Topic: data exfiltration
-
Insight Partners Admits Hackers Stole Personal Data in January Breach
Insight Partners confirmed a January data breach involving sensitive personal data of employees, limited partners, and financial records, with notifications pending for affected individuals. The breach, described as a "sophisticated social engineering attack," exposed confidential investor detail...
Read More » -
Healthcare Services Group Data Breach Exposes 624,000 Patients
A data breach at Healthcare Services Group exposed the personal information of over 624,000 patients, highlighting vulnerabilities in the healthcare support sector. The breach occurred from September 27 to October 7, 2024, with stolen data including sensitive details like Social Security numbers ...
Read More » -
Stop Malware Persistence: A Wazuh Defense Guide
Malware persistence allows attackers to maintain long-term access to compromised systems by using techniques like scheduled tasks, boot scripts, and system process modifications. Successful persistence leads to severe consequences, including extended undetected operations, data exfiltration, and ...
Read More » -
Inotiv Pharma Hit by Ransomware Attack, Disrupting Operations
Inotiv, a major pharmaceutical research firm, suffered a ransomware attack on August 8, 2025, which encrypted systems and disrupted operations, prompting immediate containment efforts. The Qilin ransomware group claimed responsibility, stating they stole 162,000 files totaling 176GB, with some da...
Read More » -
Trusted Chrome VPN Caught Spying on Users
A trusted Chrome VPN extension, FreeVPN.One, was revealed to be spyware that secretly harvested user data, including screenshots of browsing activity, after deceptive updates. The malicious behavior involved a two-stage process using injected scripts and delays to capture screenshots via Chrome's...
Read More » -
Taiwan Web Hosts Hit by Chinese APT Cyberattacks
A Chinese APT group, UAT-7237, has targeted Taiwanese web hosting providers to gain long-term access and exfiltrate sensitive data, reflecting escalating cyber aggression tied to geopolitical tensions. The group uses custom tools like the SoundBill loader and exploits known vulnerabilities to inf...
Read More » -
NimDoor macOS Malware Persists After Termination
North Korean hackers are using sophisticated macOS malware called NimDoor to target cryptocurrency and web3 organizations, employing social engineering and modular payloads to evade detection. The malware, built with C++ and Nim, features unique persistence techniques like self-repair after termi...
Read More » -
AI-Powered PromptLock Ransomware Encrypts and Steals Data
A new AI-driven ransomware named PromptLock has been identified, using Lua scripts to encrypt and steal data across Windows, macOS, and Linux systems, marking a significant evolution in cyber threats. The malware leverages OpenAI's gpt-oss:20b model via the Ollama API to generate malicious script...
Read More » -
Fake macOS Help Sites Spread Shamos Infostealer via ClickFix
Cybercriminals are using deceptive help websites and malicious Google ads to trick macOS users into installing the Shamos infostealer malware via harmful Terminal commands. The malware employs the ClickFix social engineering technique to bypass security, collects sensitive data like credentials a...
Read More » -
SafePay ransomware leaks 3.5TB of Ingram Micro data
The SafePay ransomware group stole 3.5TB of sensitive data from Ingram Micro, a major global IT distributor, marking another high-profile attack by the increasingly notorious cybercriminal operation. SafePay has targeted over 260 organizations in 2024, using tactics like data exfiltration and enc...
Read More » -
Aeroflot Cancels Flights Amid Cyberattack Disruption
Aeroflot, Russia's national airline, faced major operational disruptions due to a cyberattack claimed by Ukrainian and Belarusian hacker groups, leading to flight cancellations and delays. The hackers infiltrated Aeroflot’s network for over a year, compromising critical IT systems and wiping vast...
Read More » -
Inotiv Confirms Ransomware Attack on Pharmaceutical Systems
Inotiv experienced a significant ransomware attack on August 8, leading to encrypted data and disrupted operations, with full recovery still uncertain. The Qilin ransomware group claimed responsibility, alleging theft of 176 GB of sensitive data including financial records and employee details. C...
Read More » -
Akira Ransomware Exploits CPU Tool to Bypass Microsoft Defender
A ransomware campaign exploits Intel's ThrottleStop driver (rwdrv.sys) to disable Microsoft Defender via BYOVD attacks, deploying a malicious driver (hlpdrv.sys) to manipulate registry settings. The Akira group, active since mid-2025, uses Bumblebee malware delivered through fake installers and S...
Read More » -
Tech Manufacturer Data I/O Struck by Ransomware Attack
Data I/O, a U.S. technology manufacturer, experienced a ransomware attack on August 16, disrupting critical operations including communications, shipping, and production. The company has partially restored some functions but has not provided a timeline for full recovery, and the attack's financia...
Read More »
