news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Network Denial Of Service
- Pogrom.Org.Il
- Rippersec
- Asia
- Business Services
- Ministry Of Education (Israel
- Israel
- Middle East
- Libi Studio
- Healthcare
- Retail
- Gadish-Maoz
- Real Estate
- Se Lawfirm
- Legal Services
- Lulzsec Black
- Stock Matok
- Miscellaneous Manufacturing Industries
- Media
- Gufyprint.Co.Il
- Jbags.Co.Il
- Heldstudio.Co.Il
- Israel'S Traditional Chinese Medicine Association
- Health Services
- Netzz.Co.Il
- Sheket Team
- Honigsfeld.Co.Il
- Construction
- 4Sale Real Estate
- Manufacturing
- Jokeir 07X
- Government
- The Knesset
- Babuk2
- Hades_Hgs
- Turk Nokta Net
- Turkey
- Telecommunications
- Philippines
- South-Eastern Asia
- National Telecommunications Commission
- Luxurysp1D3R
- Juniper
- Unc3886
- Europe
- France
- Western Europe
- Entertainment
- National Union Of School Sports
- Vorvitz_5
- Sidewinder
- China
- Saudi Arabia
- Cambodia
- Southern Asia
- Eastern Europe
- Uganda
- Egypt
- Energy
- Afghanistan
- Rwanda
- Bulgaria
- Vietnam
- United Arab Emirates
- CVE-2017-11882
- India
- Maldives
- Cve-2017-11882
- Stealerbot
- Africa
- Northern Africa
- Bangladesh
- Eastern Asia
- Sub-Saharan Africa
- Algeria
- Djibouti
- Jaguar Land Rover
- United Kingdom
- Hikki-Chan
- Transportation
- Finance
- Israel Innovation Authority
- Illeak
- Re/Max Israel
- Cyber Fattah Team
- Sk_Ekf
- Israeli Air Force
- Ben Gurion Radio Station
- Spider-X
- Weonline
- Now Malki
- 123Bignet.Co.Il
- Malki Media
- Cyber Islamic Resistance
- Av Plumber
- Kablan Net
- Facemaster
- Malki Plus
- Byit.Co.Il
- Netivey Dolev
- Beisrael
- Di Center
- U B First
- Channel13.Co.Il
- Defacement
- Encryptrat
- Fickle
- Rhadamanthys
- Encrypthub
- Kematian
- Stealc
- Hellcat
- Groupe Renault
- Arkeliaad
- Division Production Ingénierie Hydraulique
- Israel'S National Insurance
- Zeggo
- Insurance Agents, Brokers And Service
- Lumma Stealer
- Netsupport Rat
- Doenerium
- Bikurofe
- Edri Ltd
- Cyber Toufan Operation
- Dark Caracal
- Chile
- Venezuela
- Dominican Republic
- Poco-Rat
- Latin America And The Caribbean
- Colombia
- Ecuador
- Abhivenom123
- United States
- Password Brute Forcing
- Technology
- Financial Theft
- North America
- Brute Force
- Unk_Craftycamel
- Sosano
- Spain
- Dni
- Legálitas
- Southern Europe
- Polsa
- Poland
- Brazil
- Zurich Insurance
- Mexico
- Indonesia
- Germany
- Argentina
- Vo1D
- Malaysia
- Iraq
- Pakistan
- Thailand
- South Africa
- Taiwan
- Australia
- CVE-2023-20118
- Cve-2023-20118
- Australia And New Zealand
- Polaredge
- Russia
- Dark Storm Team
- Egged
- Eduardxmontana
- Redblock
- Waterstream
- Xploit3R
- Education
- Auto-Color
- Sticky Werewolf
- Belarus
- Datacar
- Picassoloader
- Ukraine
- Ghostwriter
- Israelrail
- Orange Romania
- Romania
- Crowdstrike
- Grep
- Hong Kong
- Japan
- Singapore
- South Korea
- Fatalrat
- Asyncrat
- Quasar Rat
- Os Credential Dumping
- Clipper
- Scripting
- Remote Access Software
- Elbit Systems
- X888
- exclusive
-
Mar 16, 2025
-
Mar 16, 2025
-
Mar 16, 2025
Hacktivist Groups Claim To Have Breached Israeli Web Hosting Server and to Have Deleted 12 Israeli Websites
On March 14th, 2025, the hacktivist groups "LulzSec Black" and "Jokeir 07x" claimed to have gained access to an Israeli web hosting server and as a result, taken down 12 Israeli Sites, among those sites,
-
Mar 16, 2025
Ransomware Group Babuk2 Claims to Have Attacked The Knesset
On March 15th, the ransomware group "Babuk2" claimed to have attacked the Knesset, Israel's Parliament, and to have exfiltrated 910 GB of internal data, including more than 200 thousand documents. Babuk2 is selling the data, along with publishing a portion of the data on their DLS.
