A newly identified North Korean cyber operator has been linked to multiple campaigns aimed at gathering intelligence strategically aligned with Pyongyang’s geopolitical goals. Since 2018, this group, tracked by Google-affiliated Mandiant as APT43, has pursued both espionage and financial gain, employing techniques such as credential harvesting and social engineering to…
A recent data breach at TransUnion has compromised the Social Security numbers of 4.4 million consumers in the United States, following a cyber attack on a Salesforce-integrated application. The breach is associated with the hacking group identified as UNC6395. In an incident that began on July 28, 2025, credit reporting…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.
A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.
CISA Alerts Businesses to Five Critical Security Vulnerabilities: Immediate Response Needed On April 10, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory concerning five newly identified security vulnerabilities now included in its Known Exploited Vulnerabilities (KEV) catalog. This addition is backed by evidence indicating active…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.
A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.
A recent advisory from Google and Mandiant has uncovered a significant data breach involving Salesforce, where the threat actor UNC6395 deployed stolen OAuth tokens to bypass Multi-Factor Authentication (MFA). Organizations are urged to take steps to protect non-human identities to prevent similar breaches. According to the advisory from the Google…
The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.
Lazarus Hacker Group Adapts Strategies in Ongoing DeathNote Campaign April 13, 2023 Cyber Attack / Cyber Threat The Lazarus Group, a North Korean cyber threat actor, has been observed refining its strategies and expanding its targets in an ongoing campaign known as DeathNote. Traditionally focused on the cryptocurrency sector, this…
The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.
Government, Industry Specific Microsoft Issues Urgent Warning After SharePoint Vulnerability Breach Targeting State Actors Chris Riotta (@chrisriotta) • August 14, 2025 The Ottawa Parliament Building. (Image: Shutterstock) A significant security breach has occurred within Canada’s House of Commons, where hackers accessed a sensitive database containing confidential office locations and personal…
Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure
July 28, 2025
Cyber Attack / Ransomware
The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.
Scattered Spider Breaches VMware ESXi to Launch Ransomware Attacks on Critical U.S. Infrastructure July 28, 2025 In a concerning escalation of cyber threats, the cybercriminal group known as Scattered Spider has been orchestrating targeted attacks on VMware ESXi hypervisors, primarily affecting sectors such as retail, airlines, and transportation across North…
Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure
July 28, 2025
Cyber Attack / Ransomware
The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.
In recent developments, instances of fraudulent calls utilizing artificial intelligence to replicate familiar voices have surfaced with alarming frequency. These scams often manipulate the voice of a grandchild, colleague, or executive to convey urgent messages, compelling victims to rapidly wire money, share sensitive information, or visit harmful websites. The deceptive…
Fraud Management & Cybercrime, Social Engineering Hacking Tactics Linked to Retail and Airline Breaches Akshaya Asokan (asokan_akshaya) • July 25, 2025 Image: Shutterstock A group of adolescent cybercriminals known as Scattered Spider has recently targeted VMware hypervisors, successfully infiltrating corporate environments through Active Directory. This emerging threat landscape has led…
