Author: Staff Writer

Fast Facts Closure of Operations: The Hunters International Ransomware-as-a-Service (RaaS) group has announced its official shutdown and will provide free decryption tools to victims to recover data without paying ransoms. Background and Impact: The decision follows increased law enforcement scrutiny and declining profitability, with the group having claimed responsibility for almost 300 attacks and targeting notable entities like the U.S. Marshals Service and Fred Hutch Cancer Center. Removal of Extortion Entries: All entries from their extortion portal have been removed, and affected companies can request decryption tools and recovery guidance through the gang’s official website. Shift in Operations: Analysts revealed…

Summary Points Complex Infiltration Tactics: North Korean hackers, identified as APT BlueNoroff, are using deceptive Zoom update links via Telegram to spread Nim-compiled macOS malware, following an elaborate social engineering strategy targeting web3 and crypto employees. Advanced Malware Techniques: The malware, known as NimDoor, incorporates unique elements such as signal-based persistence, encrypted configuration handling, and asynchronous execution, demonstrating sophisticated capabilities beyond typical macOS threats. Dual Execution Chains: Analysis reveals that attackers utilize two Mach-O binaries—one in C++ and another in Nim—to facilitate distinct infection processes, which include data exfiltration through bash scripts and the establishment of persistent access via Nim…

Australian airline Qantas said Wednesday that a hacker made off with a trove of customers’ personal data including passenger names, emails, phone numbers, birth dates and frequent flyer numbers. The company said in a statement that a cybercriminal targeted one of its call centers on Monday and gained access to a third-party customer service platform that holds records for 6 million passengers. Qantas apologized to customers and said that while it’s still investigating the proportion of data stolen, “we expect it will be significant.” However, the system that was breached did not contain credit card and passport details or other…

Defending against insider threats, whether they arise from malicious insiders or result from negligent users, remains a high priority for security professionals. The unfortunate reality? Many organizations are alarmingly unaware of how their applications are being used. Often, they do little to monitor trusted identities once authentication and access have been granted. No follow-ups, no check-ins — just blind trust. You can’t stop what you can’t see. Proactive monitoring of user journeys both within and across applications is crucial for the early detection of misuse or abuse of trusted identities. This early detection is essential to mitigate threats and prevent…

Top Highlights Criminal Investigation: A former ransomware negotiator from DigitalMint is under investigation by the DOJ for allegedly collaborating with ransomware gangs to profit from extortion payments, threatening the integrity of incident response services. Company Response: DigitalMint terminated the employee upon learning of the alleged misconduct and asserts it is not a target of the investigation, emphasizing swift action and cooperation with law enforcement. Industry Concerns: Reports suggest that some data recovery firms previously engaged in undisclosed payments to ransomware gangs, raising ethical concerns about profit-driven motives in incident response. Business Model Risks: Experts warn that negotiation models lacking fixed…

NEW YORK (AP) — A politically motivated hacker breached Columbia University’s data systems last week, stealing troves of student documents while briefly shutting down the school’s computer systems, a university official said.The June 24 cyberattack prompted widespread network outages on campus, locking students and staff out of their email accounts, coursework and video conference software for several hours. On the same day, images of President Donald Trump’s smiling face appeared on several public monitors across the Manhattan campus.A spokesperson for Columbia declined to elaborate on the political motivations behind the attack. But they described a highly sophisticated “hacktivist” who had…

Top Highlights Targeting Web3 and Cryptocurrency: North Korean hackers are evolving tactics to target Web3 and cryptocurrency firms, employing malware created in the Nim programming language, which integrates complex behavior for advanced cyberattacks. Sophisticated Infection Technique: The malware campaign, dubbed NimDoor, utilizes AppleScript for process injection and a multi-stage delivery method involving social engineering on platforms like Telegram to install backdoors and exfiltrate data. Persistent Threat with Advanced Capabilities: The malware, particularly through the InjectWithDyldArm64 loader, enables extensive system surveillance, credential harvesting from major web browsers, and resilience to user-initiated shutdowns through innovative persistence mechanisms. Kimsuky’s Ongoing Operations: The Kimsuky…

Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all alerts are false positives, with some reports citing false positive rates as high as 99 percent. This means highly trained analysts spend a disproportionate amount of time chasing down harmless activity, wasting effort, increasing fatigue, and raising the chance…

Quick Takeaways Arrests Made: Spanish police arrested two individuals in Las Palmas for alleged cybercriminal activities, particularly targeting high-ranking officials and journalists through data theft. National Security Threat: The suspects are deemed a serious threat to national security, having leaked sensitive personal data online to enhance their notoriety and sell stolen information. Specialized Roles: One suspect specialized in data exfiltration while the other handled financial transactions, including selling access to databases and managing cryptocurrency payments. Ongoing Investigations: The arrests are part of a broader trend, with Spanish police successfully apprehending various high-profile cybercriminals in recent years, showcasing effective tracking and…

Fast Facts Backdoor Account Removed: Cisco eliminated a high-severity backdoor account in its Unified Communications Manager, enabling attackers to access unpatched devices with root privileges. Vulnerability Details: The flaw, tracked as CVE-2025-20309, is due to static, unchangeable user credentials for the root account and affects specific releases of Cisco Unified CM and SMU. No Workarounds Available: The only resolution is to upgrade to Cisco Unified CM 15SU3 or apply the CSCwp27755 patch; other workarounds do not address the vulnerability. Potential Exploitation: If exploited, attackers can execute arbitrary commands on affected systems, although there are currently no known instances of exploitation…