Author: Staff Writer

Quick Takeaways New Ransomware Variant: The Interlock ransomware group has launched a PHP variant of its remote access trojan (RAT), utilizing a tool called FileFix, in a widespread campaign since May 2025. Infection Tactics: The campaign involves compromised websites injecting scripts that redirect users to fake CAPTCHA pages, prompting download and execution of the Interlock RAT via PowerShell. Operational Features: Once deployed, the RAT performs system reconnaissance, exfiltrates data, and uses Windows Registry changes for persistence, alongside exploiting Cloudflare Tunnel subdomains for command-and-control communication. Evolving Threat Landscape: The research highlights the operational sophistication of the Interlock group, adapting their malware…

Jul 14, 2025The Hacker NewsSecrets Management / SaaS Security While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn’t just about poor hygiene; it’s a systemic and growing…

Summary Points A fake "Solidity Language" extension for the Cursor AI IDE infected devices with remote access tools and infostealers, leading to the theft of $500,000 in cryptocurrency from a Russian developer. The malicious extension, posing as a legitimate tool for Ethereum smart contracts, was downloaded 54,000 times before being removed, with analytics suggesting inflated counts to enhance perceived legitimacy. Once installed, the extension executed a PowerShell script to install ScreenConnect, granting attackers full remote access and enabling the installation of malware like Quasar RAT and PureLogs stealer. Kaspersky warns developers to exercise extreme caution when downloading from open repositories,…

Summary Points Cybersecurity Intensifying: This week revealed significant cybersecurity threats, emphasizing the urgent need for precision in mitigating risks linked to outdated tools, inadequate responses, and compliance gaps. Major Arrests: The U.K. National Crime Agency arrested four alleged members of the Scattered Spider cybercrime group, responsible for high-profile attacks on major retailers, including Marks & Spencer and Harrods. Vulnerabilities in Vehicles and Applications: Critical flaws identified in OpenSynergy’s Bluetooth stack could enable remote attacks on millions of vehicles; meanwhile, various other vulnerabilities, including a critical SQL injection flaw in Fortinet products, necessitate immediate patching to avert exploitation. Emerging Threats from…

Top Highlights A critical vulnerability in train braking systems, tracked as CVE-2025-1727, allows remote stopping of trains due to weak authentication in radio signal protocols. Exploitation could lead to derailments and severe disruptions, with minimal hardware required for an attack, posing significant risks to rail safety and operations. The flaw was first reported in 2012, with industry stakeholders dismissing its severity; new secure systems are not expected until 2027. The vulnerability underscores an urgent need for enhanced cybersecurity measures in the rail sector, which remains under-resourced compared to other industries like finance. Dangerous Flaw A newly revealed vulnerability in railroad-braking…

Essential Insights Vulnerability Discovered: CISA disclosed CVE-2025-1727, a serious flaw in the remote linking protocol between End-of-Train (EoT) and Head-of-Train (HoT) systems, allowing unauthorized manipulation of train brakes due to lack of authentication and encryption. Historical Context: The vulnerability was first identified by researcher Neil Smith in 2012, with subsequent efforts to address it failing due to disagreement with the Association of American Railroads (AAR) over the necessity of real-world impact proof. Potential Consequences: Exploitation could enable attackers to remotely control train brakes, risking derailments and system-wide disruptions using inexpensive hardware, highlighting the urgent need for safety measures. Mitigation Plans:…

Your identity environment holds the keys to your most critical data in the form of privileged accounts. Industry consolidation and a desire for company growth both often lead to mergers or acquisitions which, if not managed closely, can wreak havoc on an identity landscape. Mergers of identity environments create a glut of identities and identity accounts to manage, some of which may be redundant. They also introduce new 3rd parties, contractors and non-human identities like service accounts, bots etc…. into the equation. In addition, a merger or acquisition could hybridize the identity landscape, adding Cloud applications to on-prem resources, and…

Summary Points The Interlock ransomware group is distributing a new Remote Access Trojan (RAT) via compromised websites using an evolved ClickFix social engineering attack that tricks users into executing malicious code disguised as file updates or error resolutions. The recently used FileFix variant prompts users with a fake ‘Open File Explorer’ button that ultimately leads to the execution of malicious files by copying and pasting a path into File Explorer. Starting in May 2025, the group has been observed using a sophisticated traffic distribution system (KongTuke) that shifted from ClickFix to FileFix, delivering a PHP variant of the Interlock RAT…

Fast Facts Data Breach Impact: Louis Vuitton has confirmed a data breach affecting customers in the UK, South Korea, and Turkey, with potential impacts in other countries, compromising personal information like names and contact details. Scope of Compromise: The breach involved unauthorized access that lasted almost a month before detection on July 2, affecting around 143,000 residents in Turkey due to a third-party service provider’s compromised account. Financial Data Security: While personal information was stolen, Louis Vuitton assured customers that passwords, payment card information, and financial details remained secure and unaffected. Cybersecurity Context: Louis Vuitton is among several luxury retailers,…

Summary Points India’s CBI dismantled a transnational cybercrime syndicate involved in tech support scams targeting Australia and the UK, resulting in over £390,000 ($525,000) in reported losses in the UK alone. An operation dubbed Operation Chakra V led to the arrest of key operatives and the discovery of a fully functional fraudulent call center, FirstIdea, utilizing advanced technology to disguise their identity and target victims. The scammers impersonated Microsoft technical support, falsely claiming device infections to extort money from over 100 UK victims through phishing tactics and VoIP technology. The operation was the result of 18 months of collaboration among…