Topic: attack attribution
-
Poland Thwarts Cyberattack on Energy Grid
Polish authorities successfully prevented a sophisticated cyberattack on the country's energy infrastructure in late December, which used a new data-wiping malware called DynoWiper. The attack is attributed with medium confidence to the Russia-aligned Sandworm APT, a group linked to Russian milit...
Read More » -
Why Sanctions Can't Stop Cyberattacks - But Still Hurt
Sanctions impose operational friction on state-sponsored cyber attackers by increasing costs and forcing them to adapt, though they rarely stop malicious activities entirely. The most effective sanctions target the broader ecosystem enabling cyber operations, such as cryptocurrency mixers and tec...
Read More » -
How ShinyHunters Hackers Exploit SSO to Steal Cloud Data
The ShinyHunters group uses sophisticated voice phishing (vishing) to steal employee credentials and bypass multi-factor authentication by impersonating IT support and using fake login pages. Once inside via a compromised single sign-on (SSO) account, attackers gain a centralized springboard to a...
Read More » -
Microsoft Teams Targeted by Fake IT Support Scams
A new wave of phishing attacks is exploiting Microsoft Teams, using fake IT support accounts to trick employees into installing malware that gives attackers full network control. Attackers are shifting from email to Teams due to its trusted role in business, impersonating IT staff to deploy remot...
Read More » -
Hackers Target Unpatched Fortinet Flaws After Fix
Attackers are exploiting two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in Fortinet products, gaining administrative access to steal sensitive system configuration files. The theft of these configuration files poses a severe risk, exposing network details and...
Read More » -
Cyberattack Grounds Check-Ins at Major European Airports
A cyberattack on Collins Aerospace's MUSE software disrupted automated check-in and baggage systems at major European airports, forcing a switch to slower manual processes. The incident highlighted a critical vulnerability in the aviation sector's digital supply chain, as the attack targeted a th...
Read More » -
eScan AV Users Hit by Malicious Update Attack
Unknown attackers compromised eScan's update server, weaponizing it to deploy a malicious downloader that disabled the antivirus and blocked future security updates. The breach, detected in January 2026, forced the vendor to take its global update system offline and required many users to manuall...
Read More » -
Baker University Data Breach Exposes 53,000 People in 2024
A data breach at Baker University compromised the sensitive personal information of over 53,000 individuals, including Social Security numbers, financial details, and medical records. The university discovered unauthorized network access in December 2024 and is offering credit monitoring, but has...
Read More » -
Urgent Samsung Patch Stops Spyware Exploit
Samsung has released a critical security update for a vulnerability (CVE-2025-21042) in its image processing library, which was actively exploited to install the LANDFALL spyware on mobile devices. The spyware uses a zero-click infection method via manipulated image files, allowing it to infect d...
Read More » -
Stealth Malware Campaign Infects Thousands via DNS TXT Abuse
The Detour Dog malware campaign has infected over 30,000 websites, using DNS TXT records for server-side attacks that remain hidden from most users, selectively targeting specific visitors for redirection or malware downloads. This attack operates by having compromised servers send DNS queries wi...
Read More » -
Crimson Collective Hackers Breach AWS for Data Theft
The Crimson Collective is a hacking group infiltrating AWS infrastructures to steal sensitive data and extort organizations, as seen in a breach at Red GitLab repositories. Attackers compromise AWS using exposed credentials and tools like TruffleHog, then escalate privileges to gain administrativ...
Read More » -
Ukraine's Military Targeted in Deceptive Charity Malware Attack
A Russian-aligned threat group (Void Blizzard/Laundry Bear) targeted Ukrainian military personnel in late 2025/early 2026 using a fake charity scheme to deploy the PluggyApe backdoor malware. The attack used personalized messages on encrypted apps to trick victims into downloading malicious files...
Read More » -
Romanian Water Authority Hit by Major Ransomware Attack
A ransomware attack disrupted administrative systems at Romania's national water authority, but crucial operational technology controlling physical water infrastructure like dams remained unaffected and functional. The attackers used the legitimate Windows BitLocker feature to encrypt files, leav...
Read More » -
MANGO Data Breach Exposes Customer Information
MANGO alerted customers to a data breach caused by a third-party marketing partner, exposing personal information like names, email addresses, and phone numbers, but not sensitive financial or password data. The company confirmed its own systems were not compromised, operations continued uninterr...
Read More » -
Russia's Sandworm Blamed for Polish Power Grid Wiper Attack
A Russian state-sponsored hacking group, Sandworm, is attributed with a cyberattack on Poland's energy grid in late 2025 using destructive DynoWiper malware, though it did not cause a power outage. The attack's timing is seen as symbolic, coinciding with the 10-year anniversary of Sandworm's 2015...
Read More »