News Stories
New ‘FileFix’ Attack Exploits Windows File Explorer to Deliver Stealthy Commands
Threat actors use the search-ms URI protocol in Windows File Explorer to trigger obfuscated PowerShell payloads silently. Crafted .search-ms links launch scripts that bypass AMSI, are hosted remotely to avoid detection, and achieve persistence via scheduled tasks. The attack vectors include LNK and HTML files delivered through phishing messages.
Read more
Trojanized SonicWall NetExtender Client Targets VPN Credentials via Spoofed Sites
A malicious SonicWall NetExtender installer injects JavaScript into users’ browsers to display fake VPN portals. Captured credentials and MFA tokens are sent securely over HTTPS to a command-and-control server. The malware disables endpoint protections, implements certificate pinning to avoid detection, and siphons session credentials and network tokens stealthily.
Read more
New Spear-Phishing Campaign Targets Financial Executives Using Legitimate Remote Access Tools
Phishing emails impersonate internal IT, leading financial executives to install TeamViewer or AnyDesk. Once installed, attackers gain session control, capture MFA tokens, and move laterally through internal systems. The use of signed remote-access installers helps evade security tools and blend with normal IT activity while exfiltrating sensitive data.
Read more
Two Healthcare Data Breaches Expose Over 220,000 Records at Mainline Health and Select Medical
A misconfigured Azure Blob container at Mainline Health and hardcoded SQL credentials in a public GitHub repo at Select Medical led to exposure of PHI—names, SSNs, birthdates, medical histories. Attackers downloaded data undetected until outside teams flagged anomalies. Disclosures were made weeks post-compromise once investigations concluded.
Read more
Aflac Confirms Data Breach Amid Rising Wave of Scattered Spider Attacks on U.S. Insurance Industry
Aflac confirmed a breach after Scattered Spider actors gained access through spear-phishing and MFA fatigue tactics. Attackers harvested policyholder records, including Social Security numbers and insurance plan details, via compromised VPN access. Forensics revealed lateral spread via AD credentials and temporary administrative account creation. The breach adds momentum to recent attacks against U.S. insurance providers.
Read more
UK Government Warns of £1.6 Million in Ticket Scams Ahead of Glastonbury Festival
Scammers set up typosquatted domains and conducted DNS hijacks to replicate Glastonbury ticketing sites. Victims paid with prepaid cards and cryptocurrency; funds were laundered via bulletproof hosting. Ad campaigns on search engines and social media promoted fraudulent sale pages, most hosted outside UK jurisdiction, complicating takedown efforts.
Read more
170K-Record Database Exposes Unencrypted PII from Real Estate Sector
An exposed Elasticsearch instance contained names, phone numbers, emails, and transaction details without authentication or encryption. Threat actors accessed the data, planted a ransom note demanding Bitcoin payment, and threatened public release. The database was indexed by search engines before being secured.
Read more
Steel Giant Nucor Confirms Data Theft in Recent Cybersecurity Breach
Attackers brute-forced an RDP portal to access Nucor’s internal systems, exfiltrating corporate and employee data before deploying ransomware. Forensic analysis revealed days of lateral movement and reconnaissance across design documents and file shares prior to encryption events.
Read more
Chinese APT Group ‘Salt Typhoon’ Breaches Canadian Telecom Firm Using Cisco IOS XE Vulnerability
Salt Typhoon exploited an unpatched Cisco IOS XE flaw to install root-level implants on telecom routers. The malware captured VoIP metadata and SIP credentials silently over weeks, embedding deep within network fabric while evading monitoring and blending with legitimate traffic.
Read more
Russia-Linked Hackers Deploy Sophisticated Social Engineering Attack and Evade MFA
Attackers conducted vishing calls posing as IT support to convince users to disable MFA temporarily. Using stolen credentials, they created persistent accounts, accessed internal systems, and exfiltrated data over DNS tunnels. Anti-forensic measures included telemetry erasure and token refresh.