-
Mar 13, 2025
Threat Actor Claims to Have Breached TurkNet
In March 2025, a threat actor named hades_hgs claimed to have breached Turknet, a telecommunications company in Türkiye, and to have gained access to its database. According to the threat actor, approximately 2.8 million rows of data belonging to Turknet's customers were taken, including sensitive information such as customer IDs, contact details, addresses, usernames, and identification numbers.
-
Mar 13, 2025
Threat Actor Claims to Have Breached the National Telecommunications Commission (NTC) of the Philippines
In March 2025, a threat actor named LuxurySp1d3r claimed to have breached the National Telecommunications Commission (NTC) of the Philippines and to have gained access to its database. According to the threat actor, a critical dataset belonging to the NTC was taken, including sensitive information related to nationwide telecommunications operations, surveillance mechanisms, and user tracking systems.
-
Mar 13, 2025
Chinese Espionage Group Targets Juniper Routers with Custom Backdoors
The China-nexus cyber espionage group, tracked as UNC3886, has been observed targeting Juniper Networks routers in a campaign aimed at deploying custom backdoors. These backdoors exhibit various capabilities, including disabling logging mechanisms and maintaining persistent remote access. The group has evolved its tactics, previously exploiting zero-day vulnerabilities in devices from Fortinet, Ivanti, and VMware. The latest activity, identified in mid-2024, involves the use of multiple distinct backdoors based on the Tinyshell framework, showcasing the group's advanced knowledge of system internals and a focus on stealth and long-term persistence. Organizations are advised to upgrade their Juniper devices to mitigate these threats.
-
Mar 12, 2025
Data Breach Announcement: UNSS France (7.7M Citizens & 10.5K Educational Institutions)
A threat actor known as "vorvitz_5" has announced the breach of data from 7.7 million French citizens associated with the UNSS (National Union of School Sports), exposing sensitive information such as gender, full names, birthdates, personal and parental email addresses, and phone numbers. Additionally, the breach includes details of 10.5K educational institutions, with data such as institutional identifiers, administrative contacts, phone numbers, fax numbers, postal codes, and banking information (IBAN, BIC). The threat actor offers the data for sale and has shared sample files on the dark net forum "BreachForums."
-
Mar 12, 2025
Sidewinder APT Targets Maritime and Nuclear Sectors in Asia and Africa
The advanced persistent threat (APT) group known as Sidewinder has been actively targeting maritime and logistics companies, as well as nuclear energy infrastructure across South and Southeast Asia, the Middle East, and Africa. Observed by Kaspersky in 2024, the group's attacks have affected countries including Bangladesh, Cambodia, Djibouti, Egypt, the UAE, and Vietnam, with a notable focus on diplomatic entities in various nations. Sidewinder employs sophisticated tactics, including spear-phishing and exploiting known vulnerabilities, to maintain persistence on compromised networks and evade detection
-
Mar 12, 2025
Jaguar Land Rover Data Breach Exposes Sensitive Internal Documents and Employee Information
In March 2025, "Jaguar Land Rover," a global automotive leader with a reported revenue of $29.9 billion, suffered a significant data breach. The leak involved around 700 internal documents, including confidential files, development logs, tracking data, source codes, and a compromised employee dataset. This dataset exposed sensitive information such as usernames, email addresses, display names, and time zones. The breach was posted on the dark net forum "BreachForums" by the threat actor known as "Rey."
-
Mar 12, 2025
Threat Actor Publishes a Dataset of 150K Israeli Emails and Passwords
On March 12th, 2025, in an underground chat group dedicated to the circulation of stolen data, a threat actor published 2 datasets of Israeli citizens, one dataset contains 150 thousand email addresses (ending with the TLD .il) and passwords, the other seems to contain credit card information.
