Tag Palo Alto Networks

⚡ Weekly Update: Airline Threats, Citrix Vulnerabilities, Outlook Malware, Banking Trojans, and More

đź“… Jun 30, 2025
Cybersecurity / Hacking News

Curious about what happens when attackers play by the rules—only better? This week, we explore stories that challenge our understanding of security control. It’s not always a broken firewall or an unpatched system; sometimes, it’s the seemingly innocuous choices, default settings, and shortcuts we take that introduce risk. The true shock is that threats can stem from the very design of our systems. Join us as we delve into the underlying factors influencing today’s security landscape.

⚡ Threat of the Week

FBI Alerts on Scattered Spider’s Airlines Attacks — The FBI has issued warnings about a new wave of sophisticated attacks by the cybercrime group Scattered Spider, specifically targeting the airline industry through advanced social engineering tactics. Cybersecurity experts from Palo Alto Networks Unit 4…

Weekly Cybersecurity Recap: Airline Breaches, Citrix Vulnerabilities, and Malware Threats June 30, 2025 Cybersecurity | BreachSpot In the ever-evolving landscape of cybersecurity threats, recent events serve as a stark reminder that vulnerabilities often lie in systemic operations rather than overt faults. This week, we explore incidents that challenge our assumptions…

Read More

⚡ Weekly Update: Airline Threats, Citrix Vulnerabilities, Outlook Malware, Banking Trojans, and More

đź“… Jun 30, 2025
Cybersecurity / Hacking News

Curious about what happens when attackers play by the rules—only better? This week, we explore stories that challenge our understanding of security control. It’s not always a broken firewall or an unpatched system; sometimes, it’s the seemingly innocuous choices, default settings, and shortcuts we take that introduce risk. The true shock is that threats can stem from the very design of our systems. Join us as we delve into the underlying factors influencing today’s security landscape.

⚡ Threat of the Week

FBI Alerts on Scattered Spider’s Airlines Attacks — The FBI has issued warnings about a new wave of sophisticated attacks by the cybercrime group Scattered Spider, specifically targeting the airline industry through advanced social engineering tactics. Cybersecurity experts from Palo Alto Networks Unit 4…

North Korean Group Partners with Play Ransomware in Major Cyber Attack

Oct 30, 2024
Ransomware / Threat Intelligence

Threat actors associated with North Korea have been linked to a recent cyber incident involving the notorious Play ransomware, highlighting their financial motives. This activity, which took place between May and September 2024, is connected to a group known as Jumpy Pisces, also referred to as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (previously Plutonium), Operation Troy, Silent Chollima, and Stonefly. According to a new report from Palo Alto Networks’ Unit 42, “We have moderate confidence that Jumpy Pisces, or a segment of this group, is now collaborating with the Play ransomware collective.” This incident is particularly significant as it represents the first documented partnership between the Jumpy Pisces North Korean state-sponsored group and an underground ransomware operation. Active since at least 2009, Andariel is associated with North Korea’s Reconnaissance General Bureau (RGB) and has a history of deploying various cyber tactics.

Significant Cyber Attack Involves North Korean Collaboration with Play Ransomware Group October 30, 2024 In a notable development in the realm of cybersecurity, threat actors associated with North Korea have been identified as key players in a recent attack utilizing the Play ransomware variant. This collaboration highlights the increasing intersection…

Read More

North Korean Group Partners with Play Ransomware in Major Cyber Attack

Oct 30, 2024
Ransomware / Threat Intelligence

Threat actors associated with North Korea have been linked to a recent cyber incident involving the notorious Play ransomware, highlighting their financial motives. This activity, which took place between May and September 2024, is connected to a group known as Jumpy Pisces, also referred to as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (previously Plutonium), Operation Troy, Silent Chollima, and Stonefly. According to a new report from Palo Alto Networks’ Unit 42, “We have moderate confidence that Jumpy Pisces, or a segment of this group, is now collaborating with the Play ransomware collective.” This incident is particularly significant as it represents the first documented partnership between the Jumpy Pisces North Korean state-sponsored group and an underground ransomware operation. Active since at least 2009, Andariel is associated with North Korea’s Reconnaissance General Bureau (RGB) and has a history of deploying various cyber tactics.

GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools

July 15, 2025
Cybercrime / Ransomware

Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda BĂĽyĂĽkkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.

GLOBAL GROUP RaaS Expands Operations with Advanced AI Negotiation Tools July 15, 2025 Cybercrime / Ransomware A newly identified ransomware-as-a-service (RaaS) entity, referred to as GLOBAL GROUP, has rapidly gained traction, targeting various sectors across Australia, Brazil, Europe, and the United States since its inception in early June 2025. Researchers…

Read More

GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools

July 15, 2025
Cybercrime / Ransomware

Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda BĂĽyĂĽkkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.

Alert: Over 2,000 Palo Alto Networks Devices Compromised in Ongoing Cyber Attack Campaign

As of November 21, 2024, an estimated 2,000 devices from Palo Alto Networks have been compromised due to a campaign exploiting newly disclosed security vulnerabilities. According to data from the Shadowserver Foundation, the majority of incidents have been reported in the U.S. (554) and India (461), with additional cases in Thailand (80), Mexico (48), Indonesia (43), Turkey (41), the U.K. (39), Peru (36), and South Africa (35).

Earlier this week, Censys reported identifying 13,324 publicly exposed next-generation firewall management interfaces, with 34% of these exposures located in the U.S. However, it is crucial to note that not all exposed hosts are necessarily vulnerable. The vulnerabilities, CVE-2024-0012 (CVSS score: 9.3) and CVE-2024-9474 (CVSS score: 6.9), involve authentication bypass and privilege escalation, potentially enabling attackers to carry out malicious actions.

