TPG Telecom Suffers Cyberattack: Sensitive Data Compromised TPG Telecom, one of Australia’s leading telecommunications companies, has disclosed a cybersecurity incident it referred to as a “limited” attack. However, the scope of the data breach suggests otherwise, as it has resulted in the unauthorized access and theft of a significant amount…
RVTools Official Site Compromised to Distribute Bumblebee Malware via Trojan Installer
May 19, 2025
Malware / Supply Chain Attack
The official RVTools website has been compromised, delivering a tainted installer for the widely-used VMware environment reporting tool. In a statement on their site, the company announced, “Robware.net and RVTools.com are currently offline. We are working diligently to restore service and appreciate your patience. Please note that Robware.net and RVTools.com are the only authorized and supported sources for RVTools software. Avoid downloading RVTools from any other websites or sources.” This incident follows revelations from security researcher Aidan Leon, who discovered that the infected installer was being used to load a malicious DLL, identified as the Bumblebee malware loader. It remains unclear how long the compromised version of RVTools was available for download or how many users had installed it before the websites were taken offline. In the meantime, users are advised to verify…
RVTools Official Website Compromised, Distributing Bumblebee Malware Through Trojan Installer On May 19, 2025, the official website for RVTools, a well-known utility for reporting within VMware environments, was breached, leading to the distribution of a compromised installer. This attack is a stark reminder of the vulnerabilities associated with software supply…
RVTools Official Site Compromised to Distribute Bumblebee Malware via Trojan Installer
May 19, 2025
Malware / Supply Chain Attack
The official RVTools website has been compromised, delivering a tainted installer for the widely-used VMware environment reporting tool. In a statement on their site, the company announced, “Robware.net and RVTools.com are currently offline. We are working diligently to restore service and appreciate your patience. Please note that Robware.net and RVTools.com are the only authorized and supported sources for RVTools software. Avoid downloading RVTools from any other websites or sources.” This incident follows revelations from security researcher Aidan Leon, who discovered that the infected installer was being used to load a malicious DLL, identified as the Bumblebee malware loader. It remains unclear how long the compromised version of RVTools was available for download or how many users had installed it before the websites were taken offline. In the meantime, users are advised to verify…
FBI and Europol Take Down Lumma Stealer Malware Network Responsible for 10 Million Infections
May 22, 2025
Malware / Cybercrime
A major crackdown by international law enforcement agencies and private sector partners has successfully dismantled the infrastructure behind Lumma Stealer (also known as LummaC or LummaC2), resulting in the seizure of 2,300 domains that served as command-and-control hubs for compromised Windows systems. According to the U.S. Department of Justice (DoJ), “Malware like LummaC2 is utilized to extract sensitive information, such as user login credentials, from millions of victims, enabling a range of criminal activities including fraudulent bank transactions and cryptocurrency theft.” Since its emergence in late 2022, Lumma Stealer has been linked to approximately 1.7 million incidents involving the theft of data, including browser information, autofill details, login credentials, and cryptocurrency seed phrases.
FBI and Europol Take Down Lumma Stealer Malware Network, Impacting Millions of Users May 22, 2025 — A significant joint operation led by the FBI in collaboration with Europol and private sector partners has successfully disrupted the infrastructure of Lumma Stealer, a highly active commodity information stealing malware. This operation…
FBI and Europol Take Down Lumma Stealer Malware Network Responsible for 10 Million Infections
May 22, 2025
Malware / Cybercrime
A major crackdown by international law enforcement agencies and private sector partners has successfully dismantled the infrastructure behind Lumma Stealer (also known as LummaC or LummaC2), resulting in the seizure of 2,300 domains that served as command-and-control hubs for compromised Windows systems. According to the U.S. Department of Justice (DoJ), “Malware like LummaC2 is utilized to extract sensitive information, such as user login credentials, from millions of victims, enabling a range of criminal activities including fraudulent bank transactions and cryptocurrency theft.” Since its emergence in late 2022, Lumma Stealer has been linked to approximately 1.7 million incidents involving the theft of data, including browser information, autofill details, login credentials, and cryptocurrency seed phrases.
Chinese Hackers Leverage Ivanti EPMM Vulnerabilities in Widespread Global Attacks
May 22, 2025
Enterprise Security / Malware
A recently patched duo of security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-linked threat actor to target various sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, identified as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), can be combined to run arbitrary code on vulnerable devices without needing any authentication. Ivanti addressed these flaws just last week. According to a report from EclecticIQ, the vulnerability chain has been misused by UNC5221, a Chinese cyber espionage group known for targeting edge network devices since at least 2023. Most recently, this group has also been linked to exploitation attempts on SAP NetWeaver instances affected by CVE-2025-31324. The Dutch cybersecurity firm noted that the first exploitation activities began on May 15, 2025, with attacks focused on healthcare, telecommunications, and aviation sectors.
