Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
The SideWinder advanced persistent threat (APT) group, active since 2012 and known for targeting government, military, and business entities throughout Asia, primarily Pakistan, China, Nepal, and Afghanistan, has struck once again. This time around, the threat actors updated their toolset and created new infrastructure to spread malware and control compromised systems.
Based on our Q1 2025 ranking of the most popular gTLDs and ccTLDs, the same players pretty much made the list. The .com gTLD remained in first place while the other gTLD extensions like .xyz, .top, and .shop lagged far behind. Among the ccTLDs, only .de made it to the top 10.
HUMAN's Satori Threat Intelligence and Research Team recently uncovered and partially disrupted BADBOX 2.0 in collaboration with Google, Trend Micro, Shadowserver, and other partners. The threat has been dubbed "the largest botnet of infected connected TV (CTV) devices" uncovered to date.
Cisco Talos recently uncovered multiple Lotus Blossom cyber espionage campaigns targeting government, manufacturing, telecommunications, and media organizations. The group used Sagerunex and other hacking tools after compromising target networks.
Symantec recently reported that a China-based threat actor who has been involved in installing backdoors in the systems of target government institutions (i.e., cyber espionage) has turned toward spreading RA World ransomware (i.e., a cybercriminal act) this time. Going from one act to the other is not usual for attackers.
Each year, threat actors zoom in on U.S. taxpayers in a bid to intercept their payments and line their pockets instead. And while the tax day - 15 April 2025 - has passed, those who need more time can settle their dues up to 15 October 2025 without getting penalized if they requested an extension.
Outpost24 recently discovered that rising cybercriminal entity EncryptHub inadvertently exposed elements of its malicious enterprise. The security investigation unveiled previously unknown aspects of the group's infrastructure, tools, and behavioral patterns.
The targeted attack campaign REF7707 trailed its sights on the foreign ministry of a South American country in February 2025. According to Elastic Labs, the group behind the campaign has been connected to previous compromises in Southeast Asia.
SecureList recently published a study of Android and iOS apps that have been laced with a malicious software development kit (SDK) dubbed "SparkCat" that steals crypto wallet recovery phrases.
Ransomware attacks have been plaguing individual users and organizations worldwide for years now. And that is not surprising because they work. In fact, ransomware victims were asked to pay an average of US$2.5 million in 2024.
A World-Renowned Source for Internet Developments. Serving Since 2002.