-
Mar 12, 2025
-
Mar 11, 2025
ILleak Group Leaks Vaccination Data of 500,000 Israelis
The "ILleak" threat actor group has released sensitive vaccination data of approximately 500,000 Israelis, offering the information for sale for one million dollars. The data includes personal details such as names, identification numbers, birthdates, and vaccine information. The group also made a sample of 500 records available for free.
-
Mar 11, 2025
-
Mar 11, 2025
Threat Actor Claims To Have Breached The Israeli Air Force
On March 9, 2025, a threat actor named "sk_ekf" claimed to have obtained an Israeli Airforce database containing 61,000 active records, with data valid until January 9, 2025. The database includes sensitive information such as pilot IDs, license IDs, last update dates, Hebrew and English names, and other military-related data, though the full contents were not revealed. The data is available in XLSX/CSV format and is offered to serious buyers only.
-
Mar 10, 2025
-
Mar 10, 2025
Cyber Islamic Resistance Claims To Have Defaced 14 Israeli Sites
On March 10th, the hacktivist group Cyber Islamic Resistance claimed to have gained access to a web hosting server and to have defaced 14 Israeli websites, Specifically targeting companies in the Retail, Business Services, and Telecommunications Sectors
-
Mar 10, 2025
Cyber Fattah Team Defaces Israeli Websites with Pro-Palestinian Messages
The threat actor group 'Cyber Fattah Team' has launched defacement attacks against multiple Israeli company websites. As a result, the affected websites' homepages have been altered to display pro-Palestinian propaganda attributed to the group.
-
Mar 10, 2025
Encrypthub - New Financially Motivated Threat Actor Group is Active in a New Campaign
The financially motivated threat actor known as Encrypthub has been orchestrating sophisticated phishing campaigns aimed at deploying information stealers and ransomware. Active since June 2024, Encrypthub employs various tactics including SMS and voice phishing to trick victims into installing malicious software disguised as legitimate applications. The group has been linked to other ransomware entities and utilizes third-party pay-per-install services to distribute malware at scale. Their operations include the development of a command-and-control panel named Encryptrat to manage infections and stolen data, highlighting the need for organizations to adopt robust security measures against such evolving threats.
-
Mar 09, 2025
Threat Actor "Rey" Leaks Data Allegedly Belonging to Renault Group
In March 2025, the Ransomware Group Hellcat claimed to have gained access to a database containing Renault Group's data, after exfiltrating AWS Keys from Renault's vendor - OneDealer. According to the threat actor speaking for the group, "Rey", over 17 GB of data belonging to Renault's customers was taken, including 144,000 files containing invoices, contracts, and other critical business information.
-
Mar 09, 2025
EDF DPIH - Breach - 2025-02-28
A threat actor named "Arkeliaad" leaked a database belonging to France's electricity producer, DPIH (a division of EDF-France’s national electricity provider), on BreachForums. According to the threat actor, the database contains nuclear power plant maintenance records, planned tasks, inspections and site visit logs, internal intervention and engineering reports, identities and access credentials of authorized personnel, as well as plans for the future. It also allegedly contains all the identifiers of the agents.
-
Mar 09, 2025
Threat Actor "zeggo" Leaks Data from Israel's National Insurance Institute on BreachForums
A threat actor known as "zeggo" has claimed responsibility for leaking data from the "National Insurance Institute of Israel" (Bituach Leumi). The exposed dataset, published on the dark web forum "BreachForums," consists of two separate files containing 41,749 records with personal and contact information. The leaked data, stored in JSON format, allegedly includes emails, names, gender, phone numbers, addresses, types of treatment, and supplier details.
-
Mar 09, 2025
Massive Malvertising Campaign Targets Over One Million Devices Globally
Microsoft has disclosed a large-scale malvertising campaign, tracked under the name Storm-0408, which has impacted over one million devices worldwide. The campaign, originating from illegal streaming websites, employs a complex redirection chain to deliver remote access and information-stealing malware via platforms like GitHub, Discord, and Dropbox. The attack involves multiple stages, including system reconnaissance and data exfiltration, utilizing various scripts and tools to evade detection and steal sensitive information. The indiscriminate nature of the attack affects both consumer and enterprise devices across various industries.
