Author: Staff Writer

Quick Takeaways Discord’s third-party customer service provider experienced a data breach, exposing user names, emails, contact info, IP addresses, messages, and government ID images for some users. No financial info, passwords, or core Discord data were compromised, and the breach only affected users who contacted support through the third party. The company has taken measures including alerting users, revoking provider access, investigating, and involving law enforcement, but details on the incident timing and scope remain limited. The breach is believed to have occurred around September 20, linked to a group without a clear threat name, and unrelated to the LAPSUS$…

Essential Insights Outdated Patch Cycles: Traditional periodic maintenance windows for vulnerability management are ineffective in today’s fast-evolving cyber threat landscape, where exploit code can emerge within hours of a vulnerability disclosure. Cost of Breaches: The average cost of a data breach is $5.08 million, rising with delays in remediation, as attackers increasingly exploit vulnerabilities that remain unpatched for more than 30 days. Need for Automation and Redundancy: Continuous patch management through automated systems and building redundancy in critical systems are essential for effective remediation and minimizing operational disruptions. Cultural and Policy Shift: Organizations must evolve their mindset, prioritizing continuous remediation…

Essential Insights Unwitting Support: Western organizations may have inadvertently funded Chinese hackers by collaborating with the Beijing Institute of Electronics Technology and Application (BIETA), linked to China’s Ministry of State Security (MSS). Steganography Expertise: Chinese hackers, particularly Advanced Persistent Threats (APTs), have exploited steganography for covert malware delivery, indicating a sophisticated level of cyber warfare expertise developed through state-supported research. Research Covert Ties: The MSS utilizes BIETA and its affiliates, like Beijing Sanxin Times Technology Co., to access foreign technologies and recruit talent, often disguising their operations as independent academic work to gain entry into global discussions. Global Technology Theft:…

Quick Takeaways Recent versions of the XWorm backdoor (6.0, 6.4, 6.5) are actively distributed via phishing campaigns, utilizing plugins for wide-ranging malicious activities such as data theft, remote control, and file encryption. The malware was initially developed by XCoder, whose abandonment led to multiple threat actors adopting and distributing cracked variants, with high-profile campaigns mainly targeting Russia, the US, India, Ukraine, and Turkey. XWorm employs sophisticated delivery methods, including phishing emails, malicious JavaScript initiating PowerShell scripts, and disguise with legitimate filenames like Discord.exe, combining social engineering with technical exploits. Equipped with over 35 plugins, including ransomware modules, XWorm can lock…

Quick Takeaways The Scattered Lapsus$ Hunters cybercriminal group, initially claiming to have shut down, reemerged with a major data leak threatening to release nearly 1 billion files stolen from companies like Salesforce, Cisco, and Disney. The group exploited poor security measures at Salesforce, including weak two-factor authentication and OAuth protections, to conduct their attacks, which relied heavily on social engineering rather than platform vulnerabilities. Salesforce denied any platform breaches, attributing the attacks to social engineering tactics and compromised third-party OAuth tokens, though they face multiple lawsuits for alleged security oversights. The group targets high-profile organizations with large sensitive data, using…

Quick Takeaways Cyberangriffe auf deutsche Unternehmen, die auf Leak-Seiten veröffentlicht werden, haben sich zwischen 2021 und 2024 vervierfacht, Deutschland ist dabei Spitzenreiter. Laut BKA richten sich 80% der 950 analysierten Ransomware-Angriffe im Jahr 2024 gegen kleine und mittlere Unternehmen. In 251 Fällen wurde durch ransomware.live ein Datenabfluss nachgewiesen, was die Bedrohung durch Datenverlust unterstreicht. Angreifer setzen hauptsächlich auf Double Extortion, bei der Daten zuerst verschlüsselt und dann mit Veröffentlichung bedroht werden. The Core Issue Cyberangriffe auf deutsche kleine und mittlere Unternehmen (KMUs) haben zwischen 2021 und 2024 eine drastische Zunahme erlebt, mit einer mehr als vierfachen Steigerung der Angriffe, die…

Top Highlights The Salesloft Drift supply chain attack exposed over 700 companies to data theft, involving unauthorized access to OAuth tokens used across multiple platforms, with the attack occurring over 10 days in August. Okta successfully thwarted the attack through proactive IP restrictions and security measures, while Zscaler suffered data exposure due to delayed token decommissioning despite shutting off Drift usage earlier. Both companies remain uncertain on how threat actors accessed their OAuth tokens, highlighting vulnerabilities in token storage and the need for advanced security measures like Demonstrating Proof of Possession (DPoP). Experts emphasize the importance of stronger API controls,…

Fast Facts The recent Oracle E-Business Suite data theft and extortion campaign has been confirmed as the work of the Cl0p ransomware group, exploiting a zero-day vulnerability (CVE-2025-61882) with a critical severity score of 9.8. Attackers stole data in August and began extorting victims via emails from compromised FIN11-associated accounts in late September, leveraging both patched flaws from July and the new zero-day. Oracle has issued patches and indicators of compromise, urging organizations to check for signs of breach since broad exploitation indicates potential compromise even if patches are pending. Other cyber gangs like Scattered Spider and ShinyHunters may also…

Fast Facts Japanese brewing giant Asahi Group Holdings experienced a week-long outage at its domestic subsidiaries due to a ransomware attack, which caused system failures and disrupted operations. The attack involved data exfiltration, with hackers accessing and potentially stealing sensitive information; the company is investigating the scope of the theft. Asahi responded by isolating affected systems, implementing manual processes, and prioritizing data security, but cannot specify when full operations will resume. The incident was limited to domestic subsidiaries with no impact on Asahi’s international brands, and no group has claimed responsibility or confirmed extortion demands. Underlying Problem Japanese brewing giant…

Quick Takeaways A zero-day in Zimbra (CVE-2025-27915) involving stored XSS was exploited in cyberattacks on the Brazilian military, allowing arbitrary JavaScript execution via malicious ICS files. The vulnerability was patched in versions 9.0.0 Patch 44, 10.0.13, and 10.1.5 on January 27, 2025, but was reportedly exploited in the wild beforehand. Attackers used malicious ICS files to steal credentials, emails, and contacts, and to insert filters that redirect emails to an external server, with stealthy activity maintained for over three days. Multiple threat actors, including Russian group APT28 and others like Winter Vivern, have exploited similar vulnerabilities in webmail solutions for…