Author: Staff Writer

Fast Facts RevengeHotels, a hacker group active since 2015, has expanded its toolkit by adding new remote access trojans (RATs) like VenomRAT and AI-generated scripts, targeting the hospitality sector primarily in Latin America and Brazil. Their attacks commence with phishing emails—often exploiting hotel invoicing or fake job applications—to deliver malware via malicious websites, utilizing AI-driven JavaScript loaders and PowerShell downloaders to enhance infection success. The malware, particularly VenomRAT, allows remote control, file exfiltration, and propagation through USB drives, with new tactics showing an evolution in operational sophistication. The group is leveraging large language models (LLMs) to craft and adapt phishing…

Quick Takeaways Tiffany & Company’s systems were hacked around May 12, 2025, exposing personal data of over 2,500 U.S. customers, including gift card details, personal info, and sales data. The breach may be linked to a broader cyber campaign affecting LVMH brands, but it remains unclear if this incident is connected to recent Salesforce-targeted attacks or is separate. Unlike other breaches involving third-party systems, Tiffany’s compromised data appears to originate from its own systems, with no evidence of ransomware group leaks. Security authorities are investigating, and Tiffany has yet to confirm details, leaving questions about the scope and impact of…

Top Highlights Emerging Threat: TA558, tracked as RevengeHotels, targets hotels in Brazil and Spanish-speaking markets, utilizing remote access trojans (RATs) like Venom RAT to extract sensitive customer data. AI Utilization: The threat actor employs artificial intelligence for generating sophisticated phishing emails, making attacks more convincing with JavaScript loaders and PowerShell downloaders. Evolving Tactics: RevengeHotels has diversified its attack methods, moving from exploiting Microsoft Office vulnerabilities to delivering various RATs via refined phishing campaigns targeting popular hotel booking and employment themes. Malware Capabilities: Venom RAT can siphon data, establish persistence on infected systems, and evade detection mechanisms like Microsoft Defender, highlighting…

Fast Facts WatchGuard released updates fixing CVE-2025-9242, a critical remote code execution vulnerability in Firebox firewalls caused by an out-of-bounds write in Fireware OS, affecting multiple versions since 11.x. The flaw impacts devices configured with IKEv2 VPN, including both mobile and branch office VPNs, even if vulnerable configurations have been deleted, if static gateway peers remain configured. Administrators are advised to immediately patch affected devices or implement temporary workarounds—such as disabling dynamic peer BOVPNs—due to the threat of exploitation by attackers. Although not yet exploited in the wild, the vulnerability poses a significant risk, especially since threat actors target firewalls…

Fast Facts SonicWall confirmed that unauthorized access occurred in some MySonicWall customer accounts. The breach involved sensitive configuration backups, including admin credentials, VPN settings, and certificates. The affected files were uploaded via SonicWall’s cloud backup system, which is meant for secure configuration storage. The incident highlights potential vulnerabilities in cloud backup security and the risk of exposure of critical firewall data. Key Challenge SonicWall announced yesterday that an unauthorized individual gained access to certain configuration backups stored within some MySonicWall customer accounts. These backups, which are created via SonicWall’s cloud-based system, include sensitive information such as administrator credentials, VPN settings,…

Fast Facts SonicWall notified less than 5% of customers after hackers accessed backup firewall preference files stored in the cloud, risking potential targeted attacks. The breach resulted from brute force attacks, and files, though encrypted, contain data that could help threat actors target firewalls further; files were not leaked online. SonicWall issued new, randomized preference files, which require import, causing temporary VPN disruptions and firewall reboots, with detailed guidance for manual remediation options. Customers are advised to reset passwords and review credentials manually if they choose not to use the provided preference files, with official resources available to verify if…

Summary Points Medical Associates of Brevard, based in Florida, notified authorities that a data breach in January 2025 affected approximately 247,000 individuals. The breach involved theft of personal, protected health information, emails, databases, and documents related to HR and partners, attributed to the BianLian ransomware group. The group claimed responsibility for the attack but has been inactive since late March, leaving the fate of the stolen data uncertain. Healthcare data breaches are common and often impact large populations, as exemplified by similar incidents affecting hundreds of thousands nationwide. What’s the Problem? Medical Associates of Brevard, a healthcare provider based in…

Summary Points Investment in Security Growth: ParkerGale invests in RedZone Technologies, appointing Gary Simat as CEO to enhance customer-focused security solutions for regulated industries. AI-Driven Security Innovations: CrowdStrike launches the Falcon Platform Fall Release, introducing AI-native capabilities that unify data, intelligence, and governance for enhanced cybersecurity. Eve Security’s Funding and Innovations: Eve Security raises $3 million to unveil EveGuard, an AI observability and policy enforcement platform designed to secure AI agents within critical business systems. Global Cyber Alliance’s Leadership Change: Celebrating its 10th anniversary, the Global Cyber Alliance appoints Brian Cute as Interim CEO, highlighting the urgent need for collaborative…

Summary Points Google issued emergency security updates for Chrome to patch a high-severity zero-day vulnerability (CVE-2025-10585) involving a type confusion flaw in the V8 JavaScript engine, which has a known public exploit and is actively exploited in the wild. This marks the sixth zero-day actively exploited in Chrome this year, with previous patches addressing similar critical flaws including sandbox escapes and account hijacking. While Google has not disclosed full details of in-the-wild exploitation, it confirmed the vulnerability was used in targeted attacks, especially against high-risk individuals like journalists and opposition politicians. Users are urged to update Chrome immediately via Help…

Quick Takeaways Investment and Leadership Change: RedZone Technologies secures growth investment from ParkerGale, with Gary Simat, former CEO of Performive, stepping in as CEO to lead the company forward. Focus on Security Expertise: RedZone aims to evolve into a comprehensive IT services platform that emphasizes security, compliance, and data sovereignty, enhancing organizations’ confidence in their technology. Expansion of Managed Security Services: The demand for outsourced cybersecurity services is growing, driving RedZone to prioritize monitoring, management, and response capabilities against evolving threats. Commitment to Customer-Centric Growth: With ParkerGale’s backing, RedZone is set to expand its cybersecurity capabilities while maintaining a disciplined,…