Dire Wolf Ransomware Gang Targets Manufacturing and Tech
A new ransomware gang known as Dire Wolf is making waves in the cybersecurity landscape with a string of calculated and stealthy attacks targeting manufacturing and technology sectors. The group has been active since at least 2023, but their recent operations have caught the attention of security researchers due to the sophistication and patience behind their campaigns. A Quiet, Calculated
WordPress Theme Hijacked by Malware: What You Need to Know
A popular WordPress themes got hijacked by malware. A critical security flaw in one of the most widely used premium WordPress themes has put thousands of websites at risk. The Motors theme, developed by StylemixThemes and commonly used for car dealership and classified sites, has been found vulnerable to a serious exploit. Cybercriminals now actively use this exploit to hijack
McLaren Health Care Data Breach Exposes 743,000 Patients
McLaren Health Care has confirmed a major data breach that compromised the personal and medical details of 743,000 patients. The breach, which occurred in August 2023, was linked to the INC Ransomware gang, a rising threat in the cybercrime world. McLaren concluded its internal investigation in May 2025, nearly two years after the breach took place. What Data Did They
Keyloggers Found on Outlook Login Pages in New Exploit
In a striking revelation, cybersecurity researchers have discovered JavaScript-based keyloggers silently operating on Outlook Web Access (OWA) login pages of Microsoft Exchange servers. These keyloggers Found on Outlook have been actively capturing credentials from users across dozens of compromised organizations, including government entities and private-sector firms worldwide. How the Attack Works The attackers injected custom JavaScript into the OWA login
Scattered Spider Strikes With Attacks on U.S. Insurance Firms
Google’s Threat Intelligence Group has issued a stark warning: the cybercriminal group known as Scattered Spider has shifted focus once again, this time toward U.S.-based insurance companies. Infamous for their high-profile breaches in the casino and retail sectors, this adaptable and increasingly aggressive group has now taken aim at a sector rich in sensitive data and operational vulnerabilities. Who Is
Fog Ransomware Turns Legitimate Tools Against Defenders
In May 2025, incident responders at a regional bank in Southeast Asia stumbled upon a ransomware intrusion that looked nothing like the smash‑and‑grab playbooks they were used to. Instead of Cobalt Strike, MimiKatz or custom droppers, the adversary - operators of the Fog ransomware - stitched together a workbench of legitimate admin utilities and niche open‑source red‑team projects. Because every binary
Hijacked Discord Invites Spawn Multi-Stage Malware Chains
A Discord invite you embedded in a blog post, social‑media thread, or product FAQ last year may no longer point to the community you intended. Because Discord allows boosted servers to re‑claim expired or deleted vanity codes, threat actors exploit hijacked abandoned Discord invites, attaching them to their own servers, and funnelling visitors into a slick, but malicious, “verification” flow.
Rare Werewolf Targets Russian Devices for Crypto Mining
A stealthy cyber campaign called Rare Werewolf is silently siphoning computing power, and sensitive data from hundreds of devices across Russia. First observed in December 2024, this ongoing operation is targeting industrial organizations and engineering schools, with victims also reported in Belarus and Kazakhstan. Unlike the flashy ransomware attacks that dominate headlines, Rare Werewolf keeps a low profile. By blending
Hackers Exploit Salesforce Tool in New Data Extortion Campaign
A new cyberattack campaign uncovered by Google's Threat Intelligence team reveals how attackers are increasingly blurring the lines between legitimate software tools and malicious intent. In this case, hackers exploit a Salesforce tool to infiltrate corporate environments, exfiltrate data, and launch extortion attempts against affected organizations. Voice Phishing Leads to Compromise The attackers, identified by Google as UNC6040, are using
Spear Phishing Campaign Targets CFOs and Abuses Legit Tools
A sophisticated spear phishing campaign that specifically targets CFOs (Chief Financial Officers) was recently uncovered by cybersecurity firm Trellix. This ongoing operation, first detected in mid-May 2025, has already affected organizations spanning Europe, Africa, Canada, the Middle East, and South Asia. The campaign’s method? A clever blend of social engineering and abuse of legitimate remote access software. Anatomy of the