Read more
1.6 Billion Passwords Exposed in Record-Breaking Breach – A Deep Dive into the Data Leak That Affects Everyone
A consolidated dump of 1.6 billion passwords (plaintext and hashes) was released, covering multiple sectors: governmental, enterprise, and consumer. Attackers now use the database for wide-scale credential stuffing attacks targeting finance and enterprise services with automated tools.
Read more
APT28 Hackers Use Signal to Target Ukraine with New Malware Families ‘Beardshell’ and ‘SlimAgent’
APT28 embedded payloads within Signal sticker packs distributed via compromised channels. Beardshell hooks system APIs to capture credentials; SlimAgent uses encrypted config blobs to avoid detection. Both connect to C2 covertly to harvest sensitive data from Ukrainian systems.
Read more
Anubis Ransomware Gang Claims 64 GB Disneyland Paris Leak in Alleged Construction Data Breach
Anubis operators exploited a compromised VPN account to steal architectural CAD files and contractor contracts. They exfiltrated 64 GB of data, encrypted onsite repositories, and are threatening public release unless paid in Monero.
Read more
Oxford City Council Cyberattack Exposes Two Decades of Election Worker Data
Attackers exploited an unpatched Drupal module to deploy a web shell, then extracted 20 years of election worker records. Extracted data included polling booth assignments and personal contact details. Notification is underway with the UK Information Commissioner’s Office.
Read more
McLaren Health Care Data Breach Exposes Personal Information of 743,000 Individuals
Attackers exploited a Citrix ADC vulnerability to access McLaren’s internal network, exfiltrating patient records, billing information, and PHI for 743,000 individuals before detection. Forensics uncovered lateral escalation and staging of data.
Read more
BitoPro Exchange Ties $11 Million Crypto Theft to North Korea’s Lazarus Group
BitoPro identified chain-hopping scripts exploited a smart contract bug to drain $11 M in cryptocurrency. Blockchain tracing revealed funds funneling through mixers and end wallets linked to Lazarus Group, confirming their operational attribution.
Read more
Podcasts
OneClik Cyberattack Campaign Targets Energy Sector Using Microsoft ClickOnce and AWS
Malicious ClickOnce installer hosted on AWS S3 delivers PowerShell-based Cobalt Strike beacons. The signed manifests exploit Windows trust chains to bypass defenses and provide attackers with network discovery data from critical energy infrastructure.
Listen to Podcast
Zero-Day Level Cisco ISE Flaws – Urgent Patch Required for Enterprise Security
This episode covers two critical Cisco ISE zero-days (CVE‑2025‑XXXX, YYYY) enabling unauthenticated RCE and privilege escalation. Exploit scenarios include session hijacking, credential dumps, and network pivoting—urgent patch deployment is recommended.
Listen to Podcast
Bonfy AI Launches $9.5M Adaptive Content Security Platform to Govern AI and Human Data
Bonfy AI’s solution uses dynamic watermarking and data lineage tracking to secure AI-generated and human-authored content. Real-time monitoring gives SOCs visibility into anomalous content use and data flow across cloud pipelines.
Listen to Podcast
Central Kentucky Radiology’s 2024 Data Breach Affects 167,000
An overlooked FTP server with weak authentication enabled attackers to brute-force and download DICOM images and patient metadata. The breach went unnoticed for weeks until external intelligence triggered investigation.
Listen to Podcast
U.S. Government Pushes Back on Meta – WhatsApp Labeled a High-Risk App
Government review cited metadata leakage, telemetry sharing with Meta, and cross-process vulnerabilities in WhatsApp. The app has since been flagged as high-risk for official use, with alternatives under consideration.
Listen to Podcast
How Cyberattacks on Mainline Health and Select Medical Exposed Over 200,000 Patients
Attackers used exposed Azure Blob storage and hardcoded SQL credentials in GitHub to harvest patient data. Records included names, insurance details, and medical histories, with detection delayed until threat intel alerts.
