Author: Staff Writer

Summary Points Threat actors are using a social engineering tactic called ClickFix, involving fake CAPTCHA pages to trick users into executing malicious PowerShell scripts, leading to deployment of a backdoor called CORNFLAKE.V3, which supports various payloads and maintains persistence. The CORNFLAKE.V3 backdoor, an evolution of CORNFLAKE.V2, can execute payloads via HTTP, collect system info, and hide traffic through Cloudflare tunnels, with added features like host persistence and support for diverse payload types. Two hacking groups, UNC5774 and UNC4108, leverage UNC5518’s access to deploy different tools: one for deploying further payloads and the other for deploying RATs and reconnaissance utilities, often…

Essential Insights Federal prosecutors charged Ethan Foltz, 22, for operating a global botnet known as Rapper Bot, which employed hacked IoT devices for large-scale DDoS attacks. The botnet executed over 370,000 attacks using 65,000 to 95,000 compromised devices, with attack rates exceeding six terabits per second. Rapper Bot targeted victims across 80 countries, including U.S. tech companies and a government agency, and was described as “one of the most powerful” DDoS botnets. The Defense Criminal Investigative Service investigated the case due to attacks on U.S. defense contractors, leading to the botnet’s dismantling. Unraveling the Dark Web of Botnets The recent…

Quick Takeaways Noah Urban, a 20-year-old Florida man, was sentenced to 10 years in federal prison for his role in the Scattered Spider cybercrime group, responsible for breaching over 130 companies and causing up to $25 million in losses. Urban operated under aliases like “King Bob” and used techniques such as SIM swapping to steal cryptocurrency and commit identity theft, notably stealing at least $800,000 via SIM swapping from five victims. The Scattered Spider group, linked to multiple high-profile breaches at companies like LastPass and MGM Resorts, evolved from a community of young hackers sharing social engineering tactics, and resumed…

Top Highlights Colt Technology Services confirmed a cyberattack resulted in the theft of some customer-related data, with attackers posting stolen files on the dark web. The breach involved the theft of approximately one million documents, attributed to the ransomware group WarLock, which claims to be auctioning the stolen data. While internal support systems were impacted, Colt emphasized that customer infrastructure remained separate and unaffected during the attack. WarLock has also claimed similar data thefts from other telecom firms like Orange, though links to these incidents remain unconfirmed. The Issue On August 14, the UK-based telecom giant Colt Technology Services announced…

Fast Facts Noah Michael Urban, aka ‘Sosa’ and others, was sentenced to 10 years and ordered to pay $13 million for his role in the cybercrime group Scattered Spider, involved in SIM swapping and cryptocurrency theft. Between August 2022 and March 2023, Urban conspired to steal at least $800,000 from victims’ crypto accounts via SIM swapping, targeting over five victims. The Scattered Spider group, also known as Muddled Libra and other aliases, is linked to major phishing campaigns and attacks against organizations like Caesars and MGM Resorts. Urban claimed the sentence was biased, citing a hacking incident where a group…

Summary Points The FBI warns that Russian-linked hackers, specifically Berserk Bear (also known as Blue Kraken, Crouching Yeti, Dragonfly, Koala Team), are exploiting a 7-year-old Cisco vulnerability (CVE-2018-0171) to target critical infrastructure globally. Exploiting this flaw allows attackers to remotely crash unpatched devices or execute arbitrary code, facilitating reconnaissance, configuration modification, and potential control over targeted networks. These threat actors have used custom tools to maintain persistence, evade detection, and have previously targeted US government, transportation, and industrial sectors; the campaign remains ongoing and widespread. Cisco urgently recommends organizations patch affected devices immediately, as unpatched systems continue to be exploited,…

Quick Takeaways Password cracking attempts succeeded in 46% of organizations tested in 2025, nearly doubling from the previous year, highlighting critical vulnerabilities due to weak password policies and outdated hashing algorithms. The primary cause of failure in preventing credential-based attacks is the continued use of easily guessable passwords and insufficient credential security measures, such as lack of multi-factor authentication (MFA). Valid Accounts (MITRE T1078) are exploited in 98% of attacks, enabling threat actors to move laterally within networks undetected and access sensitive data or deploy further malware. To strengthen defenses, organizations must enforce robust password policies, upgrade hashing algorithms, implement…

Fast Facts Orange Belgium’s July data breach affected 850,000 customer accounts, exposing names, phone numbers, SIM details, PUK codes, and tariff plans, but not passwords or financial info. The company responded promptly by blocking access, tightening security, notifying authorities, and alerting impacted customers via email or text. Orange Belgium identified the hacking group responsible but did not disclose their identity, and confirmed the incident is unrelated to a separate Orange Group cyberattack in France. A ransomware group, WarLock, claimed to have stolen data from Orange, suggesting that some of the compromised information relates to France. Underlying Problem On Wednesday, Orange…

Quick Takeaways Noah Michael Urban, a key member of the cybercrime group Scattered Spider, was sentenced to 10 years in prison and ordered to pay $13 million in restitution for orchestrating crypto thefts involving millions through phishing, SIM swapping, and data breaches. The group stole vast amounts by hacking into personal and corporate accounts, accessing sensitive data, and redirecting cryptocurrency via account takeovers, with Urban claiming to have made several million dollars from these activities. Scattered Spider, known for sophisticated social engineering attacks—targeting high-profile organizations like Coinbase, Reddit, and MGM Resorts—has shifted focus to industries including aviation and transportation, often…

Summary Points Noah Michael Urban, a 20-year-old linked to the cybercrime group Scattered Spider, was sentenced to 10 years in prison for hacking, cryptocurrency theft, and identity theft, with $13 million in restitution ordered. Urban and co-conspirators used social engineering, SIM swapping, and spear-phishing techniques to target victims and steal at least $800,000 across multiple incidents. Scattered Spider has formed an alliance with groups like ShinyHunters and LAPSUS$, engaging in social engineering, ransomware, and data theft, leveraging tactics that exploit human vulnerabilities. Cybersecurity experts warn that these groups dominate by targeting people and exploiting weaknesses in security protocols through deception,…