A threat group linked to China has exploited vulnerabilities in Connectwise ScreenConnect and F5 BIG-IP software, deploying customized malware capable of installing additional backdoors on compromised Linux systems. This aggressive campaign is under surveillance by Mandiant, a Google subsidiary, which refers to the activity by the identifier UNC5174, also known…
Cybersecurity Incident: Accellion File Transfer Appliance Targeted by UNC2546 Cybersecurity researchers reported a significant data theft and extortion campaign linked to a series of attacks targeting Accellion File Transfer Appliance (FTA) servers. The cybercrime group identified as UNC2546 has been active in executing these attacks over the last two months.…
EXCLUSIVE ShinyHunters has reportedly taken responsibility for a security breach at Gainsight, further compromising the data of numerous Salesforce customers. This breach expands the ongoing ramifications of earlier cyber incidents, particularly the Salesloft Drift hack from earlier this year, which ShinyHunters claims provided them with the initial access to Gainsight’s…
Mimecast Acknowledges Source Code Breach Linked to SolarWinds Attack In a recent disclosure, email security firm Mimecast announced that it fell victim to the state-sponsored attackers behind the SolarWinds breach, illustrating the ongoing risks associated with sophisticated cyber threats. The incident, detailed in their findings, revealed unauthorized access to some…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Iranian Hacking Group Unleashes Array of Custom Malware Variants Akshaya Asokan (asokan_akshaya) • November 18, 2025 Image: Evgeniyqw/Shutterstock Google has issued a warning regarding a state-sponsored Iranian hacking group known for targeting the aerospace and defense sectors in the Middle East. This…
SonicWall Tackles Critical Security Vulnerabilities Targeting Email Security Solutions SonicWall has recently patched three severe security vulnerabilities in its email security products that have been exploited in the wild. These vulnerabilities, identified as CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023, were disclosed following an investigation by FireEye’s Mandiant subsidiary. The flaws were reported…
Ransomware Attack Halts Colonial Pipeline Operations, Highlighting Cybersecurity Vulnerabilities On Saturday, Colonial Pipeline, a crucial provider transporting approximately 45% of the fuel consumed on the U.S. East Coast, officially announced it has suspended operations due to a ransomware attack. This incident underscores the susceptibility of critical infrastructure to cyber threats.…
A recent investigation has revealed that the ransomware cartel responsible for the Colonial Pipeline attack utilized a compromised virtual private network (VPN) account password to infiltrate the company’s network. This incident occurred in early May and has raised significant security concerns across the United States, particularly regarding critical infrastructure. Reports…
Fraud Management & Cybercrime, Government, Industry Specific Statewide Cyber Breach Affects 60 Agencies Before Ransomware Implementation Chris Riotta (@chrisriotta) • November 6, 2025 Image: Shutterstock/ISMG Recent analyses reveal that a ransomware threat actor compromised Nevada’s statewide government systems for several months prior to executing a ransomware attack. An after-action report…
