news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Mcgrath
- Australia
- Dienet
- Australia And New Zealand
- Real Estate
- Israel
- Social Services
- Asia
- Business Services
- Government
- Entertainment
- Anonymous 71
- Middle East
- Retail
- Red Wolf Team
- Argal Services
- Network Denial Of Service
- Israel Police - Cyber Crime Unit
- Islamic Hacker Army
- Rippersec
- Restoration Site, Rosh Pena Restoration Association
- Bangladesh Civilian Force
- Education
- Technion Israel Institute Of Technology
- Bar-Ilan University
- Finance
- Turkiz
- Insurance Agents, Brokers And Service
- Systemadminbd
- Anonymous Bd
- 10Buy.Co.Il
- France
- Europe
- Western Europe
- Technology
- Hillshave
- Luxury Watches
- Coreinjection
- Hadshon Hebrew
- Electronic Tigers Unit
- Galilee Development Authority
- Automotive
- Clal Insurance
- North America
- United States
- Manufacturing
- Kospy
- Apt37
- Shenkar College
- Pogrom.Org.Il
- Ministry Of Education (Israel
- Gadish-Maoz
- Sheket Team
- Gufyprint.Co.Il
- 4Sale Real Estate
- Construction
- Lulzsec Black
- Se Lawfirm
- Honigsfeld.Co.Il
- Jokeir 07X
- Stock Matok
- Jbags.Co.Il
- Netzz.Co.Il
- Healthcare
- Libi Studio
- Israel'S Traditional Chinese Medicine Association
- Legal Services
- Media
- Heldstudio.Co.Il
- Health Services
- Miscellaneous Manufacturing Industries
- The Knesset
- Babuk2
- Hades_Hgs
- Turk Nokta Net
- Telecommunications
- Turkey
- National Telecommunications Commission
- Luxurysp1D3R
- South-Eastern Asia
- Philippines
- Unc3886
- Juniper
- National Union Of School Sports
- Vorvitz_5
- Afghanistan
- Stealerbot
- Energy
- Djibouti
- Northern Africa
- Bangladesh
- Eastern Asia
- United Arab Emirates
- Eastern Europe
- Sub-Saharan Africa
- Algeria
- Southern Asia
- Sidewinder
- CVE-2017-11882
- Rwanda
- Egypt
- Bulgaria
- India
- Cve-2017-11882
- Cambodia
- Saudi Arabia
- Africa
- Uganda
- Maldives
- China
- Vietnam
- Transportation
- United Kingdom
- Jaguar Land Rover
- Hikki-Chan
- Israel Innovation Authority
- Illeak
- Re/Max Israel
- Cyber Fattah Team
- Israeli Air Force
- Sk_Ekf
- Spider-X
- Ben Gurion Radio Station
- Kablan Net
- Facemaster
- Weonline
- Malki Media
- Channel13.Co.Il
- Now Malki
- Byit.Co.Il
- 123Bignet.Co.Il
- Beisrael
- Di Center
- Netivey Dolev
- Cyber Islamic Resistance
- Malki Plus
- Av Plumber
- U B First
- Defacement
- Rhadamanthys
- Stealc
- Encrypthub
- Fickle
- Encryptrat
- Kematian
- Hellcat
- Groupe Renault
- Division Production Ingénierie Hydraulique
- Arkeliaad
- Israel'S National Insurance
- Zeggo
- Netsupport Rat
- Doenerium
- Lumma Stealer
- Bikurofe
- Edri Ltd
- Cyber Toufan Operation
- Dominican Republic
- Latin America And The Caribbean
- Venezuela
- Dark Caracal
- Chile
- Ecuador
- Colombia
- Poco-Rat
- Abhivenom123
- Brute Force
- Financial Theft
- Password Brute Forcing
- Sosano
- Unk_Craftycamel
- Dni
- Southern Europe
- Legálitas
- Spain
- Polsa
- Poland
- Zurich Insurance
- Brazil
-
Mar 26, 2025
DieNet Claim Breach of Australian Real Estate Company McGrath
On March 25, 2025, the hacktivist group "DieNet" claimed responsibility for breaching McGrath, one of Australia's largest and fourth-ranked real estate companies. The breach allegedly involved the seizure of the company's entire database, which included sensitive data such as employee information, customer details, and business financial data (including receipts and company revenues). The group also mentioned that personal information of hundreds of real estate companies and individuals would be published. The targeting was reportedly motivated by Australia's alliance with the United States and support for Trump.
