#cl0p-ransomware
#cl0p-ransomware

NYC startup

Latest crypto hack sees thieves make off with $280 million from Solana DeFi platform Drift | Fortune

14 hours ago

Information security

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Privacy professionals

Iran-Linked Hackers Breach FBI Director Kash Patel's Email, Leak Messages Online

20 hours ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

19 hours ago

TrueConf Zero-Day Exploited in Asian Government Attacks

Chinese hackers exploited a zero-day vulnerability in TrueConf software to attack government entities in Asia, allowing execution of malicious code.

EU data protection

16 hours ago

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

NYC startup

Latest crypto hack sees thieves make off with $280 million from Solana DeFi platform Drift | Fortune

Drift suffered a $280 million hack attributed to North Korea, utilizing a novel attack method involving durable nonces.

14 hours ago

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

Iran-Linked Hackers Breach FBI Director Kash Patel's Email, Leak Messages Online

An Iran-linked hacking group breached FBI Director Kash Patel's personal email, releasing non-sensitive information as a retaliatory cyber attack.

20 hours ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

19 hours ago

TrueConf Zero-Day Exploited in Asian Government Attacks

Chinese hackers exploited a zero-day vulnerability in TrueConf software to attack government entities in Asia, allowing execution of malicious code.

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

fromInfoWorld

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

12 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

fromInfoWorld

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

A North Korean threat actor executed a $285 million heist from the Drift DeFi platform using sophisticated techniques and pre-signed transactions.

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

Cryptocurrency

22 hours ago

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

A North Korean threat actor executed a $285 million heist from the Drift DeFi platform using sophisticated techniques and pre-signed transactions.

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

more#north-korea

#fbi

16 hours ago

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

A breach linked to China exposed phone numbers of FBI surveillance targets, raising concerns about counterintelligence risks.

5 days ago

Privacy professionals

FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

16 hours ago

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

A breach linked to China exposed phone numbers of FBI surveillance targets, raising concerns about counterintelligence risks.

5 days ago

FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

Threat actors accessed FBI Director Kash Patel's personal email, but no government information was compromised.

'Uncanny Valley': Iran's Threats on US Tech, Trump's Plans for Midterms, and Polymarket's Pop-up Flop

Iran threatens US tech firms amid ongoing tensions and preparations for midterm elections are underway.

World news

fromWIRED

Iran Threatens to Start Attacking Major US Tech Firms on April 1

Iran's IRGC plans to attack American companies in the Middle East in retaliation for the killing of Iranian citizens.

fromAxios

Cyber warfare starts to get personal in war between U.S., Israel and Iran

Iran-linked hackers are using data leaks and intimidation tactics against individuals to influence public perception during the current conflict.

6 days ago

Iran-Linked Hackers Breach FBI Director's Personal Email, Hit Stryker With Wiper Attack

Iranian threat actors breached FBI director Kash Patel's email, leaking historical data and photos online.

FBI says Iranian hackers are using Telegram to steal data in malware attacks | TechCrunch

Iranian government hackers exploit Telegram to steal data from dissidents and journalists through malware disguised as legitimate apps.

Podcast

fromWIRED

'Uncanny Valley': Iran's Threats on US Tech, Trump's Plans for Midterms, and Polymarket's Pop-up Flop

Iran threatens US tech firms amid ongoing tensions and preparations for midterm elections are underway.

World news

fromWIRED

Iran Threatens to Start Attacking Major US Tech Firms on April 1

Iran's IRGC plans to attack American companies in the Middle East in retaliation for the killing of Iranian citizens.

fromAxios

Cyber warfare starts to get personal in war between U.S., Israel and Iran

Iran-linked hackers are using data leaks and intimidation tactics against individuals to influence public perception during the current conflict.

6 days ago

Iran-Linked Hackers Breach FBI Director's Personal Email, Hit Stryker With Wiper Attack

Iranian threat actors breached FBI director Kash Patel's email, leaking historical data and photos online.

FBI says Iranian hackers are using Telegram to steal data in malware attacks | TechCrunch

Iranian government hackers exploit Telegram to steal data from dissidents and journalists through malware disguised as legitimate apps.

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

ICE is using commercial spyware domestically, raising constitutional concerns about warrantless surveillance and lack of oversight.

