Kirsten Doyle

A Canadian online gambling provider has fallen victim to a highly targeted cyberattack involving a fake Zoom support tool, part of a broader social engineering campaign orchestrated by BlueNoroff, a financially motivated North Korean APT subgroup tied to the Lazarus Group. Investigators from Field Effect Analysis revealed that the incident began on 28 May 2025, during what appeared to be a routine Zoom call between the victim and a known contact. When audio issues arose, the victim was urged to run a so-called Zoom audio repair script, actually a malicious payload disguised to blend seamlessly into the victim’s workflow. The…

Oxford City Council has confirmed it was the target of a cyberattack that led to the unauthorised access of personal information belonging to individuals involved in council-run elections over the past two decades. The breach was quickly detected by the council’s automated security systems. It triggered an immediate response that limited the threat attackers’ access. “Unfortunately, the attackers were able to access some historic data on legacy systems,” the Council said in a statement. “We have now identified that people who worked on Oxford City Council-administered elections between 2001 and 2022, including poll station workers and ballot counters, may…

American insurance giant Aflac has disclosed a cyberattack on its U.S. network, part of what it describes as a broader campaign targeting the insurance sector. The intrusion was detected on 12 June and stopped within hours, with no ransomware deployed and no disruption to operations. The company says it remains fully operational and continues to underwrite policies and process claims. However, preliminary findings suggest that a sophisticated cybercrime group used social engineering tactics to gain access. Aflac says it has engaged external cybersecurity experts to support its response and containment efforts. While the investigation is still in its early stages,…

Krispy Kreme has disclosed that its November 2024 data breach affected 161,676 people.  In a breach notification shared this week, the company said exposed data varies by person, but the list is long and deeply personal. It includes names, Social Security numbers, dates of birth, and driver’s license or state ID numbers. In some cases, it extends to financial account details, login credentials, debit and credit card data (including security codes), passport numbers, digital signatures, and biometric identifiers. Also potentially compromised: military ID numbers, USCIS or Alien Registration Numbers, and sensitive health or insurance information. The disclosure comes months after…

As the public feud between Elon Musk and Donald Trump heats up online, cybercrooks are wasting no time cashing in on this clash of egos. According to new findings from BforeAI’s PreCrime Labs, at least 39 malicious domains were registered within 48 hours of Musk’s widely publicized 4 June remarks criticizing Trump’s proposed trade legislation.   These domains are designed to impersonate betting sites, fake giveaways, and crypto multipliers, all under the guise of the Musk vs. Trump rivalry. The tactic isn’t new. Threat actors have long exploited celebrity disputes and political theater to bait users into scams. But this campaign…

Swiss banks UBS and Pictet confirmed this week that a third-party cyberattack led to a leak of internal company data, highlighting the growing threat of supply chain vulnerabilities in financial services.  The breach stemmed from an attack on Chain IQ, a Baar-based procurement services provider. Chain IQ said it was one of 20 organisations targeted in a sophisticated intrusion that leveraged techniques “never before seen on a global scale.” UBS moved quickly to reassure stakeholders. “A cyber attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected,”…

Even the guardians are breaking the rules. A new survey by Mindgard has revealed a troubling shift in cybersecurity: security professionals themselves are turning to generative AI tools without approval. More than half admit to it. Others suspect it’s happening. This isn’t happening in the marketing department. It’s happening in the security operations center. Over 500 cybersecurity professionals were surveyed at RSA Conference and Infosecurity Europe 2025. The results show a profession at odds with itself, embracing AI while sidestepping its own safeguards.  The Watchers Are Watching Less They call it Shadow AI. Like Shadow IT before it, it’s the…

Between May 5 and 7, 2025, bad actors launched a subtle but smart phishing campaign using the European Commission’s own survey platform. The attack wasn’t broad, but it was sharp, leveraging the credibility of an EU-linked domain to slip past defenses and harvest credentials. KnowBe4 Threat Lab spotted it early. The phishing emails came from a legitimate sender: [email protected]. That’s not a spoof, but a real domain tied to EUSurvey, a platform used for public consultation and research. This is what made it so dangerous. The Setup: Real Sender, Fake Intent By creating an account on EUSurvey, attackers sent phishing…

Zimperium’s zLabs team has exposed a troubling evolution in mobile banking malware. The latest variant of GodFather doesn’t just spoof screens or steal passwords. It builds a world of its own, inside your phone. This version uses on-device virtualization to hijack real banking and crypto apps. It’s not overlay, it’s not mimicry, it’s full control. At the heart of the attack is a malicious host app. Once installed, it spins up a virtual environment, downloading a copy of the actual targeted app. When the user opens their banking or crypto app, they’re redirected to this sandbox. Everything appears normal, but…

A persistent malware campaign is targeting Microsoft Windows users in Taiwan. Disguised as correspondence from Taiwan’s National Taxation Bureau, the threat actors are deploying a phishing campaign laced with winos 4.0 malware. Fortinet’s FortiGuard Labs traced the operation back to January 2025. Over the months that followed, the campaign evolved, adopting more sophisticated tools and techniques, most notably a variant of the HoldingHands remote access trojan (RAT).  Its objective is simple: establish stealthy, long-term access for further attacks. The method, however, is anything but. The Hook: Official-Looking Emails Initial infection starts with phishing emails purporting to come from government entities.…