Author: Staff Writer

Quick Takeaways North Korean-linked threat actors, associated with the Contagious Interview campaign, have developed a multi-platform toolkit and backdoor called AkdoorTea, targeting cryptocurrency and Web3 developers across Windows, Linux, and macOS. The campaign uses fake job offers via platforms like LinkedIn and Upwork, tricking targets into downloading malware through cloned GitHub projects or phishing links during video and coding assessments. Malware such as BeaverTail, InvisibleFerret, OtterCookie, and TsunamiKit are deployed, with TsunamiKit facilitating cryptocurrency theft and persistence, while Tropidoor overlaps with Lazarus Group tools like LightlessCan. The operation extends to North Korean employment fraud schemes like WageMole, leveraging stolen identities…

Summary Points Rising Exposure: Nearly 200,000 industrial control systems (ICS) are currently accessible online, with a 13% increase from 160,000 to over 180,000 in 2024, projected to surpass 200,000 by 2025. New Risks: New ICS and operational technology (OT) devices are increasingly exposed, exhibiting severe vulnerabilities akin to legacy systems, including remote code execution flaws that threaten critical infrastructure. Vulnerability Scope: No single networking protocol is responsible for the surge in exposed devices; vulnerabilities span across most of the 13 common protocols, intensifying the cybersecurity threat landscape. Geographic Disparities: The U.S. leads globally with 80,000 exposed ICS devices, followed by…

Quick Takeaways LockBit ransomware group has resurfaced after law enforcement disruption, releasing LockBit 5.0, marking its sixth anniversary with cross-platform attack capabilities on Windows, Linux, and VMware ESXi. The new variants employ sophisticated evasion techniques: Windows version uses heavy obfuscation and anti-analysis measures; Linux provides command-line controls; ESXi targets virtualization infrastructure, risking widespread virtual machine encryption. LockBit 5.0 shares core features with LockBit 4.0, including file encryption with randomized extensions and log-clearing to hide activities, but is significantly more dangerous due to advanced obfuscation and virtualization targeting. The group’s resilience demonstrated post-Operation Cronos highlights the need for organizations to boost…

Fast Facts RTX confirmed a ransomware attack disrupted airport services, causing delays and cancellations, with systems supporting passenger processing affected but no evidence of data theft reported. The attack involved the HardBit ransomware, detected on systems managing airline check-in and boarding, and efforts to remove it have faced reinfection issues. While the investigation is ongoing, RTX does not anticipate significant financial impact, though European airports remain affected by delays. A UK suspect related to the incident has been arrested and released on bail; the attackers possibly operated via an affiliate program, with no definitive attribution of the threat actor. The…

Top Highlights A 17-year-old suspected member of the Scattered Spier hacking group was released into parental custody with restrictions after facing charges related to cyberattacks on Vegas casinos in 2023. The attacks, carried out between August and October, targeted MGM Resorts and Caesars Entertainment, using advanced techniques and ransomware like BlackCat/ALPHV, leading to over $100 million in damages for MGM and a $15 million ransom for Caesars. Prosecutors believe the teen holds approximately $1.8 million worth of Bitcoin but have not recovered it; they argue he should remain detained due to his operational skill and financial gains, while his lawyers…

Essential Insights DDoS attack volume increased by 41% YoY in H1 2025, peaking at 2.2 Tbps, signaling larger and more sophisticated threats. Attacks are lasting longer, multi-layered, and shifting focus from gaming to technology and financial sectors. Application-layer assaults now account for 38%, with UDP floods leading, and attackers commonly deploying multi-vector strategies. Geographically, the US, Netherlands, and Hong Kong are top attack sources, emphasizing the need for proactive, geographically aware defenses. The Core Issue The recent Gcore Radar report for the first half of 2025 documents a significant escalation in distributed denial-of-service (DDoS) attacks, revealing a 41% year-on-year surge…

Summary Points Volvo Group North America’s data breach was caused by a ransomware attack on third-party HR software provider Miljdata, exposing employee names and Social Security numbers. The attack was detected between August 20 and September 2, 2025, with the breach contained within Miljdata’s environment and not internal Volvo systems. Affected individuals are offered an 18-month free subscription to Allstate’s Identity Protection Pro service, including credit monitoring and identity restoration tools. Volvo urges impacted employees to remain vigilant against identity theft, apologizes for the incident, and is collaborating with Miljdata to address the breach. What’s the Problem? The recent data…

Essential Insights A man in West Sussex was arrested by the UK NCA in connection with a cyberattack on Collins Aerospace, which caused widespread flight disruptions at major European airports, including Heathrow, Brussels, and Berlin. The cybersecurity incident involved ransomware called HardBit targeting MUSE passenger processing systems, but RTX reports no material impact on its financial condition or operations. Experts identify HardBit’s modus operandi: encrypt files, request insurance details, and demand ransoms, with evolving versions that incorporate obfuscation and passphrases to complicate remediation efforts. Threat actors like Alixsec, Scattered Spider, and Rhysida are implicated in targeting critical infrastructure, including airports,…

Top Highlights Cisco released patches for 14 vulnerabilities in IOS and IOS XE, including a critical flaw (CVE-2025-20352, CVSS 7.7) that is actively exploited via stack overflow in SNMP, allowing remote code execution or DoS attacks. Exploitation requires low privileges but can escalate to root access if attackers have valid SNMP credentials and admin privileges. All devices running affected versions, including Meraki MS390 and Catalyst 9300 switches, are vulnerable, prompting Cisco to advise immediate updates. The update also addresses eight other high-severity flaws, with some medium-severity issues and proof-of-concept exploits existing but not yet exploited in the wild. Problem Explained…

Essential Insights Critical Vulnerabilities Discovered: Two severe flaws (CVE-2025-10643 & CVE-2025-10644) in Wondershare RepairIt enable authentication bypass, risking user data exposure and potential for supply chain attacks with a CVSS score of 9.1 and 9.4 respectively. Insecure Data Handling: The application’s poor development practices, including unencrypted data storage and overly permissive cloud access tokens, expose sensitive user data and proprietary company information, increasing the risk of intellectual property theft. AI Model Manipulation: Attackers could exploit the vulnerabilities to modify AI models and distribute malicious payloads, posing significant risks to legitimate users and eroding consumer trust. Urgent Mitigation Needed: Despite Trend…