-35, Origami Elephant, SECTOR02, and Viceroy Tiger, is a hacking group believed to originate from India, notorious for utilizing spear-phishing emails and various Android malware strains in their attacks.
DoNot Team Linked to Emerging Tanzeem Android Malware Targeting Intelligence Gathering January 20, 2025 In a notable development in the cyber threat landscape, the hacking group known as DoNot Team has been associated with a new strain of Android malware. This malware, identified as Tanzeem, which translates to “organization” in…
DoNot Team Linked to New Tanzeem Android Malware Aimed at Intelligence Gathering
The threat group known as DoNot Team is associated with a new Android malware linked to highly targeted cyber attacks. The malware, identified as Tanzeem (meaning “organization” in Urdu) and its update variant, was discovered by cybersecurity firm Cyfirma in October and December 2024. These applications share nearly identical functionalities, with only slight user interface changes. Cyfirma’s Friday analysis pointed out, “While designed as a chat application, it fails to operate after installation, crashing once the required permissions are granted.” The app’s name indicates a focus on targeting specific individuals or groups both domestically and internationally. DoNot Team, also known as APT-C-35, Origami Elephant, SECTOR02, and Viceroy Tiger, is a hacking group believed to originate from India, notorious for utilizing spear-phishing emails and various Android malware strains in their attacks.
The Hidden Costs of Cloud Resilience: A Growing Concern for Businesses In a rapidly evolving digital landscape, many organizations are embracing cloud-native architectures. However, recent findings from a survey conducted among 500 global IT and security decision-makers reveal a troubling gap in resilience. Despite nearly half of development projects now…
Major Cyberattacks in 2025: A Comprehensive Overview Recent developments in the cybersecurity landscape reveal a concerning trend, as 2025 has already witnessed significant cyberattacks that have infiltrated various sectors, impacting numerous businesses and organizations. These attacks underscore the increasing sophistication and urgency of cybersecurity threats in today’s digital age. Among…
