%term

Chinese APT Exploits Ivanti CVE-2025-22457 with Malware

Apr 10, 2025 By Foresiet In Foresiet

A newly disclosed vulnerability in Ivanti Connect Secure (ICS) VPN appliances has been weaponized in the wild by a Chinese nation-state threat actor, UNC5221. Tracked as CVE-2025-22457, this critical stack-based buffer overflow vulnerability allows unauthenticated remote attackers to execute arbitrary code, posing a significant risk to enterprise networks.

Read Post

Foresiet

Read more about Chinese APT Exploits Ivanti CVE-2025-22457 with Malware

64% of Australian Organizations Hit by Ransomware Were Forced to Halt Operations

Apr 10, 2025 By Stu Sjouwerman In KnowBe4

Illumio’s recent Global Cost of Ransomware Study found that 64% of Australian companies hit by ransomware had to shut down operations as a result. Additionally, 43% of these organizations reported a significant loss of revenue, and 39% lost customers as a result of an attack. Most respondents indicated that reputational damage has overtaken regulatory fees as the most costly effect of a ransomware attack.

Read Post

KnowBe4

Read more about 64% of Australian Organizations Hit by Ransomware Were Forced to Halt Operations

Tycoon2FA New Evasion Technique for 2025

Apr 10, 2025 By Phil Hay, Rodel Mendrez In Trustwave

The Tycoon 2FA phishing kit has adopted several new evasion techniques aimed at slipping past endpoints and detection systems. These include using a custom CAPTCHA rendered via HTML5 canvas, invisible Unicode characters in obfuscated JavaScript, and anti-debugging scripts to thwart inspection. This blog takes a closer look at these methods to better understand how this kit is evolving and what defenders should be aware of.

Read Post

Trustwave

Read more about Tycoon2FA New Evasion Technique for 2025

Prevention isn't enough!

Apr 10, 2025 By Rubrik In Rubrik

Attackers just need to succeed once to get your data. As defenders, we need to get it right 100% of the time. That’s why prevention is no longer enough. Let’s build a proactive strategy for securing your data wherever it lives! Subscribe to our channel to learn more about how Rubrik can help.

View Video

Rubrik

Read more about Prevention isn't enough!

Diskless Infostealer, Next-generation Delivery?

Apr 9, 2025 By Aaron Hau In ThreatSpike

In a recent social-engineering attack targeting the hospitality sector observed by the ThreatSpike team, there appears to be a change in the tactics employed by the threat actor. The hospitality sector, where top-notch customer-service is expected, customer-facing employees are often lucrative targets for phishing, as detailed in our previous blog post.

Read Post

ThreatSpike

Read more about Diskless Infostealer, Next-generation Delivery?

Resurgent North Korean Malware Campaign in npm

Apr 9, 2025 By Veracode Threat Research In Veracode

Hello from the Veracode Research blog! It’s been a minute since we’ve done a malware write-up, but we’re back and ready for action! And speaking of folks who are back and ready for action, the North Korean attackers behind the crypto wallet stealer campaign we wrote about in February of 2024 and again in May of 2024 are back at it with a new batch of malicious npm packages.

Read Post

Veracode

Read more about Resurgent North Korean Malware Campaign in npm

The Cost of Ransomware: Shutdowns & Extortion

Apr 9, 2025 By Josh Breaker-Rolfe In Tripwire

Ransomware is no longer in its heyday. Evolving, AI-driven cybersecurity tools and global law enforcement efforts have seen to that. But that doesn’t mean ransomware is no longer a threat. In fact, in some ways, the danger is greater than ever. While ransomware attacks are less common than they used to be, the consequences of those that succeed are more severe. Earlier this year, the Ponemon Institute published a study revealing massive changes in the ransomware landscape.

Read Post

Tripwire

Read more about The Cost of Ransomware: Shutdowns & Extortion

Data Weaponization: How Cyber Attacks Impact the Vulnerable

Apr 8, 2025 By Rubrik In Rubrik

Welcome to the Data Security Decoded podcast by Rubrik Zero Labs. In this episode, our host Caleb Tolin speaks with Pavlina Pavlova, a researcher and cybersecurity advocate focusing on data weaponization and its disproportionate impact on vulnerable populations. Pavlina defines data weaponization as using data to manipulate, deceive, coerce, or attack someone to inflict harm. Her research investigates why cyber attacks and their impacts often have gendered dimensions, with certain populations experiencing more severe consequences.

View Video

Rubrik

Read more about Data Weaponization: How Cyber Attacks Impact the Vulnerable

Inside Black Basta: Uncovering the Secrets of a Ransomware Powerhouse

Apr 8, 2025 By Serhii Melnyk and Nikita Kazymirskyi In Trustwave

In February 2025, the cybersecurity community witnessed an unprecedented leak that exposed the internal operations of Black Basta, a prolific ransomware group. Trustwave SpiderLabs has taken an in-depth look at the leaked contents, which spell out in detail how the group thinks and operates, revealing discussions on tactics and the effectiveness of various attack tools. Even going so far as to debate the ethical and legal implications of targeting Ascension Health.

Read Post

Trustwave

Read more about Inside Black Basta: Uncovering the Secrets of a Ransomware Powerhouse

Ep 5: A Cyber Detente

Apr 7, 2025 By Rubrik In Rubrik

Every U.S. administration, dating back to President H.W. Bush has struggled to address the threat of Chinese trade theft. But a growing sense of urgency kicks in as American businesses start hemorrhaging trade secrets and entire product lines start vanishing to Chinese copycats. Just as the Obama Administration is set to do something about it, Edward Snowden shifts the narrative back onto the United States.

View Video