US politics

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

US politics

fromSilicon Canals

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

ICE is using commercial spyware domestically, raising constitutional concerns about warrantless surveillance and lack of oversight.

US politics

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

Node JS

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

Node JS

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

Node JS

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud experienced a data breach where hackers accessed patient electronic health records for over eight hours, but data exfiltration status remains unclear.

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The WAV file is a valid audio file. It passes MIME-type checks. But the audio frame data contains a base64-encoded payload. Decode the frames, take the first 8 bytes as the XOR key, XOR the rest, and you have your executable or Python script.

Python

#cybercrime

US news

Alleged RedLine Malware Administrator Extradited to US

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

Information security

Russian Cybercriminal Gets 2-Year Prison Sentence in US

Ilya Angelov was sentenced to two years in prison for managing a botnet used in ransomware attacks against US corporations.

Information security

Russian initial access broker jailed for 81 months in US

Aleksei Volkov was sentenced to 81 months for selling access to corporate networks used in ransomware attacks, causing millions in losses.

US news

Alleged RedLine Malware Administrator Extradited to US

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

Information security

Russian Cybercriminal Gets 2-Year Prison Sentence in US

Information security

Russian initial access broker jailed for 81 months in US

more#cybercrime

#ransomware

Silicon Valley

fromwww.theguardian.com

We Know You Can Pay a Million by Anja Shortland review the terrifying new world of ransomware

Ransomware originated from a 1989 stunt by Joseph L Popp Jr, who used a Trojan virus to extort money under the guise of HIV prevention.

US Prisons Russian Access Broker for Aiding Ransomware Attacks

Aleksei Volkov was sentenced to 81 months in prison for his role in ransomware attacks causing over $9 million in losses.

Information security

Extorting the Extorters? Moscow man accused of posing as FSB officer to extort Conti ransomware gang - DataBreaches.Net

Information security

Ransomware Groups May Pivot Back to Encryption as Data Theft Tactics Falter

Information security

Ransomware gangs focus on winning hearts and minds | Computer Weekly

fromChannelPro

Information security

Ransomware is on the rise. Again

Silicon Valley

fromwww.theguardian.com

We Know You Can Pay a Million by Anja Shortland review the terrifying new world of ransomware

Ransomware originated from a 1989 stunt by Joseph L Popp Jr, who used a Trojan virus to extort money under the guise of HIV prevention.

US Prisons Russian Access Broker for Aiding Ransomware Attacks

Aleksei Volkov was sentenced to 81 months in prison for his role in ransomware attacks causing over $9 million in losses.

Information security

Extorting the Extorters? Moscow man accused of posing as FSB officer to extort Conti ransomware gang - DataBreaches.Net

Information security

Ransomware Groups May Pivot Back to Encryption as Data Theft Tactics Falter

Information security

Ransomware gangs focus on winning hearts and minds | Computer Weekly

fromChannelPro

Information security

Ransomware is on the rise. Again

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

fromInfoWorld

14 hours ago

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

fromComputerworld

13 hours ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

#malware

Information security

Fake Claude Code source downloads actually delivered malware

Information security

Sophisticated CrystalX RAT Emerges

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Information security

New DeepLoad Malware Dropped in ClickFix Attacks

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

fromBleepingComputer

Information security

New RoadK1ll WebSocket implant used to pivot on breached networks

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

fromBleepingComputer

New RoadK1ll WebSocket implant used to pivot on breached networks

RoadK1ll is a Node.js implant that enables attackers to pivot from a compromised host to other internal systems undetected.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

21 hours ago

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

#ransomware-attack

2 weeks ago

Marquis says over 672,000 people had personal and financial data stolen in ransomware attack | TechCrunch

Marquis, a fintech company serving hundreds of banks, suffered a ransomware attack in August 2025 that compromised personal and financial data of over 672,000 people, with more than half residing in Texas.

Crims hit EV charger firm ELECQ, steal customer contact data

ELECQ, a smart EV charger maker, suffered a ransomware attack on March 7 that encrypted and copied customer personal data including names, email addresses, phone numbers, and home addresses from its AWS cloud systems.