-
Mar 23, 2025
Anonymous 71 Claims Attack on 10 Israeli Sites
On March 23rd, 2025, the hacktivist group Anonymous 71 claimed to have shut down 10 Sites, 8 of which were located in Israel. The affected sites belong to companies in the Entertainment, Business Services, and Social Services sectors. The group has provided evidence of its DDoS attacks.
-
Mar 20, 2025
-
Mar 20, 2025
-
Mar 20, 2025
-
Mar 20, 2025
-
Mar 20, 2025
-
Mar 20, 2025
-
Mar 20, 2025
-
Mar 19, 2025
Luxury-Watches - Breach- 2025-03-17
A threat actor "HillShave" has leaked a database belonging to Luxury-Watches France, a website that sells high-end watches and diamonds and is based in Nice/Paris in France. According to the threat actor, the database includes about 100-200 unique emails and names.
-
Mar 19, 2025
Threat Actor "CoreInjection" Sells Access To Israeli Digital Display Company
On March 18, 2025, the threat actor CoreInjection claimed to have gained exclusive access to a prominent Israel-based company specializing in digital display solutions for shopping malls. The access includes control over 17 Windows servers, administrative permissions within the company’s advanced management systems, and direct entry to the central server managing the display inventory, allowing for immediate content control and propagation. The group also highlighted high-speed connectivity, ideal for data extraction or exfiltration. The asking price for this access is $100,000 USD, with payment accepted exclusively via cryptocurrency. On March 18th, a digital banner in an Israeli mall was hijacked with a message saying "Defaced by Coreinjection, Clal pay the ransom", the attack could relate to previous attacks claimed by the threat actor on Clal Insurance to pressure the victim.
-
Mar 19, 2025
-
Mar 19, 2025
-
Mar 18, 2025
Threat Actor Sells Access To Israeli Automotive Company
On March 16, 2025, the threat actor group CoreInjection claimed to have gained full access to the internal network and management email systems of a prominent international car company operating in Israel. The breach includes control over the company’s Israeli network infrastructure and direct access to high-level executive and managerial email accounts. The group is offering this access for sale at $50,000 USD.
-
Mar 18, 2025
Threat Actor Claims to Have Breached Clal Insurance, Offers Database for 200 Thousand Dollars
On March 17, 2025, the threat actor CoreInjection claimed to have stolen 400,000 customer policies and sensitive files from Clal Insurance, one of Israel's largest insurance companies. The leaked dataset includes detailed policy information for 400,000 customers, along with personally identifiable information (PII), financial data, and other confidential records. The threat actor is reportedly offering the data for sale at $200,000, with payment to be made exclusively via cryptocurrency.
-
Mar 17, 2025
Sale of Admin Access to U.S. Industrial Firm Revealed on Dark Web
A threat actor known as "CoreInjection" recently posted on the dark web forum "BreachForums" offering exclusive administrative command-line interface (CLI) and shell access to a major U.S.-based industrial machinery and equipment company. The sale, priced at $100,000, grants full administrative privileges to the company's remote management system, which could allow threat actors deep control over critical systems.
-
Mar 17, 2025
New Android Spyware Kospy Linked to North Korean Threat Actor Scarcruft
The North Korea-linked threat actor Scarcruft has been identified as the creator of a new Android surveillance tool named Kospy, which targets both Korean and English-speaking users. This malware, which has been active since March 2022, masquerades as legitimate utility applications on the Google Play Store to deceive users into downloading it. Kospy is capable of collecting extensive data from infected devices, including SMS messages, call logs, and location information, while utilizing a sophisticated command-and-control infrastructure that allows it to operate stealthily. The malware's plugins and configurations remain largely unknown, as the command servers are either inactive or unresponsive.
