Google’s Threat Intelligence Group (GTIG) has uncovered a sophisticated cyberattack campaign targeting end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances, where threat actors are exploiting previously stolen credentials and deploying a new rootkit called OVERSTEP. The financially motivated group, tracked as UNC6148, has been operating since at least October 2024 and is suspected of...Read More
“Everybody affected will have four months to take advantage of that,’’ McKinney said. Almost all of those affected are employees, and their family members for the past 10 years or so, said John Lewis, assistant township administrator. A handful may also be business owners. Lewis said it is possible some of the information is posted...Read More
( July 17, 2025, 08:24 GMT | Official Statement) — MLex Summary: Japan’s National Police Agency has developed a tool to restore data encrypted by Phobos/8Base ransomware attacks. The tool was provided to Europol by the NPA’s Cyber Police Agency in June, the NPA said. According to the Japanese police, more than 2,000 damage cases...Read More
Hackers frequently seek to exploit smaller merchants who don’t have the resources or knowledge as larger enterprises to protect their data. Only 14% of small businesses claim to have a cybersecurity plan, meaning the majority of merchants are unprepared for a ransomware attack. In 2023, small businesses were the target of 43% of all cyberattacks....Read More
A pair of Australian political parties associated with firebrand mining magnate Clive Palmer have confirmed they were the victims of a ransomware attack last month. According to a data breach notice on the United Australia Party (UAP) website, both it and Palmer’s Trumpet of Patriots party fell victim to a cyber attack on 23 June....Read More
Cookeville Regional Medical Center officials confirmed Tuesday evening that the medical center was the victim of a ransomware attack after reporting a “network security incident” on Monday. “CRMC Information System (IS) recently began experiencing some unusual activity which created a technical outage on Sunday, July 13, 2025, that disrupted some of CRMC’s computer systems,” CRMC...Read More
Matanbuchus is a malware loader that has been available as a Malware-as-a-Service (MaaS) since 2021. It is primarily used to download and execute secondary payloads on compromised Windows systems, making it a critical first step in various cyberattacks. Introduction Over the past nine months, Matanbuchus has been used in highly targeted campaigns that have potentially...Read More
PORTLAND, Ore. (KTVZ) —An Armenian national extradited from Ukraine to the United States faces federal charges for his role in Ryuk ransomware attacks and extortion conspiracy targeting companies throughout the U.S., including a technology company operating in Oregon. Karen Serobovich Vardanyan, 33, an Armenian national, has been charged with conspiracy, fraud in connection with computers,...Read More
Microsoft on Wednesday said it has seen the cybercrime group Scattered Spider using new techniques in attacks on the airline, insurance and retail industries since April. The hacker group, which Microsoft tracks as Octo Tempest, is still using its trademark social-engineering tactics to gain access to companies by impersonating users and contacting help desks for...Read More