Listen to Podcast
The Siemens-Microsoft Antivirus Dilemma Threatening OT Security
A Microsoft Defender update disabled Siemens antivirus on OT systems, exposing critical infrastructure to threats. The episode describes patch coordination failures, emergency workarounds, and the impact on industrial operations.
Listen to Podcast
Prometei Botnet’s Global Surge – A Threat to Linux and Windows Systems Alike
Prometei’s hybrid loader infects both Windows and Linux, deploying modules for cryptomining, SSH brute-force, and proxy services. Communication to TOR C2 infrastructure gives operators global persistence and control.
Listen to Podcast
Patient Trust on the Line – The Fallout from McLaren Health Care’s 2024 Breach
Exploit of Citrix ADC vulnerabilities allowed attackers to exfiltrate PHI and billing data from McLaren’s network. Response delays and audit failures intensified regulatory and reputational scrutiny.
Listen to Podcast
NeuralTrust’s Echo Chamber – The AI Jailbreak That Slipped Through the Cracks
Prompt injection attacks against NeuralTrust’s API leaked model contexts and training data. Missing input validation allowed attackers to embed commands in fine-tuning processes, extracting sensitive assets.
Listen to Podcast
ATT, Verizon and Beyond – How Salt Typhoon Targets Global Telcos
Salt Typhoon scans for vulnerable Cisco IOS XE devices, implants communication modules, and intercepts call metadata. Their automated infrastructure supports espionage across multiple telco operators.
Listen to Podcast
Fake Microsoft, Netflix, Apple Support – The Scam Lurking in Google Search
Fraudsters buy Google PPC ads to lure users into calling fake support numbers, where they’re tricked into installing remote-access tools that deliver credential theft and financial fraud.
Listen to Podcast
From Malware to Court – Qilin Ransomware’s ‘Call a Lawyer’ Tactic
Qilin operators send faux subpoenas posing as law firms. Once opened, embedded malware encrypts data and triggers double-extortion by threatening legal action against victims.
Listen to Podcast
Zero-Click, Zero-Warning – The FreeType Flaw Behind a Spyware Surge
A FreeType heap overflow vulnerability enables remote code execution via malicious font files embedded in PDFs or websites, without user interaction. The exploit is being used to install stealth spyware.
Listen to Podcast
The Insurance Industry Under Fire – Anatomy of the Aflac Cyber Incident
Phishing led to domain-admin credential compromise, ransomware deployment, and exfiltration of customer policy documents. Weak segmentation and lack of detection allowed rapid spread prior to containment.
Listen to Podcast
The Nucor Cyberattack – How Ransomware Threatens American Steel
Brute-forced RDP credentials enabled Nucor breach. Ransomware encrypted engineering and HR servers. The episode covers lateral spread, recovery processes, and operational impact.
Listen to Podcast
Inside the $225M Crypto Seizure – How Law Enforcement Traced Illicit Funds Across Borders
Law enforcement used blockchain cluster analysis, mixer tracing, and international cooperation to intercept $225M in cryptocurrency tied to cybercrime activities.
Listen to Podcast
Threat Actors
Anubis Ransomware – A Destructive Cross-Platform Threat
Anubis, built in Go, operates on Windows and Linux, encrypting local and network files via AES-256 and appending .anubis. The malware exfiltrates data beforehand, removes shadow copies, and uses Tor-based C2 channels. It targets European firms, demanding Monero ransoms.
Read more
Blogs
External Attack Surface Management & Digital Risk Protection
Explaining EASM workflows, this blog outlines scanning internet-facing assets—cloud storage, repos, SaaS apps—to detect misconfigurations, fingerprint services, and integrate findings into SIEM/SOAR. It highlights automated alerting on credential leaks, open ports, and rogue domains to prevent external exploitation.
Read more
Scattered Spider – The Threat You Think You Know
Scattered Spider employs SIM-swapping, vishing, and help-desk impersonation to trick users into disabling MFA. It then intercepts SMS OTPs, escalates privileges through AD, and evades EDR systems to deploy ransomware. Lateral movement techniques and tactic-chain patterns are dissected.
Read more
