Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks

Russian vodka producer reports disruptions after ransomware attack

Meta investors, Zuckerberg settle $8 billion privacy lawsuit tied to Cambridge Analytica scandal

FCC wants to ban Chinese tech from undersea cables

Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies

Senate panel passes Intelligence Authorization Act that takes aim at telecom hacks

Louis Vuitton says customers in Turkey, South Korea and UK impacted by data breaches

Federal IT contractor to pay $14.75 fine over ‘cyber fraud’ allegations

Piracy sites for Nintendo Switch, PS4 games taken down by FBI

Click Here Podcasts

The Record-Centered.svg

Home

Subscribe to Cyber Daily®

James Reddick

singapore.jpg

Jonathan Greig

rc-xyz-nft-gallery-q7h8LVeUgFU-unsplash.jpg

Japanese police release decryptor for Phobos ransomware after February takedown

Alexander Martin

U.K. Parliament, Westminster, London

UK sanctions Russian cyber spies accused of facilitating murders

Martin Matishak

gabbard (1).jpg

Lawmakers call on DNI to review intel sharing with Spain over Huawei revelations

Daryna Antoniuk

beluga-vodka-novabev.jpg

Suzanne Smalley

Zuck testimony.jpg

thailand-bangkok.jpg

Thai officials restore Ministry of Labor website after hack, defacement

arrest.jpg

Armenian, Ukrainian nationals among Ryuk ransomware actors facing US hacking charges

Roblox headquarters in San Mateo, California. Image: Coolcaesar / Wikimedia Commons / CC BY 4.0

roblox-headquarters-san-mateo-calif.jpg

Roblox introduces age estimation technology for unfiltered chats

CVE-2024-40348

CVE-2024-40348 is a vulnerability in Bazaar v1.4.3 that allows unauthenticated attackers to execute a directory traversal, with an exploit and proof of concept available on GitHub at the repository maintained by NingXin2002.

CVE-2024-38112

CVE-2024-38112 is a Microsoft Windows MSHTML Platform Spoofing Vulnerability that was exploited in the Void Banshee campaign to deliver malware, specifically the Atlantida stealer, via Internet Explorer, and was patched by Microsoft on July 9, 2024.

REMCOS RAT

Recent reports indicate a significant rise in the distribution and sophistication of Remcos RAT malware, which exploits vulnerabilities like CVE-2017-11882 through phishing emails containing malicious Microsoft Office documents, employing techniques such as script-based attacks and process injection to enable remote control and data theft from compromised systems.

Scattered Spider

Scattered Spider, a group of young hackers known for their disruptive social engineering tactics, has been linked to high-profile cyberattacks against companies like MGM and Caesars Entertainment, and recent law enforcement actions have led to multiple arrests, highlighting ongoing concerns about their phishing schemes and ransomware operations.

RedGolf

RedGolf, a Chinese state-sponsored hacking group, has been actively involved in cyber espionage and financially motivated cybercrime, employing sophisticated tactics to target high-profile organizations and government networks globally.

BlueBravo

BlueBravo has been actively targeting high-value victims through sophisticated spear phishing campaigns and exploiting rogue Remote Desktop Protocol (RDP) servers for cyber espionage, particularly against governmental and research entities in Europe and Ukraine.

North Korean Hackers

Recent reports indicate that North Korean hackers, particularly the group TraderTraitor, have been implicated in a series of high-profile cryptocurrency thefts in 2024, including a $308 million heist from Japan's DMM Bitcoin exchange and a $50 million attack on Radiant Capital, raising significant concerns about cybersecurity within the digital finance sector.

Play Ransomware

The Play ransomware group, known for its sophisticated tactics and exploitation of vulnerabilities in applications like FortiOS and Microsoft Exchange, has recently claimed responsibility for a significant cyberattack on Krispy Kreme, threatening to leak sensitive data stolen from the company within two days.

NoName057(16)

The pro-Russian hacker group NoName057(16) has been actively conducting DDoS attacks against various government and infrastructure websites across several countries, including Italy, France, Belgium, Moldova, and Taiwan, claiming these actions as retaliation for perceived anti-Russian sentiments and support for Ukraine.

LummaC2

LummaC2, an increasingly prevalent malware operating as a subscription-based service, has gained notoriety for its sophisticated capabilities in stealing sensitive information such as login credentials and cryptocurrency wallet data, with a reported surge in detections by nearly 400% in the latter half of 2024, often propagated through phishing schemes, fake CAPTCHA prompts, and malicious downloads targeting both Windows and macOS users.

HijackLoader

HijackLoader is a modular malware loader that has gained popularity among cybercriminals for delivering various payloads, including LummaC2 and information stealers like RedLine Stealer and Vidar Stealer, often utilizing techniques such as DLL sideloading and executable renaming to evade detection.

BugSleep

Recent intelligence indicates that the malware BugSleep, also referred to as MuddyRot, has been increasingly used by the Static Kitten group to target entities in Israel since July 2024.

SocGholish

Recent reports indicate that SocGholish, a sophisticated social engineering malware primarily distributed through fake software updates and malicious advertisements, has been actively targeting Kaiser Permanente employees to steal credentials, amidst a growing trend of ransomware attacks and evolving cyber threats in 2024.

The Cyber Daily newsletter highlights daily news stories from The Record by Recorded Future and free trending threats from the Recorded Future platform

Subscribe to The Record

Click Here Podcast 

Cybercrime News

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered