Google’s Threat Analysis Group (TAG) has identified a new initial access broker known as “Exotic Lily,” linked to a notorious Russian cybercrime group famed for its participation in Conti and Diavol ransomware operations. The emergence of this threat actor raises serious concerns regarding cybersecurity practices across multiple sectors. Exotic Lily…
A Belarusian cyber group known as Ghostwriter (also referred to as UNC1151) has been identified exploiting the recently uncovered browser-in-the-browser (BitB) technique in ongoing credential phishing attacks linked to the persistent Russo-Ukrainian conflict. This method employs a deceptive simulation of a browser window that appears legitimate, allowing attackers to execute…
A Hive ransomware incident recently targeted an unspecified organization, leveraging vulnerabilities in Microsoft Exchange Server known as “ProxyShell” to conduct a swift attack that culminated in network encryption within 72 hours of initial compromise. This information was shared by Nadav Ovadia, a security researcher from Varonis, in a detailed post-mortem…
Recent research has revealed that the notorious ransomware group known as Conti continues to target various organizations despite experiencing a substantial data breach of its own earlier this year. This information underscores the resilience of Conti, which is believed to be orchestrated by a Russian cyber actor identified as Gold…
A series of sophisticated phishing campaigns targeting diplomatic and governmental organizations has been linked to a Russian-state sponsored hacking group known as APT29, or Cozy Bear. This threat actor has been active since January 17, 2022, employing a range of techniques that highlight their ongoing interest in gathering sensitive diplomatic…
In recent weeks, the Chinese state-sponsored hacking group known as Override Panda has made headlines again, launching a sophisticated phishing campaign aimed at acquiring sensitive information. This resurgence focuses on utilizing spear-phishing tactics to compromise targeted entities. According to a report by Cluster25, this threat actor leveraged a spear-phishing email…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a critical vulnerability in Trimble’s Cityworks software for geographic information systems (GIS). This vulnerability, identified as CVE-2025-0994, is currently under active exploitation, posing significant risk to its users. CVE-2025-0994 carries a CVSS v4 score of 8.6, indicating…
T-Mobile, a prominent U.S. telecommunications provider, has acknowledged being targeted by Chinese cyber threat actors aiming to infiltrate its systems to access sensitive data. The perpetrators, identified as Salt Typhoon, have been conducting a prolonged campaign focusing on extracting cellphone communications of individuals considered “high-value intelligence targets.” The extent of…
A critical security vulnerability in Atlassian’s Confluence Server and Data Center products has recently been exploited in active cyberattacks, leading to the deployment of cryptocurrency miners and ransomware. The flaw, identified as CVE-2022-26134 with a CVSS score of 9.8, was patched by Atlassian on June 3, 2022. This vulnerability enables…
