Author: Staff Writer

The ransomware-as-a-service (RaaS) operation Anubis has distinguished itself with a data wiping functionality in its malware kit, according to Trend Micro research published last week.Anubis, a relatively new group to the RaaS scene, appeared last year and quickly established itself with a number of attacks against critical industry victims. The group is also notable for its ransomware affiliate model; Anubis offers affiliates the option of a typical RaaS model with an 80% payout, an option where Anubis helps extort a victim after a data theft attack in exchange for 40% of the total cut, and an option where Anubis helps…

Quick Takeaways Data Breach Impact: Ocuco, a leading eyecare technology firm based in Ireland, reported a data breach affecting over 240,000 individuals, possibly linked to a hacker group called KillSec. Scope of the Incident: KillSec allegedly stole around 670,000 files (340 GB of data) from Ocuco, and showcased their claims through screenshots on their Tor-based leak website. Company’s Response: Ocuco has not issued a formal data breach notice, and while the stolen data has been mentioned as published, it is not currently available for download. Ransomware Landscape: KillSec, operational since late 2023, is part of a growing trend of ransomware…

Quick Takeaways A high-severity vulnerability in ASUS Armoury Crate software (CVE-2025-3464) allows privilege escalation to SYSTEM level, scoring 8.8/10 for severity, affecting versions 5.9.9.0 to 6.1.18.0. The flaw exploits inadequate OS-level access controls in the AsIO3.sys driver, letting attackers bypass authorization and gain low-level privileges if they are already on the system. Exploitation involves creating a hard link to AsusCertService.exe, enabling attackers to manipulate the driver’s secure checks and compromise the OS. Cisco Talos reported the vulnerability to ASUS in February, and while no active exploitation has been observed, users are urged to apply the latest updates to mitigate risks.…

Top Highlights Increasing Cyber Threats: Security researchers warn of heightened cyberattacks from state-backed actors and hacktivists targeting U.S. critical infrastructure due to escalating hostilities between Israel and Iran. Pro-Iran Activity Surge: There has been a notable increase in pro-Iran cyber activities, particularly on platforms like Telegram, threatening allies of Israel such as Saudi Arabia and Jordan. Potential U.S. Targets: Experts indicate that Iranian cyber operations may shift focus to U.S. critical infrastructure, government, and private sectors due to recent military actions. Urgent Defense Measures: Critical infrastructure organizations are advised to strengthen defenses, educate on threat actors, and monitor for suspicious…

Quick Takeaways Data Breach Details: Zoomcar, an India-based car-sharing marketplace, reported unauthorized access to its IT systems on June 9, compromising the personal information of 8.4 million users, including names, phone numbers, and addresses. Scope of Impact: The compromised data was described as a "limited dataset," with no evidence that sensitive information such as passwords or financial data was accessed. Operational Impact: Despite the breach, Zoomcar stated there has been no material disruption to its operations and is actively assessing legal and reputational repercussions. History of Breaches: This incident marks the second significant data breach for Zoomcar, following a 2018…

Top Highlights Cyberattack Compromise: Email accounts of multiple Washington Post journalists were compromised in a cyberattack believed to be initiated by a foreign government, particularly targeting those covering national security and economic policy. Investigation Initiated: The incident was reported on June 15, leading to an internal memo from Executive Editor Matt Murray informing employees of the unauthorized intrusion and the involvement of Microsoft accounts. Known Threats: Advanced persistent threats (APTs), often state-sponsored, have a history of exploiting Microsoft Exchange vulnerabilities, with Chinese hackers previously breaching sensitive data of numerous global agencies. Confidentiality Maintained: The Washington Post has not publicly disclosed…

Compliance is often treated as a paper exercise, something to tolerate, check off and forget. But in a threat landscape shaped by ransomware-as-a-service, AI-augmented phishing campaigns, and supply chain breaches, delaying compliance doesn’t just create business and operational friction. It creates risk. When compliance is layered late, organizations face mounting costs: duplicated controls, misaligned security priorities, reactive remediation efforts, and worst of all, security blind spots that attackers can exploit. Treating compliance as an afterthought is a gamble. In this post, we highlight the real cost of sidelining compliance and why embedding compliance into your security strategy from the start…

Quick Takeaways Operation Secure Success: An international law enforcement effort involving 26 Asian countries has dismantled essential infrastructure for multiple strains of information-stealer malware, executing targeted takedowns of suspicious IP addresses. Significant Arrests and Seizures: Authorities seized 41 servers and arrested 32 alleged cybercriminals, with major arrests occurring in Vietnam and Sri Lanka, including the leader of a targeted cybercrime group. Infostealer Malware Risks: Infostealer malware extracts sensitive data and serves as a gateway for further cyberattacks, including ransomware and online fraud, by selling activity logs on the dark web. Victim Outreach: Post-operation, law enforcement contacted over 216,000 victims to…

Summary Points Emerging Threat: A new ransomware strain named Anubis combines file encryption with a permanent deletion feature, termed a "wipe mode," making recovery impossible even if the ransom is paid. Operational Tactics: Anubis operates as ransomware-as-a-service (RaaS) with a flexible affiliate program, offering lucrative revenue splits of 80-20 for ransom, and 60-40 and 50-50 for data extortion and access sales, respectively. Attack Vectors: The ransomware primarily spreads via phishing emails, enabling attackers to escalate privileges, conduct reconnaissance, and delete volume shadow copies before encryption, increasing pressure on victims to comply. Wider Implications: The incorporation of destructive capabilities in ransomware…

Quick Takeaways Law Enforcement Operation: Europol announced the takedown of Archetyp Market, a major dark web drug marketplace, in a coordinated operation involving Germany, the Netherlands, Spain, Romania, and Sweden from June 11-13. Key Arrests: A 30-year-old German suspect linked to site administration was arrested in Spain, alongside targeted actions against a moderator and several top vendors in Germany and Sweden. Seized Assets: The operation resulted in the seizure of €7.8 million ($9 million) in assets, marking a significant financial blow to the dark web drug trade. Extensive Investigative Work: The takedown followed years of investigations that mapped the marketplace’s…