Author: Staff Writer

Essential Insights Insight Partners suffered a data breach following a sophisticated social engineering attack, resulting in the theft and encryption of sensitive data affecting over 12,600 individuals. The breach involved exfiltration of data starting in October 2024, with server encryption occurring on January 16, 2025, impacting banking, tax information, employee data, and fund details. The company is sending notification letters and offering credit monitoring services, with affected individuals identified by the end of September 2025; unnotified individuals are unaffected. Despite the breach, no ransomware groups have claimed responsibility, and Insight Partners, managing over $90 billion and investing in 800+ startups,…

Summary Points Targeted Cyber Espionage: The China-aligned hacking group TA415 has conducted spear-phishing targeting U.S. government and academic institutions, using U.S.-China economic themes to deceive victims. Impersonation Tactics: The group impersonated key figures and organizations, including the Chair of the Select Committee on U.S.-China Relations, to lure individuals specializing in trade and economic policy to supply information. Malware Delivery Method: Phishing emails contained links to password-protected archives that executed a malicious Python loader (WhirlCoil) disguised as benign files, with capabilities to create backdoors for persistent access. Ongoing Threat: The activity aligns with warnings from U.S. officials about ongoing espionage campaigns…

Top Highlights An audit revealed that CISA improperly awarded $138 million in Cybersecurity Retention Incentive payments, with $1.4 million going to 348 unqualified employees, raising concerns among staff about program survival. Employees worry that the report’s emphasis on ineligible recipients could lead to the Trump administration dismantling the retention program, which is crucial for keeping talent amid past workforce cuts. While the report highlights valid issues regarding vague eligibility criteria, many argue all CISA roles require cybersecurity knowledge, even if not directly tied to technical tasks. CISA staff fear that adjustments to incentive payments could exacerbate workforce challenges, risking a…

Summary Points Microsoft disrupted the "Raccoon0365" phishing-as-a-service operation, seizing 338 domains and targeting over 2,300 organizations globally, including at least 20 U.S. hospitals. The operation sold subscription-based phishing kits via Telegram, stealing roughly 5,000 Microsoft 365 credentials across 94 countries since July 2024. The group, led by Nigerian programmer Joseph Ogundipe, generated over $100,000 in cryptocurrency and had at least 850 members; Microsoft conducted tests revealing operational details. The attack severely impacted U.S. healthcare, facilitating breaches, malware deployment, and ransomware, prompting Law Enforcement and Health-ISAC to support domain seizures. The Core Issue On Tuesday, Microsoft announced the successful disruption of…

Essential Insights Russian hackers are launching up to 50 daily cyberattacks on Polish critical infrastructure, mostly thwarted but with some targeting hospitals and water systems, causing operational disruptions and data breaches. One significant attack nearly shut down a city’s water supply, marking a serious escalation since Russia’s invasion of Ukraine, prompting Poland to allocate €80 million this month to bolster water system cybersecurity. Poland’s total cybersecurity budget is being raised to €1 billion this year, reflecting its status as the EU’s most frequent target of Russian cyberattacks, which it successfully defends against 99% of attempts. In addition to cyber warfare,…

Essential Insights VoidProxy Phishing Operation: A sophisticated phishing-as-a-service operation, VoidProxy, targets Google and Microsoft accounts, using advanced techniques to bypass traditional security measures like multifactor authentication (MFA). Adversary-in-the-Middle Techniques: Utilizes adversary-in-the-middle methods to capture session tokens, MFA codes, and credentials, effectively circumventing typical MFA safeguards. Ongoing Attacks and Impact: Since January, attacks have been ongoing, with researchers noting high-confidence account takeovers that could affect many users across Microsoft and Google platforms. Protective Measures: Okta’s Fastpass service can thwart attacks, while experts recommend adopting passkeys as a stronger defense against such phishing threats, echoing calls from Google for enhanced security practices.…

Fast Facts Gold Salem (Storm-2603), monitored by CTU, has been active since March 2025, targeting a diverse range of organizations globally, with a possible outside-China/Russia operation, and has claimed data sales from victims. The group engages in initial access exploits, notably using the SharePoint ToolShell exploit chain, and employs advanced tactics like bypassing EDR with vulnerable drivers and using legitimate tools for lateral movement. Gold Salem operates a Tor-based leak site where they post victim data and set ransom deadlines, with recent activity indicating efforts to recruit initial access brokers and expand operations. Mitigation strategies include proactive patching, monitoring for…

Essential Insights ENISA’s "Cyber Hygiene in the Health Sector" provides practical, easy-to-implement measures for healthcare organizations to enhance cybersecurity, protect sensitive data, and improve resilience across hospitals and clinics of all sizes. The report highlights that healthcare providers are most affected by cyber incidents, with 53% of reported attacks, mainly due to software/hardware vulnerabilities, emphasizing the sector’s cybersecurity maturity gap and need for strengthened defenses. The guide recommends comprehensive security practices including asset inventory management, secure configurations, access controls, regular patching, encryption, network segmentation, continuous monitoring, and incident response planning. The EU is actively reinforcing health sector cybersecurity through new…

Quick Takeaways A Chinese state-sponsored hacking group, TA415 (also known as APT41), targeted US entities involved in China-US relations via a sophisticated phishing campaign using VS Code remote tunnels instead of traditional malware. The phishing involved spoofed emails impersonating US organizations and officials, containing links to password-protected archives with scripts that triggered multi-stage infections and remote access tools. The attack process included downloading VSCode CLI, establishing persistent remote tunnels via GitHub, and collecting system data, allowing the hackers to remotely execute commands on compromised devices. TA415, operating from Chengdu as a private contractor linked to Chinese intelligence priorities, shifted focus…

Quick Takeaways Conor Fitzpatrick, owner of BreachForums, was initially sentenced to 20 years of supervised release but was resentenced to three years in prison for operating the cybercrime marketplace and possessing child sexual abuse material. BreachForums, launched in March 2022, became a major platform with over 330,000 members, offering billions of records of stolen personal data and enabling extensive cybercrimes. Fitzpatrick personally profited from selling vast amounts of stolen data, including private info, with the damage and human cost from these crimes considered incalculable. Despite law enforcement shutting down BreachForums multiple times and its successor platforms, the illegal marketplace’s impact…