Kirsten Doyle

The ransomware crisis continues to deepen. In the first half of 2025, 3,627 attacks were logged worldwide, a 47% jump from the same period last year. But confirmation remains scarce. According to Comparitech, of those incidents, just 445 were publicly acknowledged by victims. The rest were claimed by threat actors on their leak sites, often without official word from the organizations themselves. Governments and schools are feeling the heat. Attacks on public-sector bodies rose nearly 60% year-on-year. Educational institutions also saw a marked increase, up 23%, with schools, colleges, and universities scrambling to keep up. Healthcare, long a favorite target,…

The infamous cybercrime group known as Scattered Spider is expanding its playbook, and laying the groundwork long before the breach. New findings from Check Point Research reveal a sprawling infrastructure of more than 500 phishing domains, many designed to impersonate enterprise login pages. It’s a quiet phase of attack planning, but one that holds critical value for defenders if they know what to look for. Login Pages with Malicious Intent Scattered Spider’s tactics are not new. Social engineering, MFA fatigue, and vishing have all featured in the group’s recent campaigns, including the July breach of Qantas, which affected six million…

Cisco has patched a critical flaw in its Unified Communications Manager (Unified CM) software that allowed unauthenticated remote attackers to log in using hardcoded root credentials. The vulnerability, tracked as CVE-2025-20309, carries a CVSS score of 10.0 (the highest possible) and affects select engineering special (ES) builds of version 15.0.  The issue stems from development leaving behind static SSH credentials. Cisco’s advisory says these credentials are tied to the root account and “cannot be changed or deleted.”  The bug, listed under Cisco Bug ID CSCwp27755, impacts Unified CM and Unified CM Session Management Edition (SME) releases 15.0.1.13010-1 through 15.0.1.13017-1. These…

Hunters International, a notorious ransomware gang with ties to past high-profile cyberattacks, says it’s closing shop. The group made the announcement Thursday via its darknet extortion site, claiming it would release free decryption tools to help past victims recover data.  “After careful consideration and in light of recent developments, we have decided to close the Hunters International project,” read the statement. No further detail was given on what those “developments” might be. The group added that the decision “was not made lightly.” Hunters International said it wanted to ensure that victims were able to recover their encrypted data without the…

Amazon Prime Day 2025 is almost here. So are the scammers. With global shoppers gearing up for deals on 8 July, bad actors are already laying traps. In June alone, researchers tracked more than 1,000 new domains mimicking Amazon. Nearly nine in ten were flagged as malicious or suspicious. Many used the phrase “Amazon Prime” to bait unsuspecting shoppers. One in every 81 of these risky domains contained the term. Check Point Research warns the threat is only ramping up. “Threat actors know shoppers are distracted and in a hurry. That’s when mistakes happen,” said Check Point. Why Prime Day…

The Schengen Information System II (SIS II) is meant to be a digital sentinel for Europe’s borders. It flags suspects, alerts officials, and logs biometric data in real time. But behind the promise lies a system riddled with security flaws. Bloomberg reviewed confidential documents showing thousands of unpatched vulnerabilities. Some date back years. In a 2024 audit, the European Data Protection Supervisor rated many as “high risk.” Most troubling of all are excessive admin access and inadequate oversight. No breach has been confirmed. But the doors appear wide open. Digital Eyes on Europe’s Borders SIS II is the EU’s largest…

Qantas has confirmed a cyber incident affecting a third-party platform used by one of its call centres. The breach exposed the personal data of frequent flyer members and other customers. It has now been contained. In a statement, the airline said it had launched an investigation after noticing strange activity on its customer service system, which is operated by an external provider. “There is no impact to Qantas’ operations or the safety of the airline,” the company said. The breach was detected 30 June. While the exact scale has not been determined, early indications suggest a large portion of the…

Brand impersonation is nothing new. But Cisco Talos says it’s showing up in increasingly creative forms—especially within PDF attachments. A recent update to Cisco’s intelligence brand impersonation detection engine now expands its reach. It picks up a broader array of email threats where trusted brand names arrive not in plain text, but tucked inside PDF payloads. Some even come armed with QR codes or clickable annotations. Others skip links altogether and simply urge the victim to call a phone number. It’s a subtle twist on an old scam. And it’s working. Callback Phishing Via PDF This isn’t your average phishing…

The notorious cybercrime group, known as Scattered Spider, is shifting its focus. According to warnings issued in late June, the group has begun targeting North American airline and transportation companies. The alerts come from both federal authorities and private sector threat intelligence teams. The FBI confirmed this in a public advisory. The group’s method is familiar: social engineering. Impersonation. Manipulating help desk staff into resetting passwords, enrolling new multi-factor authentication (MFA) devices, or disclosing employee information. “Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” the FBI said. Their targets now include not only major airlines, but…

When researchers at Netcraft asked a large language model where to log in to major online services, the answers were often wrong. Sometimes, dangerously so. Of 131 login URLs suggested for 50 brands, 34% were not controlled by the brand in question. The findings were released in a detailed breakdown of domain accuracy, with one grim conclusion, more than one in three users could be sent to a site the brand doesn’t own, just by asking a chatbot where to log in. The tests used simple prompts, just like a user might type. No tricks or injections. “These were not…