Chinese Cyber Actors Target Global Enterprises Through Ivanti EPMM Vulnerabilities May 22, 2025 – Enterprise Security / Malware Recent developments in the cybersecurity landscape have revealed that a pair of vulnerabilities within Ivanti Endpoint Manager Mobile (EPMM) software, identified as CVE-2025-4427 and CVE-2025-4428, have been exploited by a China-based threat…
Chinese Hackers Leverage Ivanti EPMM Vulnerabilities in Widespread Global Attacks
May 22, 2025
Enterprise Security / Malware
A recently patched duo of security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-linked threat actor to target various sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, identified as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), can be combined to run arbitrary code on vulnerable devices without needing any authentication. Ivanti addressed these flaws just last week. According to a report from EclecticIQ, the vulnerability chain has been misused by UNC5221, a Chinese cyber espionage group known for targeting edge network devices since at least 2023. Most recently, this group has also been linked to exploitation attempts on SAP NetWeaver instances affected by CVE-2025-31324. The Dutch cybersecurity firm noted that the first exploitation activities began on May 15, 2025, with attacks focused on healthcare, telecommunications, and aviation sectors.
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Geo Focus: Asia Report: North Korean Hacking Group Incorporates Ransomware into Cyber Operations Chris Riotta (@chrisriotta) • August 14, 2025 Image: Shutterstock Recent findings from South Korean cybersecurity researchers have revealed a robust cyberattack campaign attributed to the North Korean hacker group…
On June 11, 2025, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains associated with 69 information-stealing malware variants. Conducted between January and April 2025, the operation—codename Operation Secure—was a collaborative effort involving law enforcement agencies from 26 countries. This initiative focused on identifying servers, mapping physical networks, and executing targeted takedowns.
According to INTERPOL, these coordinated actions led to the removal of 79% of the suspicious IP addresses identified. Participating countries reported seizing 41 servers, recovering over 100 GB of data, and arresting 32 individuals linked to illegal cyber activities. Vietnamese authorities alone apprehended 18 suspects, confiscating various devices, SIM cards, registration documents, and $11,500 in cash. Additional house raids in Sri Lanka resulted in the arrest of 12 more individuals, with two suspects apprehended in Nauru. The Hong Kong Police also played a crucial role in the operation, as stated by INTERPOL.
INTERPOL Disrupts Over 20,000 Malicious IP Addresses in Operation Secure On June 11, 2025, INTERPOL announced a significant crackdown on cybercrime, revealing the dismantling of more than 20,000 malicious IP addresses linked to 69 variants of information-stealing malware. The initiative, termed Operation Secure, involved a coordinated effort from law enforcement…
On June 11, 2025, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains associated with 69 information-stealing malware variants. Conducted between January and April 2025, the operation—codename Operation Secure—was a collaborative effort involving law enforcement agencies from 26 countries. This initiative focused on identifying servers, mapping physical networks, and executing targeted takedowns.
According to INTERPOL, these coordinated actions led to the removal of 79% of the suspicious IP addresses identified. Participating countries reported seizing 41 servers, recovering over 100 GB of data, and arresting 32 individuals linked to illegal cyber activities. Vietnamese authorities alone apprehended 18 suspects, confiscating various devices, SIM cards, registration documents, and $11,500 in cash. Additional house raids in Sri Lanka resulted in the arrest of 12 more individuals, with two suspects apprehended in Nauru. The Hong Kong Police also played a crucial role in the operation, as stated by INTERPOL.
SideWinder APT Launches Covert Multi-Stage Assault on Middle East and Africa
October 17, 2024
Malware / Cyber Espionage
An advanced persistent threat (APT) known as SideWinder, with suspected links to India, has initiated a wave of attacks targeting high-profile organizations and critical infrastructure in the Middle East and Africa. This group, also referred to as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04, may initially appear low-skilled due to its reliance on publicly available exploits, malicious LNK files, scripts, and common remote access tools (RATs). However, Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov suggest that their true capabilities become evident upon closer examination of their operational tactics. The group’s targets include government and military sectors, logistics, telecommunications, financial institutions, universities, and oil trading firms in countries such as Bangladesh, Djibouti, Jordan, and Malaysia.
SideWinder APT Targets Middle East and Africa in Cohesive Multi-Stage Attacks October 17, 2024 Recent reports indicate that an advanced persistent threat (APT) group, identified as SideWinder, is actively executing a series of sophisticated cyberattacks against notable infrastructures and organizations in the Middle East and Africa. This group, also referred…
SideWinder APT Launches Covert Multi-Stage Assault on Middle East and Africa
October 17, 2024
Malware / Cyber Espionage
An advanced persistent threat (APT) known as SideWinder, with suspected links to India, has initiated a wave of attacks targeting high-profile organizations and critical infrastructure in the Middle East and Africa. This group, also referred to as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04, may initially appear low-skilled due to its reliance on publicly available exploits, malicious LNK files, scripts, and common remote access tools (RATs). However, Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov suggest that their true capabilities become evident upon closer examination of their operational tactics. The group’s targets include government and military sectors, logistics, telecommunications, financial institutions, universities, and oil trading firms in countries such as Bangladesh, Djibouti, Jordan, and Malaysia.
Russian RomCom Group Targets Ukrainian Government with New SingleCamper RAT Variant
October 17, 2024
Threat Intelligence / Malware
The Russian threat actor RomCom has been linked to a surge of cyberattacks against Ukrainian government agencies and undisclosed Polish entities since late 2023. These intrusions utilize a new variant of the RomCom RAT, referred to as SingleCamper (also known as SnipBot or RomCom 5.0), according to Cisco Talos, which is monitoring this activity cluster under the designation UAT-5647. “This version is loaded directly from the registry into memory and communicates with its loader via a loopback address,” explained security researchers Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer, and Vitor Ventura. RomCom, also tracked as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and Void Rabisu, has engaged in multi-faceted operations including ransomware, extortion, and targeted credential harvesting since its emergence in 2022. Recent assessments indicate that the frequency of their attacks has ramped up in recent months with the goal of establishing long-term persistent access.
Russian Cyber Actor RomCom Targets Ukrainian Government with New SingleCamper RAT Variant October 17, 2024 Threat Intelligence / Malware A recent wave of cyber attacks has been linked to the Russian threat actor known as RomCom, specifically targeting Ukrainian government agencies and undisclosed Polish entities since late 2023. This escalation…
Russian RomCom Group Targets Ukrainian Government with New SingleCamper RAT Variant
October 17, 2024
Threat Intelligence / Malware
The Russian threat actor RomCom has been linked to a surge of cyberattacks against Ukrainian government agencies and undisclosed Polish entities since late 2023. These intrusions utilize a new variant of the RomCom RAT, referred to as SingleCamper (also known as SnipBot or RomCom 5.0), according to Cisco Talos, which is monitoring this activity cluster under the designation UAT-5647. “This version is loaded directly from the registry into memory and communicates with its loader via a loopback address,” explained security researchers Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer, and Vitor Ventura. RomCom, also tracked as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and Void Rabisu, has engaged in multi-faceted operations including ransomware, extortion, and targeted credential harvesting since its emergence in 2022. Recent assessments indicate that the frequency of their attacks has ramped up in recent months with the goal of establishing long-term persistent access.
📅 Jun 30, 2025
Cybersecurity / Hacking News
Curious about what happens when attackers play by the rules—only better? This week, we explore stories that challenge our understanding of security control. It’s not always a broken firewall or an unpatched system; sometimes, it’s the seemingly innocuous choices, default settings, and shortcuts we take that introduce risk. The true shock is that threats can stem from the very design of our systems. Join us as we delve into the underlying factors influencing today’s security landscape.
FBI Alerts on Scattered Spider’s Airlines Attacks — The FBI has issued warnings about a new wave of sophisticated attacks by the cybercrime group Scattered Spider, specifically targeting the airline industry through advanced social engineering tactics. Cybersecurity experts from Palo Alto Networks Unit 4…
Weekly Cybersecurity Recap: Airline Breaches, Citrix Vulnerabilities, and Malware Threats June 30, 2025 Cybersecurity | BreachSpot In the ever-evolving landscape of cybersecurity threats, recent events serve as a stark reminder that vulnerabilities often lie in systemic operations rather than overt faults. This week, we explore incidents that challenge our assumptions…
📅 Jun 30, 2025
Cybersecurity / Hacking News
Curious about what happens when attackers play by the rules—only better? This week, we explore stories that challenge our understanding of security control. It’s not always a broken firewall or an unpatched system; sometimes, it’s the seemingly innocuous choices, default settings, and shortcuts we take that introduce risk. The true shock is that threats can stem from the very design of our systems. Join us as we delve into the underlying factors influencing today’s security landscape.
FBI Alerts on Scattered Spider’s Airlines Attacks — The FBI has issued warnings about a new wave of sophisticated attacks by the cybercrime group Scattered Spider, specifically targeting the airline industry through advanced social engineering tactics. Cybersecurity experts from Palo Alto Networks Unit 4…
