Cybercrime

April 17, 2025

More than 1.6 million people are now thought to have been affected by the May 2024 cyberattack at Landmark Admin, twice as many as originally thought. The company confirmed the news in an updated report filed with the Office of the Maine Attorney General. “The forensic investigation determined that data was encrypted and exfiltrated from Landmark’s ...

April 16, 2025

In December 2024, Palo Alto Unit 42 researchers uncovered an attack chain that employs distinct, multi-layered stages to deliver malware like Agent Tesla variants, Remcos RAT or XLoader. Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution. The phishing campaign we analyzed used deceptive ...

April 16, 2025

CrazyHunter has quickly emerged as a serious ransomware threat. The group made their introduction in the past month with the opening of their data leak site where they posted ten victims – all located from Taiwan. trend Micro researchers have followed some of their operations through internal monitoring since the start of January and have witnessed ...

April 16, 2025

Traffic from “bad bots”—those created with malicious intent—first surpassed good bot traffic in 2016, Imperva’s research said, and it’s been getting worse. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior. Good bots accounted for just 14% of the internet’s traffic. Bad bots do all kinds of unpleasant things. An ...

April 15, 2025

The car-rental company Hertz is warning its customers that a data breach exposed personal information including driver’s licenses, credit-card data, contact information and in some cases social security or passport numbers. The company said that hackers breached Cleo Communications, a company that it works with for file transfers. The company said in a “Notice of Data ...

April 15, 2025

Police authorities in Harbin, in northeast China’s Heilongjiang Province, said on Tuesday that they are pursuing three operatives affiliated with the U.S. National Security Agency (NSA) over suspected cyberattacks against China. The Harbin public security bureau said that the three operatives — Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson — had been ...

April 14, 2025

Slow Pisces (aka Jade Sleet, TraderTraitor, PUKCHONG) is a North Korean state-sponsored threat group primarily focused on generating revenue for the DPRK regime, typically by targeting large organizations in the cryptocurrency sector. This article analyzes their campaign that we believe is connected to recent cryptocurrency heists. In this campaign, Slow Pisces engaged with cryptocurrency developers on ...

April 10, 2025

In the first quarter of 2025, Rapid7’s Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests. This rapid volume of credential spraying was primarily designed to discover and compromise accounts not properly secured by multi-factor ...

April 9, 2025

Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025. In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated ...

April 8, 2025

A group of hackers that previously targeted President Donald Trump has pledged to take aim at Elon Musk for the next month. DonRoad Team, which previously claimed responsibility for taking down several Trump-associated websites, announced Monday it would begin hitting sites linked to Elon Musk. Elon Musk has increasing become a target of backlash as a result ...