-
Mar 06, 2025
Suspected Attack by Iranian Threat Actors on Bikurofe
Earlier this week, Bikurofe, an Israeli health clinic chain, suffered a cybersecurity incident propagated by threat actors, believed to be of Iranian origin. The National Cyber Directorate and the clinic’s cybersecurity team are investigating the event, examining whether any data leakage occurred and its nature. So far, no indication of sensitive or significant data being leaked has been found.
-
Mar 06, 2025
'Cyber Toufan' Claims Data Breach of Israeli Construction Firm 'Edri LTD'
The threat actor group 'Cyber Toufan' has claimed responsibility for breaching the Israeli construction company 'Edri LTD.' According to the group, the stolen data includes sensitive files related to the company's projects, suppliers, clients, and credentials. They have also shared screenshots of documents and Excel tables as proof of the breach.
-
Mar 06, 2025
Dark Caracal's New Campaign: Poco RAT Targets Latin America
The threat actor known as Dark Caracal has been linked to a new malware campaign deploying a remote access trojan called Poco RAT, primarily targeting Spanish-speaking countries in Latin America. According to a report by Positive Technologies, Poco RAT is equipped with extensive espionage capabilities, allowing it to upload files, capture screenshots, and execute commands on compromised systems. The campaign employs phishing emails with finance-themed lures to initiate infections, utilizing decoy documents that redirect victims to download malicious payloads from legitimate file-sharing services. The attacks are focused on enterprises in Venezuela, Chile, the Dominican Republic, Colombia, and Ecuador, continuing Dark Caracal's longstanding history of cyber espionage against Spanish-speaking targets.
-
Mar 05, 2025
-
Mar 05, 2025
Mass Exploitation Campaign Targets ISPs in China and the US
A mass exploitation campaign has been identified targeting internet service providers (ISPs) in China and the West Coast of the United States, deploying information stealers and cryptocurrency miners on compromised systems. The threat actors, who remain unidentified, have been observed using minimal intrusive operations to avoid detection while leveraging brute-force attacks on weak credentials. The campaign involves the use of scripting languages like Python and PowerShell for command-and-control operations, and the malware is capable of stealing sensitive information, including cryptocurrency wallet addresses, and exfiltrating it via Telegram. Over 4,000 IP addresses belonging to ISPs were specifically targeted, with the attackers employing tools to disable security features and conduct network scanning before executing their payloads.
-
Mar 05, 2025
New Phishing Campaign Targets UAE Aviation Sector
A new phishing campaign has been identified as targeting fewer than five organizations in the United Arab Emirates, specifically within the aviation and satellite communications sectors. This campaign utilized a compromised email account from an Indian electronics company, Indic Electronics, to deliver a previously undocumented Golang backdoor named Sosano. The attack employed sophisticated techniques, including the use of polyglot files and a malicious zip archive, to execute the backdoor and establish a command-and-control connection. Analysts suggest the campaign may be linked to an Iranian-aligned adversary, named "unk_craftycamel" by ProofPoint.
-
Mar 04, 2025
Legalitas - Breach- 2025-03-03
A threat actor known as DNI claims to be selling data allegedly exfiltrated from legalitas.com, a Spanish legal services company. The breach reportedly affects 125 clients and includes sensitive personal and financial information. The leaked dataset allegedly contains front and back copies of DNI (Spanish national ID), bank account details, including IBAN, full names, and DNI numbers.
-
Mar 04, 2025
POLSA- Breach - 2025-03-02
The Polish Space Agency (POLSA) is currently dealing with a "cybersecurity incident," it confirmed via its X account on Sunday. POLSA didn't reveal much in the way of details about what's going on, other than that the agency "immediately disconnected" its own network after discovering an intrusion into its systems. The social media post suggests this measure was taken to safeguard the security of its data.
-
Mar 03, 2025
Threat Actor Rey Claims Breach of Zurich Insurance
On March 2nd, 2025, a threat actor named Rey published data reportedly belonging to Zurich Insurance Group. The threat actor claimed to have gained access to their database in February 2025. In addition, the threat actor contended that over 1,400 highly sensitive internal files belonging to Zurich Insurance Group's customers were taken, including financial reports, contracts, internal emails, and sensitive documents.