2 weeks ago

Marquis says over 672,000 people had personal and financial data stolen in ransomware attack | TechCrunch

Crims hit EV charger firm ELECQ, steal customer contact data

more#ransomware-attack

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

more#supply-chain-attack

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Information security

Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Information security

Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Tech industry

INC ransomware opsec fail allowed data recovery for 12 US orgs - DataBreaches.Net

Researchers recovered data stolen by the INC ransomware gang from a dozen U.S. organizations after an operational security failure exposed attacker infrastructure.

Ministry of Finance portal still offline following cyber incident

The Mijn Schatkist portal is offline due to a cyber incident, affecting 1,600 institutions' access to balances and reports.

Interpol obliterates cyber criminal infrastructure | Computer Weekly

Interpol's Operation Synergia III neutralized 45,000 malicious IP addresses and servers across 72 countries, resulting in 94 arrests and over 100 investigations targeting cyber fraud, phishing, malware, and ransomware infrastructure.

Interpol sinkholes 45,000 IPs linked to global cybercrime

Interpol arrested 94 cybercriminals across multiple countries during Operation Synergia III, seizing 212 devices and sinkholing over 45,000 malicious IP addresses linked to phishing, romance scams, and credit card fraud.

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

AI-generated malware Slopoly enables threat actors to develop malware frameworks significantly faster, demonstrating the weaponization of AI for cybercriminal purposes.

4 weeks ago

2025 was a new record year for ransomware

Qilin was the most active ransomware group in 2025 with 1,022 attacks, accounting for 13 percent of the total. The group operates via a franchise-like Ransomware-as-a-Service model: affiliates arrange initial access, while the core operators manage negotiations and publications of the leaked data.

Information security

Qilin crew continues to dominate ransomware ecosystem | Computer Weekly

Given the scale and disruption of 2025, this pattern could be an early signal that 2026 may follow a similar path. Organisations should not mistake the month-on-month drop for a decline in risk. As for Qilin, its attacks show no signs of stopping - within the past few days it has claimed a breach of the Local 100 Chapter of the Transport Workers Union of America, affecting 41,000 current and 26,000 former employees.

Information security

Man Linked to Phobos Ransomware Arrested in Poland

A 47-year-old man arrested by police in Poland for allegedly being involved in cybercriminal activities has been linked to the Phobos ransomware operation. According to Poland's Central Cybercrime Bureau, officers found hacking tools, credentials, payment card numbers, and server IP addresses on the unnamed suspect's devices during a search. They also discovered that the suspect had exchanged messages with the Phobos ransomware group.

Information security

Poland arrests suspect linked to Phobos ransomware operation - DataBreaches.Net

Polish police arrested a 47-year-old man linked to the Phobos ransomware group, seizing devices containing credentials, credit card numbers, and server access data.

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [artificial intelligence] agents," Hudson Rock said. Alon Gal, CTO of Hudson Rock, told The Hacker News that the stealer was likely a variant of Vidar based on the infection details.

Information security

#ramp

Information security

Russian ransomware forum seized by U.S. law enforcement - DataBreaches.Net

Information security

RAMP ransomware forum goes dark in probable FBI sting | Computer Weekly

Information security

Ransomware crims forced to take off-RAMP as FBI seizes forum

Information security

Russian ransomware forum seized by U.S. law enforcement - DataBreaches.Net

Information security

RAMP ransomware forum goes dark in probable FBI sting | Computer Weekly

Information security

Ransomware crims forced to take off-RAMP as FBI seizes forum

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A Russian-affiliated actor uses CANFAIL malware and LLM-generated phishing lures to target Ukrainian defense, energy, aerospace, and related organizations.

fromComputerworld

Global Group ransomware gang running new campaign using Windows shortcut files

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows' shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were wrong. According to researchers at Forcepoint, a new high-volume phishing campaign spreading the Global Group ransomware has been detected that hopes to sucker employees into clicking on an attachment in an email with the subject line 'Your document.'

Information security

Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice

Two Ukrainians suspected of working for Russia-linked ransomware group Black Basta identified; alleged leader Oleg Nefedov added to EU Most Wanted and INTERPOL Red Notice.

fromSecuritymagazine

Ransomware Without Encryption: Why Pure Exfiltration Attacks Are Surging

Attackers shifted from encryption to pure exfiltration, enabling stealthy data theft, prolonged dwell time, and double/triple extortion that bypasses traditional defenses.