Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Google, Apple Warn o ...

 Cyber News

Google and Apple have released new global cyber threat notifications, alerting users across dozens of countries to potential targeting by state-linked hackers. The latest warnings reflect growing concerns about government-backed surveillance operations and the expanding commercial spyware marketplace.  Both companies   show more ...

confirmed that the alerts were sent this week as part of their ongoing efforts to protect users from digital espionage. The warnings are tied to commercial surveillance firms, including Intellexa, which has been repeatedly linked to high-end spyware deployments around the globe.  Apple Sends Warning Across More than 80 Countries  Apple stated that its newest set of threat notifications was dispatched on December 2, though the company declined to identify the number of affected users or the specific actors involved. These warnings are triggered when technical evidence indicates that individuals are being deliberately targeted by advanced hacking techniques believed to be connected to state agencies or their contractors.  While Apple did not specify locations for this week’s alerts, it confirmed that, since the initiative began, users in more than 150 countries have received similar warnings. This aligns with the company’s broader strategy of alerting customers when activity consistent with state-directed surveillance operations is detected.  Google Reports Intellexa Spyware Targeting Several Hundred Accounts  Google also announced that it had notified “several hundred accounts” identified as being targeted by spyware developed by Intellexa, a surveillance vendor sanctioned by the United States. According to Google’s threat intelligence team, the attempted compromises spanned a wide geographic range. Users in Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan were among those affected.  Also read: Sanctioned Spyware Vendor Used iOS Zero-Day Exploit Chain Against Egyptian Targets The tech giant stated that Intellexa has continued to operate and adapt its tools despite U.S. sanctions. Executives associated with the company did not respond to inquiries about the allegations. Google also noted that this round of alerts covered people in more than 80 countries, stressing the nature of the attempted intrusions by state-linked hackers. Rising Scrutiny of Commercial Spyware  The latest notifications from Google and Apple are part of a bigger concern surrounding the global spyware industry. Both companies have repeatedly warned that commercial surveillance tools, particularly those sold to government clients, are becoming increasingly common in targeting journalists, activists, political figures, and other high-risk individuals.  Previous disclosures from Apple and Google have already prompted official scrutiny. The European Union has launched investigations in past cases, especially after reports that senior EU officials were targeted with similar spyware technologies. These inquiries often expand into broader examinations of cross-border surveillance practices and the companies that supply such tools.  Also read: Leaked Files Expose Intellexa’s Remote Access to Customer Systems and Live Surveillance Ops Tech Firms Decline to Name Specific Attackers  Despite the breadth of the new alerts, neither Google nor Apple offered details about the identities of the actors behind the latest attempts. Apple also declined to describe the nature of the malicious activity detected. Both companies stress that withholding technical specifics is common when dealing with state-linked hackers, as revealing investigative methods could interfere with ongoing monitoring operations.  Although the exact attackers remain unnamed, the alerts demonstrate a global distribution of spyware activity. Google’s identification of affected users across multiple continents, along with Apple’s acknowledgment of notifications issued in over 150 countries over time, shows that the threat posed by government-aligned surveillance groups continues to expand. 

image for Ransomware Payments ...

 Cyber News

U.S. companies made more than $2 billion in ransomware payments between 2022 and 2024, nearly equaling the total ransoms paid in the previous nine years, according to a new report from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). The report, which looked at threat pattern and trend information   show more ...

