Kirsten Doyle

A ransomware group called Sarcoma has claimed responsibility for a cyberattack on Manchester Credit Union (MCU) in the UK. The credit union reported technical issues with its payment system earlier this month but described the incident as a “failed ransomware attack,” saying no customer data was compromised. Although MCU said no ransom demand was received, Sarcoma has listed the firm on its leak site and threatened to auction stolen data if payment isn’t made. The bad actors wiped some servers, causing two days of downtime for 21 employees, complicating forensic investigations. Sarcoma, active since October 2024, has been linked to…

At a time when cyber threats are escalating at unprecedented rates, a new warning has emerged for businesses and government entities: networks may be exposing organizations to more danger than they realize. Lawrence Pingree, Vice President at Dispersive and former security lead at Gartner, has published “Your Network Is Showing — Time to Go Stealth,” an in-depth look at how cyberattacks have evolved beyond the perimeter. Pingree points out that malicious actors are no longer simply trying to bypass defenses — they’re now executing coordinated campaigns that target the defenses themselves. Firewalls, VPNs, and control planes, once the cornerstone of…

Researchers at Trustwave have uncovered a surge in malicious online activity traced to IP addresses belonging to a Russian bulletproof hosting provider dubbed Proton66. Since 8 January this year, Trustwave’s SpiderLabs researchers have seen a steep increase in mass scanning, credential brute-forcing, and exploitation attempts targeting organizations around the world. The detailed findings, including technical indicators of compromise and deeper forensic analysis, can be found here (Part 1) and here (Part 2). Both look at Proton66’s role in hosting malicious infrastructure used for launching widespread cyberattacks. According to Trustwave, Proton66 is linked to another Russian autonomous system named PROSPERO. This…

Researchers from HUMAN Security’s Satori Threat Intelligence and Research Team have uncovered a sophisticated ad fraud operation, dubbed “Scallywag,” which exploits WordPress extensions to profit from digital piracy.  The scheme targeted users wanting free access to premium content—a longstanding challenge in the digital world. Scallywag operators developed and distributed WordPress plugins promising access to pirated material — like movies, TV shows, and sporting events. Once installed on websites, these plugins covertly manipulated users’ browsing activities by inserting ad-heavy intermediary pages and redirecting traffic without user consent to generate illicit advertising revenue. According to the findings, Scallywag leveraged deceptive tactics categorized…

A team of researchers from Ruhr University Bochum — Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk — have discovered a critical security vulnerability affecting the SSH implementation in Erlang/OTP. Tracked as CVE-2025-32433, the flaw has been assigned a CVSS v3.1 score of 10.0, the highest possible severity rating. The vulnerability enables a malicious actor with network access to an Erlang/OTP SSH server to execute arbitrary code without any prior authentication. According to the researchers, the issue stems from a flaw in the SSH protocol message handling, where connection protocol messages sent prior to authentication can be exploited. All…

JFrog researchers have uncovered a new supply chain attack targeting cryptocurrency users through a malicious Python package uploaded to the PyPI repository. The package, named “ccxt-mexc-futures,” masqueraded as a legitimate tool for interacting with the MEXC cryptocurrency exchange but was designed to steal users’ crypto assets. According to JFrog, the package contained an “info-stealer” malware that harvested environment variables, hijacked cryptocurrency transactions, and exfiltrated sensitive data to an attacker-controlled server.   Specifically, it targeted users trading on MEXC by modifying withdrawal requests, rerouting tokens to wallets controlled by the threat actor. A Stealthy Operator The malware operated stealthily, making its malicious…

Personally identifiable information (PII), financial data, medical records, account credentials, and intellectual property all require strict access controls to prevent unauthorized exposure. Unfortunately, mobile applications commonly used in both personal and professional settings can compromise this data, even when users believe they are following best security practices.   As mobile devices have become central to business operations, especially with widespread bring-your-own-device (BYOD) policies, they are increasingly serving as primary access points for digital services, they have also become a significant attack surface for data leaks and breaches. To investigate the risks associated with mobile applications, zLabs, the research team at Zimperium,…

Two senators have introduced a bipartisan bill to extend key cybersecurity protections that encourage businesses to share threat information with the federal government. The bill would renew provisions first signed into law under the Cybersecurity Information Sharing Act of 2015. Introduced by U.S. Senators Gary Peters (D-MI), Ranking Member of the Homeland Security and Governmental Affairs Committee, and Mike Rounds (R-SD), the bill incentivizes companies to voluntarily share cybersecurity threat indicators—like software vulnerabilities, malware, and malicious IP addresses—with the Department of Homeland Security (DHS). Protecting Americans’ Personal Data The goal is to better protect Americans’ personal data and strengthen collaboration…

The controversial internet forum 4chan appears to have been hacked, according to multiple online reports. Alleged leaks suggest that a hacker gained access to backend infrastructure and exposed personal details of the site’s moderators. The breach first came to light when a previously inactive section of 4chan suddenly reappeared, displaying a bold message: “U GOT HACKED,” as reported by by Wired. Cybersecurity experts, including Alon Gal, co-founder of Hudson Rock, have said the breach “looks legit,” citing widely shared screenshots that purportedly show internal systems. Adding weight to the claims, TechCrunch spoke with an unnamed 4chan moderator who stated there…

After operating quietly for a year, a Chinese state-sponsored hacking group known as UNC5174 has launched a new cyber campaign, according to the Sysdig Threat Research Team (TRT). Sysdig researchers uncovered the campaign in late January 2025 when they spotted a malicious bash script downloading several files to maintain access on targeted systems. One of these files was a variant of the group’s known malware, SNOWLIGHT, which has been previously used in attacks on F5 devices and was recently mentioned in France’s 2025 Cyber Threat Overview report. In a new twist, UNC5174 is now using an open-source tool called VShell—a…