-
Mar 17, 2025
-
Mar 16, 2025
-
Mar 16, 2025
-
Mar 16, 2025
Hacktivist Groups Claim To Have Breached Israeli Web Hosting Server and to Have Deleted 12 Israeli Websites
On March 14th, 2025, the hacktivist groups "LulzSec Black" and "Jokeir 07x" claimed to have gained access to an Israeli web hosting server and as a result, taken down 12 Israeli Sites, among those sites,
-
Mar 16, 2025
Ransomware Group Babuk2 Claims to Have Attacked The Knesset
On March 15th, the ransomware group "Babuk2" claimed to have attacked the Knesset, Israel's Parliament, and to have exfiltrated 910 GB of internal data, including more than 200 thousand documents. Babuk2 is selling the data, along with publishing a portion of the data on their DLS.
-
Mar 13, 2025
Threat Actor Claims to Have Breached TurkNet
In March 2025, a threat actor named hades_hgs claimed to have breached Turknet, a telecommunications company in Türkiye, and to have gained access to its database. According to the threat actor, approximately 2.8 million rows of data belonging to Turknet's customers were taken, including sensitive information such as customer IDs, contact details, addresses, usernames, and identification numbers.
-
Mar 13, 2025
Threat Actor Claims to Have Breached the National Telecommunications Commission (NTC) of the Philippines
In March 2025, a threat actor named LuxurySp1d3r claimed to have breached the National Telecommunications Commission (NTC) of the Philippines and to have gained access to its database. According to the threat actor, a critical dataset belonging to the NTC was taken, including sensitive information related to nationwide telecommunications operations, surveillance mechanisms, and user tracking systems.
-
Mar 13, 2025
Chinese Espionage Group Targets Juniper Routers with Custom Backdoors
The China-nexus cyber espionage group, tracked as UNC3886, has been observed targeting Juniper Networks routers in a campaign aimed at deploying custom backdoors. These backdoors exhibit various capabilities, including disabling logging mechanisms and maintaining persistent remote access. The group has evolved its tactics, previously exploiting zero-day vulnerabilities in devices from Fortinet, Ivanti, and VMware. The latest activity, identified in mid-2024, involves the use of multiple distinct backdoors based on the Tinyshell framework, showcasing the group's advanced knowledge of system internals and a focus on stealth and long-term persistence. Organizations are advised to upgrade their Juniper devices to mitigate these threats.
-
Mar 12, 2025
Data Breach Announcement: UNSS France (7.7M Citizens & 10.5K Educational Institutions)
A threat actor known as "vorvitz_5" has announced the breach of data from 7.7 million French citizens associated with the UNSS (National Union of School Sports), exposing sensitive information such as gender, full names, birthdates, personal and parental email addresses, and phone numbers. Additionally, the breach includes details of 10.5K educational institutions, with data such as institutional identifiers, administrative contacts, phone numbers, fax numbers, postal codes, and banking information (IBAN, BIC). The threat actor offers the data for sale and has shared sample files on the dark net forum "BreachForums."
-
Mar 12, 2025
Sidewinder APT Targets Maritime and Nuclear Sectors in Asia and Africa
The advanced persistent threat (APT) group known as Sidewinder has been actively targeting maritime and logistics companies, as well as nuclear energy infrastructure across South and Southeast Asia, the Middle East, and Africa. Observed by Kaspersky in 2024, the group's attacks have affected countries including Bangladesh, Cambodia, Djibouti, Egypt, the UAE, and Vietnam, with a notable focus on diplomatic entities in various nations. Sidewinder employs sophisticated tactics, including spear-phishing and exploiting known vulnerabilities, to maintain persistence on compromised networks and evade detection
-
Mar 12, 2025
Jaguar Land Rover Data Breach Exposes Sensitive Internal Documents and Employee Information
In March 2025, "Jaguar Land Rover," a global automotive leader with a reported revenue of $29.9 billion, suffered a significant data breach. The leak involved around 700 internal documents, including confidential files, development logs, tracking data, source codes, and a compromised employee dataset. This dataset exposed sensitive information such as usernames, email addresses, display names, and time zones. The breach was posted on the dark net forum "BreachForums" by the threat actor known as "Rey."
-
Mar 12, 2025
Threat Actor Publishes a Dataset of 150K Israeli Emails and Passwords
On March 12th, 2025, in an underground chat group dedicated to the circulation of stolen data, a threat actor published 2 datasets of Israeli citizens, one dataset contains 150 thousand email addresses (ending with the TLD .il) and passwords, the other seems to contain credit card information.