identified in Bank Secrecy Act (BSA) filings, said that between Jan. 1, 2022 and Dec. 31, 2024, FinCEN received 7,395 BSA reports related to 4,194 ransomware incidents and totaling more than $2.1 billion in ransomware payments. In the previous nine years, from 2013 to 2021, FinCEN received 3,075 BSA reports totaling approximately $2.4 billion in ransomware payments, the report said. FinCEN notes that because its data is based on BSA filings, it is by nature incomplete, and indeed, the 4,194 ransomware incidents recorded by FinCEN between 2022 and 2024 is less than 40% of the nearly 11,000 ransomware attacks recorded in Cyble’s threat intelligence data over the same period. ALPHV/BlackCat and LockBit Enforcement Actions Lowered Ransomware Payments Ransomware incidents and payments reported to FinCEN reached an all-time high in 2023 of 1,512 incidents totaling approximately $1.1 billion in payments, an increase of 77 percent in payments from 2022. In 2024, incidents decreased slightly to 1,476 while total payments dropped to approximately $734 million. FinCEN attributed the decline in ransomware payments in 2024 to law enforcement disruption of the ALPHV/BlackCat and LockBit ransomware groups. However, LockBit is in the midst of its most significant comeback since the law enforcement actions disrupted the group, with 21 new victims claimed so far this month. Of the 267 ransomware variants identified during the reporting period, the most common variants were Akira, ALPHV/BlackCat, LockBit, Phobos, and Black Basta. However, Qilin has emerged as the top ransomware group in 2025 by a wide margin, so FinCEN’s 2025 BSA data will almost certainly change. Despite the decline in payments, the value of reported ransomware payments in 2024 was still the third-highest yearly total since the reports began in 2013. The median ransomware payment was $124,097 in 2022, $175,000 in 2023, and $155,257 in 2024. Between January 2022 and December 2024, the most common payment range was below $250,000. Financial Services, Manufacturing and Healthcare Most Targeted Sectors Measuring both the number of ransomware incidents and the amount of aggregate payments, the financial services, manufacturing and healthcare industries were the most affected during the report period. Between January 2022 and December 2024, the most commonly targeted industries by number of incidents identified in ransomware-related BSA reports were manufacturing (456 incidents), financial services (432 incidents), healthcare (389 incidents), retail (337 incidents), and legal services (334 incidents). Industries that paid the most in ransoms during the three-year period were financial services (approximately $365.6 million), healthcare (about $305.4 million), manufacturing (approximately $284.6 million), science and technology (about $186.7 million), and retail ($181.3 million). The Onion router (TOR) was the most common communication method used by ransomware groups. About 42 percent of BSA reports indicated the method that ransomware threat actors used to communicate with their targets. Among those reports, 67 percent indicated that ransomware actors used TOR, while 28 percent indicated that ransomware actors used email to communicate with their victims. Bitcoin (BTC) was the most common ransomware-related payment method, accounting for 97 percent of reported payments. Monero (XMR) was cited in two percent of BSA reports involving ransomware. FinCEN also identified several common money laundering typologies used by ransomware groups. Threat actors overwhelmingly collected payments in unhosted convertible virtual currency (CVC) wallets and “continued to exploit CVC exchanges for money laundering purposes after receiving payment,” the report said. Ransomware groups also used “several common preferred malicious cyber facilitators, such as shared initial access vendors,” FinCEN said.

image for AI Browsers ‘Too R ...

 Cyber News

AI browsers may be innovative, but they’re “too risky for general adoption by most organizations,” Gartner warned in a recent advisory to clients. The 13-page document, by Gartner analysts Dennis Xu, Evgeny Mirolyubov and John Watts, cautions that AI browsers’ ability to autonomously navigate the web and   show more ...

conduct transactions “can bypass traditional controls and create new risks like sensitive data leakage, erroneous agentic transactions, and abuse of credentials.” Default AI browser settings that prioritize user experience could also jeopardize security, they said. “Sensitive user data — such as active web content, browsing history, and open tabs — is often sent to the cloud-based AI back end, increasing the risk of data exposure unless security and privacy settings are deliberately hardened and centrally managed,” the analysts said. “Gartner strongly recommends that organizations block all AI browsers for the foreseeable future because of the cybersecurity risks identified in this research, and other potential risks that are yet to be discovered, given this is a very nascent technology,” they cautioned. AI Browsers’ Agentic Capabilities Could Introduce Security Risks: Analysts The researchers largely ignored risks posed by AI browsers’ built-in AI sidebars, noting that LLM-powered search and summarization functions “will always be susceptible to indirect prompt injection attacks, given that current LLMs are inherently vulnerable to such attacks. Therefore, the cybersecurity risks associated with an AI browser’s built-in AI sidebar are not the primary focus of this research.” Still, they noted that use of AI sidebars could result in sensitive data leakage. Their focus was more on the risks posed by AI browsers’ agentic and autonomous transaction capabilities, which could introduce new security risks, such as “indirect prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and further loss and abuse of credentials if the AI browser is deceived into autonomously navigating to a phishing website.” AI browsers could also leak sensitive data that users are currently viewing to their cloud-based service back end, they noted. Analysts Focus on Perplexity Comet An AI browser’s agentic transaction capability “is a new capability that differentiates AI browsers from third-party conversational AI sidebars and basic script-based browser automation,” the analysts said. Not all AI browsers support agentic transactions, they said, but two prominent ones that do are Perplexity Comet and OpenAI’s ChatGPT Atlas. The analysts said they’ve performed “a limited number of tests using Perplexity Comet,” so that AI browser was their primary focus, but they noted that “ChatGPT Atlas and other AI browsers work in a similar fashion, and the cybersecurity considerations are also similar.” Comet’s documentation states that the browser “may process some local data using Perplexity’s servers to fulfill your queries. This means Comet reads context on the requested page (such as text and email) in order to accomplish the task requested.” “This means sensitive data the user is viewing on Comet might be sent to Perplexity’s cloud-based AI service, creating a sensitive data leakage risk,” the analysts said. Users likely would view more sensitive data in a browser than they would typically enter in a GenAI prompt, they said. Even if an AI browser is approved, users must be educated that “anything they are viewing could potentially be sent to the AI service back end to ensure they do not have highly sensitive data active on the browser tab while using the AI browser’s sidebar to summarize or perform other autonomous actions,” the Gartner analysts said. Employees might also be tempted to use AI browsers to automate tasks, which could result in “erroneous agentic transactions against internal resources as a result of the LLM’s inaccurate reasoning or output content.” AI Browser Recommendations Gartner said employees should be blocked from accessing, downloading and installing AI browsers through network and endpoint security controls. “Organizations with low risk tolerance must block AI browser installations, while those with higher-risk tolerance can experiment with tightly controlled, low-risk automation use cases, ensuring robust guardrails and minimal sensitive data exposure,” they said. For pilot use cases, they recommended disabling Comet’s “AI data retention” setting so that Perplexity can’t use employee searches to improve their AI models. Users should also be instructed to periodically perform the “delete all memories” function in Comet to minimize the risk of sensitive data leakage.  

