Author: Staff Writer

Essential Insights The Metropolitan Police secured the world’s largest cryptocurrency seizure, valued at over £5.5 billion ($7.3 billion), involving 61,000 Bitcoin linked to a fraudulent scheme. Zhimin Qian, aka Yadi Zhang, pleaded guilty to criminal property possession for orchestrating a scheme that defrauded more than 128,000 victims in China and raised 40 billion yuan. Qian, dubbed "Bitcoin Queen," fled China after the scheme collapsed in 2017, converting proceeds into Bitcoin and attempting to launder funds in the UK with accomplice Jian Wen. This case marks the largest cryptocurrency seizure in UK history, surpassing previous global recoveries, and involved extensive international…

Essential Insights Harrods experienced a data breach affecting around 430,000 customer records due to a third-party supplier’s security failure, compromising basic personal info and some marketing data, but not financial or sensitive account details. The hackers behind the breach contacted Harrods, but the retailer has refused to engage, indicating a possible ransom demand, and confirmed it will cooperate with authorities, including the ICO. The incident is distinct from a previous May 2025 cyberattack on Harrods’ internal systems, which was contained without data loss, highlighting evolving cyber threats targeting supply chain weak links. Customers are advised to remain vigilant against phishing…

Quick Takeaways Sophos has been recognized as a Leader in the IDC MarketScape™: Worldwide Extended Detection and Response (XDR) Software 2025, underscoring its commitment to scalable, intelligent security solutions. The report praises Sophos’ protection capabilities, including standard features like host firewalls, IDS/IPS, device control, and encryption, alongside proactive defense tools such as Adaptive Attack Protection (‘Shields Up’). Sophos XDR integrates AI-driven threat detection, automated defenses, and extensive ecosystem flexibility, enabling rapid threat investigation, response, and seamless integration across diverse IT environments. The acquisition of Secureworks enhances Sophos’ platform, providing combined prevention, detection, and response, with plans for full integration into…

Quick Takeaways Asahi Group Holdings experienced a cyberattack disrupting its Japanese operations, suspending ordering, shipping, call center, and customer service functions. The breach has not yet confirmed data theft or leakage, and the company is investigating the source, with no timetable for recovery provided. The attack started early in the day, with no details on the threat actor, initial access method, or whether system encryption or ransom demands occurred. Asahi, holding a significant market share and international presence, has apologized for the inconvenience and is working to restore its affected services. The Core Issue Asahi Group Holdings, Japan’s leading beer…

Quick Takeaways Cybercriminals are exploiting trust in collaboration tools by promoting a fake, weaponized Microsoft Teams installer via SEO poisoning and malicious ads, leading to system compromise. The fraudulent installer, signed with untrustworthy certificates, deploys a persistent backdoor called Oyster (or Broomstick) that maintains access even after system reboots. The Oyster backdoor enables remote control, data exfiltration, and communicates with C2 servers, and has been linked to ransomware attacks like Rhysida. To prevent infection, users should download software only from official sources and avoid clicking on suspicious ads or search results, emphasizing vigilance and user education. Underlying Problem A sophisticated…

Essential Insights EvilAI Campaign: Threat actors are using sophisticated AI-enhanced tools to distribute malware globally, impacting sectors like manufacturing, healthcare, and technology, with notable infections in various countries. Deceptive Techniques: The malware disguises itself as legitimate productivity applications, employing valid digital signatures to evade detection and maintain covert communication with command-and-control servers. Global Distribution: The campaign utilizes various propagation methods, including mimicry of vendor sites, malicious ads, and social media, enabling widespread infiltration without raising suspicion. Adaptive Threats: Attackers are evolving their strategies, using diverse malicious applications and encoding techniques to bypass security measures, indicating a growing sophistication in cyber…

Essential Insights The Akira gang has bypassed SonicWall’s MFA protections, successfully exploiting vulnerabilities to gain unauthorized access and deploy ransomware, indicating a significant security breach. A critical vulnerability (CVE-2024-40766), rated 9.8, remains unpatched since August 2024, which Akira exploited for initial access and extortion, highlighting ongoing risks. SonicWall and agencies like CISA warn of brute-force and misconfiguration attacks, urging customers to verify and secure their systems amid repeated security failures and poor support. Industry experts criticize SonicWall’s longstanding security shortcomings, mismanagement, and support issues, emphasizing that multiple vendors face similar vulnerabilities, underscoring systemic security challenges. Problem Explained The story details…

Summary Points Workforce Retention: Only 35% of CISA’s workforce (approximately 889 out of 2,540 employees) will remain on the job during the federal government shutdown, performing essential national security functions. Operational Uncertainty: CISA leaders have provided minimal clarity to employees regarding who will work during the shutdown and their specific responsibilities. Potential Employee Departures: Fear of layoffs may lead to increased employee turnover within CISA, already affected by previous workforce reductions under the Trump administration. Cybersecurity Risks: A government shutdown poses significant cybersecurity threats, including halted vulnerability scans and delays in security projects, potentially allowing hackers to exploit reduced staff.…

Quick Takeaways Authorities across Africa arrested 260 cybercrime suspects during a two-week operation, targeting fraud networks involved in romance scams and sextortion, with total losses estimated at $2.8 million. The crackdown dismantled 81 cybercrime infrastructures and seized critical materials like USB drives, SIM cards, and forged documents across 14 countries, including Ghana, Senegal, and Côte d’Ivoire. The operation revealed a sharp rise in online-enabled crimes, particularly sextortion and romance scams, exploiting victims for blackmail and financial gain, affecting nearly 1,500 individuals. This effort was part of a larger intercontinental crackdown that led to 1,209 arrests and nearly $485 million in…

Summary Points The Akira ransomware group continues exploiting a year-old SonicWall vulnerability (CVE-2024-40766) with a high CVSS score of 9.3, mainly targeting SSL VPN accounts using OTP-based MFA. Their attacks are rapid, with dwell times measured in hours, emphasizing the need for swift detection of suspicious VPN logins and SMB activity to mitigate damage early. Akira leverages legitimate, pre-installed utilities such as Datto RMM and backup agents, enabling lateral movement and persistence while remaining undetected by mimicking normal IT operations. While SonicWall has patched the vulnerability, uncertainty remains about how attackers bypassed MFA, and the campaign involves multiple threat actors,…