September 4, 2025

NightshadeC2: A New Botnet Is Using “UAC Prompt Bombing” to Bypass Windows Defender

Cybersecurity researchers identified a highly sophisticated botnet known as NightshadeC2, which employs an innovative technique called UAC Prompt Bombing to bypass Windows Defender and evade detection in malware analysis environments. The botnet is primarily distributed through trojanized versions of legitimate software, including VPN clients, system utilities, and file search applications. Social engineering tactics are used to trick users into executing […]
September 1, 2025

Jaguar Land Rover Cyberattack Forces Extended Factory Shutdown and Disrupts Global Operations

Jaguar Land Rover (JLR), the United Kingdom’s largest automotive manufacturer and a subsidiary of Tata Motors, experienced a significant ransomware attack that forced a global operational shutdown. The cyberattack, attributed to the Scattered Lapsus$ Hunters group, caused severe disruption across multiple manufacturing plants in Solihull, Halewood, Wolverhampton, Slovakia, Brazil, and India. In response, JLR proactively disabled IT systems to contain […]
August 7, 2025

Air France and KLM customers’ personal details exposed via data breach

Air France KLM Group disclosed a data compromise incident affecting its customer base, traced to a breach at a third-party service provider that supported its contact center operations. The company confirmed detecting unusual activity on the external platform, after which it initiated an immediate response involving the vendor, cybersecurity experts, and relevant authorities.The exposed information primarily consisted of customer names, […]
August 2, 2025

Google’s Salesforce CRM Breach by ShinyHunters

Google disclosed that its Salesforce CRM environment had been compromised by the cybercriminal group ShinyHunters, exposing customer contact data from its small- and medium-sized business clients. The breach, which occurred in June 2025 but was revealed publicly in August, was executed through social engineering tactics, particularly voice phishing (vishing). Attackers impersonated trusted personnel to trick an employee into granting access, […]
July 31, 2025

CISA Announces Release of Thorium for Malware Analysis

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with Sandia National Laboratories, released Thorium, an automated, scalable malware and forensic analysis platform that can integrate commercial, custom, and open-source analysis tools and enable cyber defenders to quickly assess malware threats and index forensic analysis results into a unified platform.Advanced persistent threats using malware continue to increase in volume and […]
July 22, 2025

Dell demonstration platform breached by World Leaks extortion group

Dell Technologies disclosed that its Customer Solution Centers demonstration platform had been compromised by the cyber-extortion group known as World Leaks, formerly Hunters International. The platform in question is used exclusively for showcasing Dell products, running proofs of concept, and testing configurations for prospective clients. Dell emphasized that this environment is fully segmented from internal networks, production systems, partner environments, […]
July 17, 2025

BigONE Cryptocurrency Exchange Hot Wallet Exploit

Seychelles-based cryptocurrency exchange BigONE suffered a significant hot-wallet exploit resulting in losses estimated at $27 million across multiple blockchains, including Bitcoin, Ethereum, BNB Chain, Solana, and TRON. The exchange confirmed the incident on 16 July, reporting that abnormal withdrawals had been detected and that hot-wallet operations were immediately suspended. Importantly, BigONE emphasized that its cold storage reserves remained secure and […]
July 10, 2025

Qilin Ransomware Dominates the Month

The Qilin ransomware group emerged as the most dominant player in the global ransomware landscape, consolidating its position as a formidable cyber extortion actor. The group was responsible for approximately 73 confirmed victims, accounting for nearly 17% of the 423 ransomware disclosures tracked worldwide during the month. This marks the third time in four months that Qilin has led in […]
June 17, 2025

Supply Chain Attack on NPM Packages

In June 2025, a significant supply chain attack on the NPM ecosystem was uncovered, primarily affecting multiple React-Native Aria packages that had been tampered with to distribute a Remote Access Trojan (RAT). The malicious code was embedded in seemingly routine updates, beginning with @react-native-aria/focus version 0.2.10 and quickly spreading across related packages, many of which collectively record hundreds of thousands […]
1234567891011121314151617181920212223242526272829303132333435
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.