The Black Basta ransomware operation created an automated brute-forcing framework dubbed ‘BRUTED’ to breach edge networking devices like firewalls and VPNs.
The framework has enabled BlackBasta to streamline initial network access and scale ransomware attacks on vulnerable internet-exposed endpoints.
The discovery of BRUTED comes from EclecticIQ researcher Arda Büyükkaya following an in-depth examination of the ransomware gang’s leaked internal chat logs.
Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials.
The campaigns were discovered by Proofpoint researchers, who characterized them as “highly targeted” in a thread on X.
The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign.
US pair set to return home on Wednesday after Boeing Starliner problems meant eight-day mission lasted nine months.
A new ransomware operator named ‘Mora_001’ is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack.
The two vulnerabilities, both authentication bypasses, are CVE-2024–55591 and CVE-2025–24472, which Fortinet disclosed in January and February, respectively.
When Fortinet first disclosed CVE-2024–55591 on January 14, they confirmed it had been exploited as a zero-day, with Arctic Wolf stating it had been used in attacks since November 2024 to breach FortiGate firewalls.
GreyNoise reports 400+ IPs exploiting multiple SSRF vulnerabilities, targeting cloud services and global networks. Patch now.
So far, 20 pipo don share ova $4m in rewards afta dem find $40m of di stolen money and call di crypto companies make dem block di transfer.
But sabi pipo no dey optimistic again say dem go fit recover di rest of di money becos of di North Korean knowledge for hacking and laundering of di money.
Dr Dorit Dor from cyber security company Check Point tok say, “North Korea na veri closed system and closed economy so dem don create successful industry of hacking and laundering and dem no care about di negative impression of cyber crime”
Ballista botnet exploits TP-Link router flaw CVE-2023–1389, infecting 6,000+ devices worldwide and evolving to use TOR.
SideWinder APT expands attacks on maritime, nuclear, and IT sectors, rapidly modifying malware to evade detection.
A new AsyncRAT malware variant has infected 900 victims in MENA via Facebook ads and Telegram links.
The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare.
While X owner Elon Musk did not specifically state that DDoS attacks were behind the outages, he did confirm that it was caused by a “massive cyberattack.”
“There was (still is) a massive cyberattack against X,” Musk posted on X.