Ransomware Group Claims Attack on Belk
DragonForce says it stole more than 150 gigabytes of data from US department store chain Belk in a May cyberattack. The post Ransomware Group Claims Attack on Belk appeared first on SecurityWeek.
North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have attracted more than 17,000 downloads, and incorporateRead More »North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats
The MITRE AADAPT framework provides documentation for identifying, investigating, and responding to weaknesses in digital asset payments. The post MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats appeared first on SecurityWeek.
Sesame Workshop Regains Control of Elmo’s Hacked X Account After Racist Posts
The account was compromised over the weekend and Elmo’s 650,000 followers were given antisemitic threats and a reference to the Jeffrey Epstein investigation. The post Sesame Workshop Regains Control of Elmo’s Hacked X Account After Racist Posts appeared first on SecurityWeek.
DOGE Denizen Marko Elez Leaked API Key for xAI
Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence toRead More »DOGE Denizen Marko Elez Leaked API Key for xAI
Preventing Zero-Click AI Threats: Insights from EchoLeak
A zero-click exploit called EchoLeak reveals how AI assistants like Microsoft 365 Copilot can be manipulated to leak sensitive data without user interaction. This entry breaks down how the attack works, why it matters, and what defenses are available to proactively mitigate this emerging AI-native threat.
Report from the Cambridge Cybercrime Conference
The Cambridge Cybercrime Conference was held on 23 June. Summaries of the presentations are here.
The Unusual Suspect: Git Repos
While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amidRead More »The Unusual Suspect: Git Repos
New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries
Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix. “Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808Read More »New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries
Nearly 250,000 Records From Tax Credit Consulting Agency Exposed
Research has uncovered an unencrypted, non-password-protected database containing 245,949 records.