Warning: Ongoing Attack Campaign Compromises Over 2,000 Palo Alto Networks Devices November 21, 2024 In a concerning development in cybersecurity, it has been reported that approximately 2,000 devices from Palo Alto Networks have been compromised as a result of an ongoing attack campaign leveraging recently uncovered security vulnerabilities. The Shadowserver…

Read More

Alert: Over 2,000 Palo Alto Networks Devices Compromised in Ongoing Cyber Attack Campaign

As of November 21, 2024, an estimated 2,000 devices from Palo Alto Networks have been compromised due to a campaign exploiting newly disclosed security vulnerabilities. According to data from the Shadowserver Foundation, the majority of incidents have been reported in the U.S. (554) and India (461), with additional cases in Thailand (80), Mexico (48), Indonesia (43), Turkey (41), the U.K. (39), Peru (36), and South Africa (35).

Earlier this week, Censys reported identifying 13,324 publicly exposed next-generation firewall management interfaces, with 34% of these exposures located in the U.S. However, it is crucial to note that not all exposed hosts are necessarily vulnerable. The vulnerabilities, CVE-2024-0012 (CVSS score: 9.3) and CVE-2024-9474 (CVSS score: 6.9), involve authentication bypass and privilege escalation, potentially enabling attackers to carry out malicious actions.

Leak Uncovers Daily Lives of North Korean IT Scammers

Targeted Data Exploitation of IT Workers Revealed in Recent Findings Recent investigations have unveiled a concerning scheme targeting IT professionals, highlighting a structured operation that gathers and exploits sensitive information. Documented evidence includes detailed listings of potential job opportunities within the IT sector, alongside personal data that suggests a deliberate…

Read MoreLeak Uncovers Daily Lives of North Korean IT Scammers

Chinese State-Sponsored Hackers Target Southeast Asian Telecoms

Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Threat Actor Maintains Long-Term Stealthy Access Prajeet Nair (@prajeetspeaks) • August 4, 2025 Image: Shutterstock A recent cybersecurity analysis reveals that Chinese nation-state hackers have infiltrated mobile telecommunications networks across Southeast Asia, ostensibly to track the locations of individuals,…

Read MoreChinese State-Sponsored Hackers Target Southeast Asian Telecoms

Safe Secures $70M in Series C Funding to Enhance Cyber Risk Management Solutions

Agentic AI, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Investment Fuels Development for Predictive, Autonomous Threat Defense Michael Novinson (MichaelNovinson) • August 1, 2025 Saket Modi, co-founder and CEO, Safe (Image: Safe) In a significant development within the cybersecurity landscape, Safe, a vendor specializing in cyber risk…

Read MoreSafe Secures $70M in Series C Funding to Enhance Cyber Risk Management Solutions

Hackers Target SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

July 30, 2025
Vulnerability / Threat Intelligence

Threat actors have been found exploiting a critical SAP NetWeaver vulnerability, now patched, to introduce the Auto-Color backdoor in an April 2025 attack on a U.S.-based chemicals firm. According to a report from Darktrace shared with The Hacker News, the attacker accessed the company’s network over three days, attempted to download suspicious files, and communicated with infrastructure associated with the Auto-Color malware. The vulnerability, identified as CVE-2025-31324, is a severe unauthenticated file upload flaw in SAP NetWeaver that allows remote code execution (RCE) and was fixed by SAP in April. Auto-Color, first reported by Palo Alto Networks Unit 42 in February, operates similarly to a remote access trojan, providing remote access to compromised Linux systems. It has been linked to attacks against universities and government entities in North America and Asia between November and December 2024.

Hackers Exploit SAP Vulnerability to Target U.S. Chemical Company with Auto-Color Malware On July 30, 2025, cybersecurity experts reported a significant breach involving a critical vulnerability in SAP NetWeaver, previously patched by SAP. In an incident that unfolded over three days in April 2025, threat actors targeted a U.S.-based chemicals…

Read More

Hackers Target SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

July 30, 2025
Vulnerability / Threat Intelligence

Threat actors have been found exploiting a critical SAP NetWeaver vulnerability, now patched, to introduce the Auto-Color backdoor in an April 2025 attack on a U.S.-based chemicals firm. According to a report from Darktrace shared with The Hacker News, the attacker accessed the company’s network over three days, attempted to download suspicious files, and communicated with infrastructure associated with the Auto-Color malware. The vulnerability, identified as CVE-2025-31324, is a severe unauthenticated file upload flaw in SAP NetWeaver that allows remote code execution (RCE) and was fixed by SAP in April. Auto-Color, first reported by Palo Alto Networks Unit 42 in February, operates similarly to a remote access trojan, providing remote access to compromised Linux systems. It has been linked to attacks against universities and government entities in North America and Asia between November and December 2024.

Why Palo Alto Is Investing $25 Billion in Identity Solutions

Access Management, Agentic AI, Identity & Access Management CyberArk Acquisition Enhances Palo Alto Networks’ Privileged Access Capabilities Michael Novinson (@MichaelNovinson) • July 30, 2025 Nikesh Arora, Chairman and CEO, Palo Alto Networks Nikesh Arora, CEO of Palo Alto Networks, announced the company’s intention to acquire CyberArk for $25 billion, driven…

Read MoreWhy Palo Alto Is Investing $25 Billion in Identity Solutions