Author: Staff Writer

Fast Facts Q3 2025 saw a major shift in ransomware, with the emergence of Scattered Spider’s ShinySp1d3r RaaS challenging traditional Russian dominance and LockBit’s resurrection targeting critical infrastructure, escalating the threat level. The number of active data-leak sites hit a record high of 81, reflecting fragmentation and increased operational activity by smaller and emerging ransomware groups expanding into low-risk regions like Thailand. LockBit, DragonForce, and Qilin formed strategic alliances, amplifying the collective threat through shared resources, techniques, and infrastructure, while targeting developing digital economies. ShinySp1d3r RaaS features sophisticated technical architecture combining social engineering, encryption, persistence, and stealthy communication, maximizing extortion…

Top Highlights Critical Vulnerability: A severe authentication bypass flaw (CVE-2025-5947) in the Service Finder WordPress theme allows unauthenticated attackers to access any account, including administrators, with a CVSS score of 9.8. Exploitation Attempts: Since August 1, 2025, over 13,800 exploitation attempts have been recorded, highlighting the urgency for users to secure their sites. Plugin Flaw: The vulnerability arises from inadequate validation of user cookies, enabling attackers to hijack accounts via the service_finder_switch_back() function. Update Recommendation: Site administrators are urged to audit their sites for suspicious activity and update to version 6.1 or higher to mitigate risks. Critical Vulnerability Discovered Threat…

Quick Takeaways Three major ransomware groups—DragonForce, Qilin, and LockBit—have formed a criminal cartel to coordinate attacks and share resources in response to a more challenging ransomware environment. The partnership was announced in early September, with DragonForce proposing collaboration shortly after LockBit introduced its new LockBit 5.0 ransomware. The groups aim to create a unified front to increase their income and influence market conditions, emphasizing cooperation over conflict. This alliance signals a significant shift towards organized, collaborative cybercrime operations in the ransomware landscape. What’s the Problem? In early September, three of the most threatening ransomware gangs—DragonForce, Qilin, and LockBit—announced a surprising…

Summary Points Increased Cyber Risk Management: Companies in the insurance and asset management sectors are significantly boosting cyber risk management expenditures and enhancing board-level oversight. Leadership Oversight: Nearly 70% of firms now have a chief information security officer (CISO), with regular briefings to the CEO and board, markedly up from previous years. Spending Surge: Nearly half of the companies allocate 8% or more of their total IT budgets to cybersecurity, a rise from 42% in 2023. Proactive Defense Measures: Most organizations conduct annual testing of incident response plans, and 97% have patch and vulnerability management programs, reflecting a strong commitment…

Quick Takeaways Darktrace reports a surge in Akira ransomware attacks since July 2023, primarily exploiting the CVE-2024-40766 vulnerability in SonicWall VPN devices, affecting sectors like manufacturing, education, and healthcare globally. The attacks leverage known vulnerabilities, remote access services, and legitimate tools like RDP, WinRM, and administrative utilities to perform reconnaissance, lateral movement, and data exfiltration, often using double extortion tactics. A recent U.S. network incident demonstrated swift detection and containment by Darktrace’s MDR service, limiting data exfiltration to approximately 2 GiB and preventing further malicious activity. The campaign underscores the critical need for timely patching, vigilant security practices, and awareness…

Summary Points Discord confirmed a data breach affecting approximately 70,000 users, exposing government ID photos, personal details, and chat messages, blamed on a third-party support service. The hackers claim to have stolen 1.5 terabytes (over 2 million photos) of ID images, arising from a broader campaign targeting Zendesk software used by Discord. Threat actors have attempted extortion, threatening to release the stolen data if Discord does not pay, though the company has not disclosed any payments or vulnerabilities in Zendesk. The breach is linked to a past incident in May 2023 involving a third-party support system compromise, with authorities and…

Summary Points The pro-Russian hacktivist group TwoNet shifted from DDoS attacks to targeting critical infrastructure, notably a fake water treatment plant used as a honeypot for observation. In September, they gained initial access via default credentials, exploited an XSS vulnerability, and disrupted operations by altering PLC setpoints and disabling logs without escalating privileges. TwoNet’s activities extend beyond DDoS, targeting HMI/SCADA systems in “enemy countries,” and publishing personal and cybercrime service details, indicating a broader shift to operational technology (OT) attacks. Forescout advises critical infrastructure organizations to strengthen authentication, segment networks, and deploy protocol-aware detection to defend against such sophisticated cyber…

Summary Points Trinity of Chaos, a highly sophisticated ransomware group linked to Lapsus$, Scattered Spider, and ShinyHunters, has launched a data leak site exposing sensitive info from 39 major corporations, including Google and Cisco. The group employs advanced social engineering and cloud exploitation tactics, notably compromising Salesforce via vishing, OAuth token theft, and targeted AI chat integrations, enabling persistent access. They operate as a hybrid threat actor, blending ransomware and data extortion strategies, and have aggregated over 1.5 billion records from diverse industries worldwide since 2019. With a calculated approach, they threaten victims with public data exposure and deadline pressure,…

Essential Insights Kantsu faced a severe cyberattack that incapacitated its systems, prompting the decision to discard and rebuild a new, secure system at a cost of ¥700 million (~ US$4.6 million), prioritizing speed over thorough investigation. The company consolidated security services into one firm, selecting a venture company for rapid response and flexible problem-solving capabilities, emphasizing the importance of specialized strengths. Despite having cyber insurance, Kantsu faced delays and uncertainties in insurance claims, ultimately suffering a total financial loss of ¥1.7 billion (~ US$11.1 million), including system renewal and partner compensation. President Tatsujo stresses that cyberattack prevention is impossible; preparedness,…

Top Highlights AI Integration in Cyber Attacks: Russian hackers are increasingly using AI for cyber attacks, including generating sophisticated phishing messages and developing malware like WRECKSTEEL, indicating a significant evolution in their tactics. Cyber Incidents Surge: Ukraine’s State Service reported 3,018 cyber incidents in H1 2025, up from 2,575 in the previous half, with local authorities being targeted more frequently. Targeted Phishing Campaigns: Various Russian hacking groups have orchestrated multiple phishing campaigns targeting Ukraine’s military, local governments, and defense sectors, employing tactics that include malicious RAR archives and fake threat removal programs. Exploitation of Vulnerabilities: Russian hackers are utilizing zero-click…