-
Mar 03, 2025
Vo1d Botnet: A Malware Campaign Targeting Android TV Devices
The Vo1d botnet has emerged as a significant threat, infecting Android TV devices across Brazil, South Africa, Indonesia, Argentina, and Thailand. As of early 2025, the botnet has reached a peak of over 1.5 million active IP addresses and has shown a dramatic increase in infections in India. The malware, first documented in September 2024, utilizes advanced encryption and stealth techniques to evade detection and control, potentially allowing attackers to exploit infected devices for various criminal activities, including advertisement click fraud and DDoS attacks. The campaign's scale and sophistication suggest a rental model where the botnet's infrastructure is leased to other criminal actors, further complicating mitigation efforts.
-
Mar 03, 2025
Polaredge: A New Botnet Targeting Edge Devices
A new malware campaign named Polaredge has been identified, targeting edge devices from Cisco, Asus, QNAP, and Synology to form a botnet since late 2023. French cybersecurity firm Sekoia reported that the attackers are exploiting a critical vulnerability (CVE-2023-20118) in Cisco routers, which remains unpatched due to the devices reaching end-of-life status. The malware, delivered via a TLS backdoor, allows attackers to execute commands and establish persistence on compromised devices. The campaign has reportedly affected over 2,000 unique IP addresses globally, with significant infections in the United States, Taiwan, Russia, India, Brazil, Australia, and Argentina. The ultimate purpose of the botnet remains unclear, but it poses a substantial cyber threat due to its sophisticated operation and ability to target various systems.
-
Mar 03, 2025
-
Mar 02, 2025
+25k Data from Colombian Judicial Processes Leaked on BreachForums
A recent leak posted on "BreachForums" by a threat actor known as "eduardxMontana" offers over 25,000 pieces of data from Colombian judicial processes, including sensitive information on convicted individuals, their attorneys, judges, and case details. The data includes personal information such as names, IDs, family details, crimes committed (including offenses like aggravated theft and firearms trafficking), and case numbers. The leak also features a sample with personal information such as addresses and dates of birth.
-
Mar 02, 2025
Google Cloud Partner Admin Panel Access for Sale on BreachForums
A threat actor known as "RedBlock" is offering exclusive access to the admin panel of a prominent "Google Cloud" Partner, available for sale on the dark net forum "BreachForums." The access includes features for managing cloud email solutions, SaaS products, and cloud security, along with 10,000 customer records detailing company information, user management, and invoicing. The panel allows modifications such as editing customer data, payment status, and user roles.
-
Mar 02, 2025
Database of Israeli Company 'Waterstream' Listed for Sale on BreachForums
A database of the Israeli company 'Waterstream,' a solution provider for the water industry, has been offered for sale on BreachForums by a threat actor known as 'Xploit3R'. The threat actor provided samples from the allegedly obtained data.
-
Mar 02, 2025
New Linux Malware 'Auto-Color' Targets Universities and Government Organizations
A new Linux malware named 'Auto-Color' has been discovered targeting universities and government organizations in North America and Asia between November and December 2024. This malware allows threat actors full remote access to compromised machines, making it difficult to remove without specialized software. It employs various evasion techniques, including using innocuous file names and concealing command-and-control connections. Once installed with root privileges, it modifies system files to ensure persistence and can execute a range of malicious activities, including creating reverse shells and gathering system information.
-
Mar 02, 2025
Sticky Warewolf Targets Companies in Russia and Belarus
The threat actor known as Sticky Werewolf has been linked to targeted cyber attacks primarily in Russia and Belarus, aiming to deliver the Lumma Stealer malware through a previously undocumented implant. Cybersecurity firm Kaspersky tracks these activities under the name Angry Likho, which shows similarities to other groups but focuses on large organizations and government contractors. The attackers utilize phishing emails with booby-trapped attachments to initiate a multi-stage infection process, employing sophisticated evasion techniques to avoid detection. The Lumma Stealer collects sensitive data from compromised devices, including banking details and credentials, using readily available malicious tools from darknet forums.