image for Barts Health Confirm ...

 Cyber News

Barts Health NHS Trust has confirmed that the data breach at Barts Health was carried out by the Russian-speaking Cl0p ransomware group, which exploited a vulnerability in Oracle E-Business Suite. The Barts Health data breach involved the theft of files from one of the trust’s invoice databases, exposing information   show more ...

linked to payments for treatment and other services, some dating back several years.  In its official notification, the trust stated, “As a result of a recent incident involving data from our trust, we are informing those potentially affected that there is a risk some personal data is compromised.”  The trust confirmed that the criminal group stole files containing names and addresses of individuals required to pay for treatment or services at a Barts Health hospital. These files were later posted on the dark web. Barts Health emphasized that it is pursuing legal remedies, noting, “We are taking urgent action and seeking a High Court order to ban the publication, use or sharing of this data by anyone.”  Details of the Barts Health Data Breach and Exposed Information  The cyberattack on Barts Health occurred after Cl0p exploited a flaw in Oracle E-Business Suite, a widely used system for automating business processes. Oracle has since corrected the vulnerability, which has affected multiple organizations globally.  The trust has reported the Barts Health data breach to NHS England, the National Cyber Security Centre, the Metropolitan Police, and the Information Commissioner’s Office. Despite the intrusion, Barts Health stressed that core healthcare systems remain secure: “Please note our electronic patient record and clinical systems are not affected, and we are confident our core IT infrastructure is secure.”  Paying patients are encouraged to review their treatment invoices to understand which details may have been exposed. Some former employees also appear in the files due to outstanding salary sacrifice amounts or overpayments. Nearly half of the compromised records relate to suppliers whose information is already publicly accessible.  The affected database also contains accounting files that Barts Health has managed since April 2024 for Barking, Havering, and Redbridge University Hospitals NHS Trust. Both trusts are coordinating efforts to limit the impact.  Timeline of the Breach and Potential Risks to Individuals  Although the theft occurred in August, Barts Health did not receive any indication that data had been compromised until November, when the files were uploaded to the dark web. None of the information has emerged on the open internet, restricting exposure to individuals with access to encrypted and compressed files on the dark web.  The trust warned that the stolen files cannot grant direct access to personal accounts but may help criminals craft scams to trick victims into sharing sensitive information or making payments. Individuals with concerns are advised to contact the trust’s data protection officer or consult national guidance such as “Stop! Think Fraud – How to stay safe from scams.”  Barts Health apologized for the incident, stating, “We are very sorry that this has happened and are taking steps with our suppliers to ensure that it could not happen again.”  The Cl0p ransomware group is a well-known cybercriminal syndicate recognized for its multilayer extortion operations, including encryption-less ransomware tactics. Responsible for extorting more than $500 million in ransom payments worldwide, Cl0p became prominent in 2019 through extensive phishing campaigns and malware. The group frequently exploits zero-day vulnerabilities, enabling high-impact attacks and ransom demands. 

 Government

The ban on Roblox has drawn a sharp backlash from the platform’s roughly 18 million monthly Russian users — mostly children and teenagers — who have launched social-media campaigns and video petitions urging officials to restore access.

 Feed

The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs. "This malware enables remote control of compromised systems by allowing

 Feed

A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August 5, 2025. The plugin has more than 1,700 active

 Feed

It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks — all within days. If you blink, you’ll miss how fast the threat map is changing. New flaws are being found, published, and exploited in hours instead of weeks. AI-powered tools meant to help developers

 Feed

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak shopping events, especially the weeks around Black Friday and Christmas.  Why holiday peaks

 Feed

Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild. The findings come from Intel 471, CYFIRMA, and Zimperium, respectively. FvncBot, which masquerades as a security app developed by mBank, targets mobile banking users in Poland. What's notable about the malware

 Feed

Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT. The attack chain, analyzed by Securonix, involves three main moving parts: An obfuscated JavaScript loader injected into a website, an HTML Application (HTA) that runs encrypted

2025-12
Aggregator history
Monday, December 08
MON
TUE
WED
THU
FRI
SAT
SUN
DecemberJanuaryFebruary