-
Mar 12, 2025
-
Mar 11, 2025
ILleak Group Leaks Vaccination Data of 500,000 Israelis
The "ILleak" threat actor group has released sensitive vaccination data of approximately 500,000 Israelis, offering the information for sale for one million dollars. The data includes personal details such as names, identification numbers, birthdates, and vaccine information. The group also made a sample of 500 records available for free.
-
Mar 11, 2025
-
Mar 11, 2025
Threat Actor Claims To Have Breached The Israeli Air Force
On March 9, 2025, a threat actor named "sk_ekf" claimed to have obtained an Israeli Airforce database containing 61,000 active records, with data valid until January 9, 2025. The database includes sensitive information such as pilot IDs, license IDs, last update dates, Hebrew and English names, and other military-related data, though the full contents were not revealed. The data is available in XLSX/CSV format and is offered to serious buyers only.
-
Mar 10, 2025
-
Mar 10, 2025
Cyber Islamic Resistance Claims To Have Defaced 14 Israeli Sites
On March 10th, the hacktivist group Cyber Islamic Resistance claimed to have gained access to a web hosting server and to have defaced 14 Israeli websites, Specifically targeting companies in the Retail, Business Services, and Telecommunications Sectors
-
Mar 10, 2025
Cyber Fattah Team Defaces Israeli Websites with Pro-Palestinian Messages
The threat actor group 'Cyber Fattah Team' has launched defacement attacks against multiple Israeli company websites. As a result, the affected websites' homepages have been altered to display pro-Palestinian propaganda attributed to the group.
-
Mar 10, 2025
Encrypthub - New Financially Motivated Threat Actor Group is Active in a New Campaign
The financially motivated threat actor known as Encrypthub has been orchestrating sophisticated phishing campaigns aimed at deploying information stealers and ransomware. Active since June 2024, Encrypthub employs various tactics including SMS and voice phishing to trick victims into installing malicious software disguised as legitimate applications. The group has been linked to other ransomware entities and utilizes third-party pay-per-install services to distribute malware at scale. Their operations include the development of a command-and-control panel named Encryptrat to manage infections and stolen data, highlighting the need for organizations to adopt robust security measures against such evolving threats.
-
Mar 09, 2025
Threat Actor "Rey" Leaks Data Allegedly Belonging to Renault Group
In March 2025, the Ransomware Group Hellcat claimed to have gained access to a database containing Renault Group's data, after exfiltrating AWS Keys from Renault's vendor - OneDealer. According to the threat actor speaking for the group, "Rey", over 17 GB of data belonging to Renault's customers was taken, including 144,000 files containing invoices, contracts, and other critical business information.
-
Mar 09, 2025
EDF DPIH - Breach - 2025-02-28
A threat actor named "Arkeliaad" leaked a database belonging to France's electricity producer, DPIH (a division of EDF-France’s national electricity provider), on BreachForums. According to the threat actor, the database contains nuclear power plant maintenance records, planned tasks, inspections and site visit logs, internal intervention and engineering reports, identities and access credentials of authorized personnel, as well as plans for the future. It also allegedly contains all the identifiers of the agents.
-
Mar 09, 2025
Threat Actor "zeggo" Leaks Data from Israel's National Insurance Institute on BreachForums
A threat actor known as "zeggo" has claimed responsibility for leaking data from the "National Insurance Institute of Israel" (Bituach Leumi). The exposed dataset, published on the dark web forum "BreachForums," consists of two separate files containing 41,749 records with personal and contact information. The leaked data, stored in JSON format, allegedly includes emails, names, gender, phone numbers, addresses, types of treatment, and supplier details.
-
Mar 09, 2025
Massive Malvertising Campaign Targets Over One Million Devices Globally
Microsoft has disclosed a large-scale malvertising campaign, tracked under the name Storm-0408, which has impacted over one million devices worldwide. The campaign, originating from illegal streaming websites, employs a complex redirection chain to deliver remote access and information-stealing malware via platforms like GitHub, Discord, and Dropbox. The attack involves multiple stages, including system reconnaissance and data exfiltration, utilizing various scripts and tools to evade detection and steal sensitive information. The indiscriminate nature of the attack affects both consumer and enterprise devices across various industries.
