Author: Staff Writer

Summary Points Qilin led ransomware activity for the third time in four months in July 2025, targeting 73 victims and contributing to the upward trend in global attacks, with the US being the most affected country. Critical infrastructure sectors and professional services were primary targets, with notable attacks on government, energy, telecommunications, and defense-related organizations. New ransomware groups and variants emerged, including BEAST, D4RK4RMY, and AiLock, showcasing evolving tactics like RaaS models, hybrid encryption, and cross-platform Linux attacks. Cybersecurity experts emphasize the importance of developing resilience through segmentation, zero trust, immutable backups, and comprehensive incident response planning to combat increasingly…

Summary Points Over 28,000 Microsoft Exchange servers remain unpatched despite warnings about a high-severity vulnerability (CVE-2025-53786) that is more likely to be exploited, posing significant security risks. The latest security update addresses 111 vulnerabilities across Microsoft products, including critical flaws in Azure OpenAI and Windows graphics components, with some vulnerabilities having high CVSS scores of 9.8. Researchers consider CVE-2025-53779, an elevation of privilege flaw in Windows Kerberos, a zero-day with existing exploit code, raising concerns over potential full domain compromise. The update follows widespread attacks on on-premises SharePoint servers exploiting zero-days, emphasizing an upward trend in privilege escalation vulnerabilities over…

Top Highlights Trend Micro identified Charon ransomware, employing advanced APT-like techniques, notably DLL sideloading and process injection, targeting Middle Eastern public and aviation sectors, with tailored ransom demands. The attack uses a multistage payload with encrypted layers and disruptive tactics like disabling security services and deleting backups, maximizing operational damage and complicating recovery. Charon exhibits strong network propagation capabilities, scanning and encrypting shared drives while avoiding detection of administrative shares, highlighting its evasive and swift encryption methods. Defending against it requires layered security measures including blocking DLL sideloading, improving backup resilience, monitoring suspicious process chains, limiting lateral movement, and raising…

Quick Takeaways Fortinet issued a warning about a critical vulnerability (CVE-2025-25256) in FortiSIEM with a CVSS score of 9.8, where exploit code exists in the wild, allowing unauthenticated privilege escalation and command execution. Prior to disclosure, GreyNoise detected a spike in brute-force attacks targeting Fortinet SSL VPNs, often a precursor to exploitation of new vulnerabilities, suggesting potential malicious activity ahead. While direct causality isn’t confirmed, the timing of increased attack traffic and the vulnerability disclosure indicates a targeted, deliberate effort against Fortinet edge technologies. Historically, vulnerabilities in Fortinet products have been heavily exploited in ransomware and cyberattacks, and the presence…

Quick Takeaways The Russian hacking group EncryptHub is exploiting a now-patched Microsoft Windows vulnerability (CVE-2025-26633) using social engineering and malicious MSC files to deliver malware. They deploy sophisticated methods like fake job offers, compromised platforms, and fake video conferencing tools to infect targets with stealer malware such as Fickle Stealer, bypassing defenses through encrypted command-and-control (C2) communications. Attack sequences involve tricking victims into executing malicious MSC files that fetch and run PowerShell scripts, establishing persistence, collecting system info, and communicating with C2 servers to deploy further payloads. EncryptHub utilizes abused legitimate platforms like Brave Support to host malware, demonstrating resourcefulness…

Norway Dam Hack: Russian Hackers Accused of April Bremanger Sabotage On 7 April 2025, the Bremanger hydropower dam in Norway was the victim of a Russian-tied cyber attack, the nation’s first confirmed incident of pro-Russian hacker-linked infrastructure sabotage. Remote access to the controls of the flood gates of the dam was gained by the attackers, letting out 500 litres of water per second for more than four hours, the Police Security Service (PST) reported. Although no material damage or injuries were caused by low water levels, security officials indicate that the incident highlights Norway’s increasing exposure to cyberattacks against its…

Summary Points The report emphasizes the growing risks to manufacturing and energy OT systems from diverse cyber threats, highlighting the need for holistic security measures that address IT, OT, and supply chain vulnerabilities. It advocates adopting security best practices such as network segmentation, role-based access, encrypted connections, and adherence to standards like IEC 62443 and NIST 800-82 to reinforce OT defenses. Cloud adoption presents opportunities to enhance OT security and operational efficiency, with recommendations to evaluate impacts, migrate infrastructure securely, and leverage cloud services without compromising safety. Maintaining accurate OT asset inventories, implementing defense-in-depth strategies, and establishing comprehensive incident response…

Cyberscope, the Web3 security subsidiary of TAC InfoSec Limited, a global leader in cybersecurity and vulnerability management, has filed a U.S. patent for Cyberscope Cyberscan — the first-ever AI-optimized, multi-domain trust scoring and fraud detection system for blockchain projects. This innovation aims to deliver instant, verifiable trust scores for every blockchain initiative, transforming traditional, time-consuming due diligence into fast, actionable insights for investors, crypto exchanges, and regulators. Pioneering a New Standard in Web3 Security Cyberscope Cyberscan processes on-chain, off-chain, and Web2 intelligence to generate results in under five seconds. Once operational, it is expected to reshape trust measurement in blockchain…

Essential Insights U.S. sanctions targeted Russian cryptocurrency platforms Garantex and Grinex, accusing them of processing over $96 billion in illicit transactions linked to crimes like ransomware, hacking, and drug trafficking. Authorities seized domains, servers, and froze more than $26 million in cryptocurrency after a law enforcement operation, leading to arrests including Garantex co-founder Aleksej Besciokov. The U.S. offers up to $6 million in rewards for information on the leaders of Garantex, notably including $5 million for co-founder Aleksandr Mira Serda. Additional sanctions were imposed on six entities supporting Garantex and Grinex, highlighting efforts to disrupt the facilitation of ransomware proceeds…

Accenture has entered into an agreement to acquire CyberCX, one of the most prominent privately-owned cybersecurity providers serving government and enterprise clients across Australia, New Zealand, and international markets. This marks Accenture’s largest cybersecurity acquisition to date, significantly enhancing its regional security capabilities and reinforcing its market position in Asia Pacific. The acquisition is set to bolster Accenture’s ability to safeguard critical infrastructure, strengthen business resilience, and drive secure digital transformation amid escalating regulatory complexities and evolving cyber threats. Founded in Melbourne, Australia, in 2019, CyberCX has grown into one of the largest cybersecurity firms in the Asia Pacific region,…