Hackers leveraged vulnerabilities in the Salesloft Drift application to acquire OAuth tokens, resulting in unauthorized access to Salesforce data and exposing sensitive customer information at several major technology companies. A significant cyber intrusion has involved a group known as UNC6395, which has reportedly compromised sensitive customer data across various organizations,…
Artificial Intelligence & Machine Learning, Government, Industry Specific Also: Netskope’s High-Stakes IPO, How AI Sovereignty Threatens Our Shared Reality Anna Delaney (annamadeline) • August 29, 2025 Clockwise, from top left: Anna Delaney, Tony Morbin, Chris Riotta, and Michael Novinson This week’s update features a discussion among four editors from ISMG…
AI-Powered Cloud Next-Generation Firewalls, Network Firewalls, Network Access Control, Security Operations Cisco Gains Recognition While HPE Juniper Emerges as a Challenger in New Hybrid Mesh Firewall Rankings Michael Novinson (MichaelNovinson) • August 29, 2025 The initial Magic Quadrant for hybrid mesh firewalls from Gartner has identified industry leaders, with Palo…
A coalition of international cybersecurity organizations, spearheaded by the UK’s National Cyber Security Centre (NCSC), has publicly implicated three technology firms based in China in a sustained global cyberattack campaign. In a recent advisory, the NCSC and partners from twelve nations—including the United States, Australia, Canada, New Zealand, Czech Republic,…
April 5, 2023
Cyber Threat / Malware
A newly identified malware, dubbed CryptoClippy, is specifically targeting Portuguese cryptocurrency users through a malvertising campaign. This sophisticated malware employs SEO poisoning techniques to lure users searching for “WhatsApp web” to malicious domains that host the threat, according to a recent report from Palo Alto Networks’ Unit 42.
CryptoClippy, written in C, is a type of cryware known as clipper malware, which monitors clipboard activity for cryptocurrency addresses. When it detects a match, the malware substitutes the copied address with one controlled by the attacker. “The clipper malware utilizes regular expressions (regexes) to ascertain the cryptocurrency type of the address,” noted researchers from Unit 42. “It then replaces the clipboard entry with a visually similar wallet address belonging to the adversary.”
CryptoClippy Emerges as New Threat Targeting Portuguese Cryptocurrency Users April 05, 2023 A concerning new malware known as CryptoClippy is currently posing risks to cryptocurrency users in Portugal, as reported by cybersecurity experts at Palo Alto Networks’ Unit 42. This malware is part of a malvertising campaign that capitalizes on…
April 5, 2023
Cyber Threat / Malware
A newly identified malware, dubbed CryptoClippy, is specifically targeting Portuguese cryptocurrency users through a malvertising campaign. This sophisticated malware employs SEO poisoning techniques to lure users searching for “WhatsApp web” to malicious domains that host the threat, according to a recent report from Palo Alto Networks’ Unit 42.
CryptoClippy, written in C, is a type of cryware known as clipper malware, which monitors clipboard activity for cryptocurrency addresses. When it detects a match, the malware substitutes the copied address with one controlled by the attacker. “The clipper malware utilizes regular expressions (regexes) to ascertain the cryptocurrency type of the address,” noted researchers from Unit 42. “It then replaces the clipboard entry with a visually similar wallet address belonging to the adversary.”
May 30, 2025
Vulnerability / Threat Intelligence
A China-linked threat group has been identified as the source of recent attacks exploiting a critical security flaw in SAP NetWeaver, part of a larger campaign against organizations in Brazil, India, and Southeast Asia that began in 2023. According to Trend Micro security researcher Joseph C. Chen, the attackers primarily exploit SQL injection vulnerabilities in web applications to infiltrate SQL servers of targeted entities. “The actor also leverages various known vulnerabilities to compromise public-facing servers,” Chen noted in a recent analysis. Key targets have included Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. Trend Micro is tracking this activity under the name Earth Lamia, which shows some overlap with threat clusters reported by Elastic Security Labs as REF0657, Sophos as STAC6451, and Palo Alto Networks’ Unit 42.
China-Linked Hackers Exploit Vulnerabilities in SAP and SQL Server Across Asia and Brazil May 30, 2025 In a concerning development for global cybersecurity, a China-linked threat actor has been identified as the driving force behind a significant exploitation of a critical vulnerability in SAP NetWeaver. This incident is part of…
May 30, 2025
Vulnerability / Threat Intelligence
A China-linked threat group has been identified as the source of recent attacks exploiting a critical security flaw in SAP NetWeaver, part of a larger campaign against organizations in Brazil, India, and Southeast Asia that began in 2023. According to Trend Micro security researcher Joseph C. Chen, the attackers primarily exploit SQL injection vulnerabilities in web applications to infiltrate SQL servers of targeted entities. “The actor also leverages various known vulnerabilities to compromise public-facing servers,” Chen noted in a recent analysis. Key targets have included Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. Trend Micro is tracking this activity under the name Earth Lamia, which shows some overlap with threat clusters reported by Elastic Security Labs as REF0657, Sophos as STAC6451, and Palo Alto Networks’ Unit 42.