-
Mar 06, 2025
Suspected Attack by Iranian Threat Actors on Bikurofe
Earlier this week, Bikurofe, an Israeli health clinic chain, suffered a cybersecurity incident propagated by threat actors, believed to be of Iranian origin. The National Cyber Directorate and the clinic’s cybersecurity team are investigating the event, examining whether any data leakage occurred and its nature. So far, no indication of sensitive or significant data being leaked has been found.
-
Mar 06, 2025
'Cyber Toufan' Claims Data Breach of Israeli Construction Firm 'Edri LTD'
The threat actor group 'Cyber Toufan' has claimed responsibility for breaching the Israeli construction company 'Edri LTD.' According to the group, the stolen data includes sensitive files related to the company's projects, suppliers, clients, and credentials. They have also shared screenshots of documents and Excel tables as proof of the breach.
-
Mar 06, 2025
Dark Caracal's New Campaign: Poco RAT Targets Latin America
The threat actor known as Dark Caracal has been linked to a new malware campaign deploying a remote access trojan called Poco RAT, primarily targeting Spanish-speaking countries in Latin America. According to a report by Positive Technologies, Poco RAT is equipped with extensive espionage capabilities, allowing it to upload files, capture screenshots, and execute commands on compromised systems. The campaign employs phishing emails with finance-themed lures to initiate infections, utilizing decoy documents that redirect victims to download malicious payloads from legitimate file-sharing services. The attacks are focused on enterprises in Venezuela, Chile, the Dominican Republic, Colombia, and Ecuador, continuing Dark Caracal's longstanding history of cyber espionage against Spanish-speaking targets.
-
Mar 05, 2025
-
Mar 05, 2025
Mass Exploitation Campaign Targets ISPs in China and the US
A mass exploitation campaign has been identified targeting internet service providers (ISPs) in China and the West Coast of the United States, deploying information stealers and cryptocurrency miners on compromised systems. The threat actors, who remain unidentified, have been observed using minimal intrusive operations to avoid detection while leveraging brute-force attacks on weak credentials. The campaign involves the use of scripting languages like Python and PowerShell for command-and-control operations, and the malware is capable of stealing sensitive information, including cryptocurrency wallet addresses, and exfiltrating it via Telegram. Over 4,000 IP addresses belonging to ISPs were specifically targeted, with the attackers employing tools to disable security features and conduct network scanning before executing their payloads.
-
Mar 05, 2025
New Phishing Campaign Targets UAE Aviation Sector
A new phishing campaign has been identified as targeting fewer than five organizations in the United Arab Emirates, specifically within the aviation and satellite communications sectors. This campaign utilized a compromised email account from an Indian electronics company, Indic Electronics, to deliver a previously undocumented Golang backdoor named Sosano. The attack employed sophisticated techniques, including the use of polyglot files and a malicious zip archive, to execute the backdoor and establish a command-and-control connection. Analysts suggest the campaign may be linked to an Iranian-aligned adversary, named "unk_craftycamel" by ProofPoint.
-
Mar 04, 2025
Legalitas - Breach- 2025-03-03
A threat actor known as DNI claims to be selling data allegedly exfiltrated from legalitas.com, a Spanish legal services company. The breach reportedly affects 125 clients and includes sensitive personal and financial information. The leaked dataset allegedly contains front and back copies of DNI (Spanish national ID), bank account details, including IBAN, full names, and DNI numbers.
-
Mar 04, 2025
POLSA- Breach - 2025-03-02
The Polish Space Agency (POLSA) is currently dealing with a "cybersecurity incident," it confirmed via its X account on Sunday. POLSA didn't reveal much in the way of details about what's going on, other than that the agency "immediately disconnected" its own network after discovering an intrusion into its systems. The social media post suggests this measure was taken to safeguard the security of its data.
-
Mar 03, 2025
Threat Actor Rey Claims Breach of Zurich Insurance
On March 2nd, 2025, a threat actor named Rey published data reportedly belonging to Zurich Insurance Group. The threat actor claimed to have gained access to their database in February 2025. In addition, the threat actor contended that over 1,400 highly sensitive internal files belonging to Zurich Insurance Group's customers were taken, including financial reports, contracts, internal emails, and sensitive documents.
