April 25, 2025

Apple iPhone Targeted by Advanced Attackers

Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS, and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.CVE-2025-31200 affects CoreAudio, an API Apple devices use for processing audio. The memory corruption vulnerability can be triggered with a maliciously crafted media file: when the audio […]
March 30, 2025

Cyber Attack Disrupts Ukrainian Railway’s Online Services

Ukrainian state railway operator Ukrzaliznytsia was formally and definitively attacked by a large-scale, multi-layered cyberattack that disrupted its online services, particularly the mobile app and website used for ticket purchases. Despite this, train schedules remained unaffected, and all physical train operations continued uninterrupted. As a result of the attack, significant queues formed at Kyiv’s central railway station and other major […]
March 28, 2025

Massive Supply Chain Attack on GitHub Actions

A major supply chain attack targeted GitHub Actions, one of the most widely used automation platforms in modern software development. The incident involved the compromise of the popular open-source Action tj-actions/changed-files, which had been adopted in more than 23,000 repositories. Researchers discovered that malicious code had been injected into the Action, enabling the exfiltration of sensitive secrets such as API […]
March 25, 2025

Alarming Emergence of Fake Banking App Targeting Android Users via Telegram

Cybersecurity researchers discovered a troubling surge in cyberattacks involving a fake banking app specifically crafted to target Android users using Telegram as the primary distribution channel. The fake app was engineered to closely mimic authentic banking apps, meticulously replicating user interface elements and official logos to instill false trust among unsuspecting users. The app was disseminated through Telegram groups and […]
March 5, 2025

Oracle Cloud Breach 6 Million Records Exposed

A major breach targeted Oracle Cloud in March 2025, with the threat actor “rose87168” claiming to have stolen 6 million records containing sensitive credentials, including SSO passwords and Java KeyStore files, impacting over 140,000 tenant organizations worldwide. The attacker attempted to extort Oracle, demanding $20 million in exchange for technical information. Oracle initially denied the breach but later began notifying […]
February 22, 2025

Countermeasures Against DDoS Attacks NISC

Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) took a significant step to bolster global cybersecurity defenses against Distributed Denial-of-Service (DDoS) attacks, particularly those targeting edge devices. Collaborating with international partners, NISC co-published a comprehensive document titled “Mitigation Strategies for Edge Devices,” originally authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC).This joint advisory, […]
February 2, 2025

Casio UK online store hacked to steal customer credit cards

Casio Computer Co., Ltd., a globally recognized manufacturer of electronic products, confirmed that its UK online store was the target of a sophisticated cyberattack aimed at stealing customer payment information. The breach, which specifically affected the e-commerce segment of Casio’s UK operations, raised serious concerns about the security of online retail platforms and the safety of consumer financial data.According to […]
January 30, 2025

Russian ransomware hackers increasingly posing as tech support on Microsoft Teams

Cybersecurity authorities and major technology firms reported a significant surge in cyberattacks orchestrated by Russian-speaking ransomware groups exploiting Microsoft Teams to impersonate technical support staff. These threat actors have adopted increasingly sophisticated social engineering tactics, targeting employees of organizations through fake support messages delivered via Microsoft Teams, a platform widely used for internal business communication.According to intelligence shared by Microsoft […]
January 26, 2025

Hackers impersonate Ukraine’s CERT to trick people into allowing computer access

Concerning development in the cyber threat landscape, malicious actors have launched a sophisticated social engineering campaign by impersonating Ukraine’s Computer Emergency Response Team (CERT-UA). The attackers are leveraging the trusted reputation of CERT-UA to deceive victims into granting unauthorized access to their computer systems.According to cybersecurity analysts, this campaign began circulating in late December 2024 and gained significant traction in […]
Prev page
123456
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.