Date: Sep 26, 2024
Category: Cyber Attack / Malware
Cybercriminals linked to North Korea have been detected deploying two new malware variants, KLogEXE and FPSpy. These activities have been connected to the threat group known as Kimsuky, also referred to as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. “These new samples expand Sparkling Pisces’ already extensive toolkit and highlight the group’s ongoing evolution and enhanced capabilities,” stated Palo Alto Networks Unit 42 researchers Daniel Frank and Lior Rochberger. Active since at least 2012, this group has earned the moniker “king of spear-phishing” for its skill in deceiving victims into downloading malware via emails that appear to originate from trusted sources. Unit 42’s investigation into Sparkling Pisces’ infrastructure has revealed the emergence of two new portable executables, KLogEXE and FPSpy. “These malware strains are known to be…
N. Korean Hackers Unleash New KLogEXE and FPSpy Malware in Targeted Campaigns On September 26, 2024, cybersecurity experts revealed that threat actors associated with North Korea have introduced two new malware strains, KLogEXE and FPSpy, into their cyber offensive toolkit. This initiative is linked to a group known as Kimsuky,…
Date: Sep 26, 2024
Category: Cyber Attack / Malware
Cybercriminals linked to North Korea have been detected deploying two new malware variants, KLogEXE and FPSpy. These activities have been connected to the threat group known as Kimsuky, also referred to as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. “These new samples expand Sparkling Pisces’ already extensive toolkit and highlight the group’s ongoing evolution and enhanced capabilities,” stated Palo Alto Networks Unit 42 researchers Daniel Frank and Lior Rochberger. Active since at least 2012, this group has earned the moniker “king of spear-phishing” for its skill in deceiving victims into downloading malware via emails that appear to originate from trusted sources. Unit 42’s investigation into Sparkling Pisces’ infrastructure has revealed the emergence of two new portable executables, KLogEXE and FPSpy. “These malware strains are known to be…
Critical Infrastructure Security, Governance & Risk Management, Operational Technology (OT) Surge in Attacks Targeting Operational Technology Networks Prajeet Nair (@prajeetspeaks) • August 13, 2025 Image: Ivan Kislitsin/Shutterstock Researchers report a notable surge in exploitation attempts against a critical vulnerability in the Erlang/OTP runtime system, prevalent in operational technology settings. The…
📅 Jun 30, 2025
Cybersecurity / Hacking News
Curious about what happens when attackers play by the rules—only better? This week, we explore stories that challenge our understanding of security control. It’s not always a broken firewall or an unpatched system; sometimes, it’s the seemingly innocuous choices, default settings, and shortcuts we take that introduce risk. The true shock is that threats can stem from the very design of our systems. Join us as we delve into the underlying factors influencing today’s security landscape.
FBI Alerts on Scattered Spider’s Airlines Attacks — The FBI has issued warnings about a new wave of sophisticated attacks by the cybercrime group Scattered Spider, specifically targeting the airline industry through advanced social engineering tactics. Cybersecurity experts from Palo Alto Networks Unit 4…
Weekly Cybersecurity Recap: Airline Breaches, Citrix Vulnerabilities, and Malware Threats June 30, 2025 Cybersecurity | BreachSpot In the ever-evolving landscape of cybersecurity threats, recent events serve as a stark reminder that vulnerabilities often lie in systemic operations rather than overt faults. This week, we explore incidents that challenge our assumptions…
📅 Jun 30, 2025
Cybersecurity / Hacking News
Curious about what happens when attackers play by the rules—only better? This week, we explore stories that challenge our understanding of security control. It’s not always a broken firewall or an unpatched system; sometimes, it’s the seemingly innocuous choices, default settings, and shortcuts we take that introduce risk. The true shock is that threats can stem from the very design of our systems. Join us as we delve into the underlying factors influencing today’s security landscape.
FBI Alerts on Scattered Spider’s Airlines Attacks — The FBI has issued warnings about a new wave of sophisticated attacks by the cybercrime group Scattered Spider, specifically targeting the airline industry through advanced social engineering tactics. Cybersecurity experts from Palo Alto Networks Unit 4…
