Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions. The situation was acknowledged via a statement by the country’s National Cyber Security Center (NCSC), part of the Dutch Ministry of Justice. “This week, several Dutch organizations have been targeted … Read more
Today, the French foreign ministry blamed the APT28 hacking group linked to Russia’s military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. “France condemns in the strongest terms the use by the Russian military intelligence service (GRU) of the APT28 attack procedure, which has led to several … Read more
An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. Active! mail is a web-based email client developed initially by TransWARE and later acquired by Qualitia, both Japanese companies. While it’s not widely used worldwide like Gmail or Outlook, Active! is often used as a groupware component … Read more
A new remote access trojan (RAT) called ‘ResolverRAT’ is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. ResolverRAT is distributed through phishing emails claiming to be legal or copyright violations tailored to languages that match the target’s country. The emails contain a link to download a legitimate … Read more
The UK’s National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035. The new guidance aims to provide a structured migration plan with specified milestones for all organizations to follow. It will also serve to highlight the real security risks of … Read more
CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. This was revealed in a joint advisory issued today in coordination with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). “As of February 2025, Medusa developers … Read more
A threat actor tracked as ‘EncryptHub,’ aka Larva-208, has been targeting organizations worldwide with spear-phishing and social engineering attacks to gain access to corporate networks. According to a report by Prodaft, which was published internally last week and made public yesterday, since June 2024, when EncryptHub initiated operations, it has compromised at least 618 organizations. After gaining … Read more
A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024. The attacks exploited CVE-2024-24919, a Check Point Security Gateway vulnerability, to gain access to targeted networks and deploy the ShadowPad and PlugX malware, two families tightly associated with Chinese state-sponsored threat groups. Orange Cyberdefense CERT … Read more
CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. Other industries impacted include healthcare, government, education, technology, manufacturing, and numerous small and medium-sized businesses. “Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of … Read more
Having worked “around the clock” to move from Google Cloud Platform after its open source credits there ran out, and now rushing to move off Equinix, Tissoires suggests a new plan: “[H]ave [freedesktop.org] pay for its own servers, and then have sponsors chip in.” “Popular without most users knowing it” Alpine Linux, a small, security-minded … Read more