UAT-9244 hits South American telcos with TernDoor, PeerTime and BruteEntry
Cisco Talos links the activity cluster to China-nexus tooling, including CrowDoor variants and ORB-style proxy infrastructure
63 reports
Cisco Talos links the activity cluster to China-nexus tooling, including CrowDoor variants and ORB-style proxy infrastructure
FAMOUS CHOLLIMA is a DPRK-aligned activity cluster that multiple vendors associate with job-themed social engineering, developer targeting, and monetisation that can include cryptocurrency theft…
Scattered Lapsus$ Hunters (SLH, also styled SLSH in some reporting) is advertising for female callers to conduct vishing against IT helpdesks, offering $500 to $1,000 per call and providing…
Scattered Spider is a financially motivated eCrime collective best known for high-success social engineering against enterprise IT help desks, often enabling account takeover in SSO and hybrid…
Zscaler ThreatLabz reports a December 2025 campaign it tracks as Ruby Jumper , attributed with high confidence to APT37 (aka ScarCruft, Ruby Sleet, Velvet Chollima). The infection chain begins…
UK financial stability and customer outcomes are increasingly shaped by operational cyber risk: attacks (and disruptive technology failures) that impair critical services, amplify fraud losses,…
DPRK fake interview lures and recruitment-driven malware delivery dprk, contagious interview, deceptiveDevelopment, beavertail, invisibleferret, fake recruiters, coding challenges, it worker…
Targeted 2024 intrusions against high-profile TeamT5 customers, later surfaced via CISA KEV listing.
Summary: Symantec links Lazarus tooling to Medusa RaaS extortion activity observed in the Middle East and against a U.S. healthcare target.
Operational profile of the Black Basta ransomware ecosystem (2022–2026) Black Basta, BASTA, ransomware, RaaS, double extortion, UNC4393, Storm-1811, QakBot, DarkGate, Quick Assist, vishing, MITRE…
France’s Ministry of the Economy and Finance disclosed unauthorised access to FICOBA, the national registry of bank accounts, affecting data associated with approximately 1.2 million accounts .…
APT33, Elfin, Peach Sandstorm, HOLMIUM, Refined Kitten, Iran, aerospace, energy, petrochemical, spearphishing, password spraying, Outlook Home Page, Ruler, TurnedUp, DropShot, ShapeShift, StoneDrill