-
Feb 27, 2025
'Cyber Toufan' Claims Breach of the Israeli Company 'DataCar'
The threat actor group 'Cyber Toufan' has claimed responsibility for breaching the Israeli insurance software company 'DataCar.' They have released samples of allegedly obtained data, which include sensitive files containing information about employees, clients, and company processes. The group has also announced that more files will be released soon.
-
Feb 27, 2025
New Cyber Espionage Campaign Targets Belarusian and Ukrainian Entities
A new cyber espionage campaign has been identified, targeting opposition activists in Belarus and Ukrainian military and government organizations. This operation, linked to the Belarus-aligned threat actor known as Ghostwriter, employs malware-laden Microsoft Excel documents to deliver a variant of the Picassoloader malware. The campaign, which has been active since late 2024, utilizes a Google Drive shared document to initiate attacks, leading to the execution of obfuscated macros that download additional malicious payloads.
-
Feb 27, 2025
-
Feb 27, 2025
360XSS - XSS Vulnerability Exploited in Virtual Tour Framework
A recently discovered cross-site scripting (XSS) vulnerability in the krpano virtual tour framework has been exploited by malicious actors in a campaign named '360xss', affecting over 350 websites, including government portals, universities, and Fortune 500 companies. The attackers leveraged this vulnerability to inject malicious scripts that manipulate search results and promote spam ads, including pornography and fake news. Despite a previous update aimed at mitigating such risks, the configuration of certain parameters allowed the XSS flaw to be weaponized again.
-
Feb 26, 2025
Orange Romania Data Breach: 600k Customer Records Exposed
In February 2025, "Orange" Romania suffered a significant data breach after refusing to pay a ransom demanded by a threat actor known as "Rey." The leaked data, made available on the dark net forum "BreachForums," includes over 600,000 customer records, such as 380,000 unique email addresses, along with sensitive internal documents, source codes, invoices, contracts, project files, user data, employee information, and credit card details. The breach also revealed classified files outlining future company projects. The exposed data is primarily from "Orange" Romania but includes records from various global divisions.
-
Feb 26, 2025
Alleged Breach of CrowdStrike Employee Data by Rey and Grep
On February 25, 2025, a significant data breach occurred involving "CrowdStrike," a cybersecurity company. The breach was claimed by threat actors known as "Rey" and "grep," who posted a dataset containing sensitive information on over 9,000 "CrowdStrike" employees, including full names, email addresses, phone numbers, job titles, and geographic locations. This data was released on a dark net forum "BreachForums," and included information from various countries, such as the United States, India, Germany, and the United Arab Emirates.
-
Feb 26, 2025
Targeted Phishing Attacks Deliver FatalRAT Malware in APAC
A recent report from Kaspersky ICS CERT reveals that various industrial organizations in the Asia-Pacific (APAC) region have been targeted by sophisticated phishing attacks designed to deliver the FatalRAT malware. The attackers utilized legitimate Chinese cloud services to orchestrate these attacks, which primarily focused on government agencies and sectors such as manufacturing, IT, and healthcare across countries including Taiwan, Malaysia, China, Japan, Thailand, South Korea, Singapore, the Philippines, Vietnam, and Hong Kong. The phishing emails contained Chinese-language filenames and employed a multi-stage payload delivery framework to evade detection, indicating a potential link to a Chinese-speaking threat actor.
-
Feb 26, 2025
GitVenom Campaign Targets Gamers and Crypto Investors
Cybersecurity researchers have identified an ongoing campaign named GitVenom that targets gamers and cryptocurrency investors through fake open-source projects hosted on GitHub. The campaign, which has been active for at least two years, involves hundreds of repositories containing malicious tools disguised as legitimate software, such as Instagram automation tools and Telegram bots for managing Bitcoin wallets. These projects steal personal and banking data, hijack cryptocurrency wallet addresses, and have reportedly facilitated the theft of 5 bitcoins worth approximately $456,600. The malicious payloads include information stealers and remote administration tools
-
Feb 25, 2025
-
Feb 25, 2025
Threat Actor Sells Access to Manufacturing Company with $80.6 Billion Revenue
A threat actor known as "x888" is selling unauthorized access to a manufacturing company with $80.6 billion in revenue on the dark net forum "forum.exploit.in". The access, which provides user rights via a bot, is being sold for $5000. The company, based in the USA/JP, employs 125,111 people.
