April 2023: Recent Cyber Attacks, Data Breaches & Ransomware Attacks

Date: 1 May 2023

Featured Image

April 2023 saw some major cyber attacks, ransomware attacks and data breaches across the globe. The lists on this page cover all the major cybersecurity incidents that made news in the month gone by. We also include updates on new malware and ransomware discovered as well as vulnerabilities, warnings, reports and analysis from the world of cybersecurity.    

  1. Ransomware Attacks in April 2023
  2. Data Breaches in April 2023
  3. Cyber-Attacks in April 2023
  4. New Ransomware/Malware Detected in April 2023
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in April 2023

New call-to-action

The UK Cyber Security Breaches Survey 2023 was released recently. A worrying trend captured by the report was that smaller businesses appear to be identifying cyber breaches less than last year. This may reflect that cybersecurity is being given a lesser priority - a dangerous tendency given the increasing number of cyber risks and threats that loom large in the current economic climate. 

In this post, we've created separate lists that capture the major ransomware attacks, cyber attacks and data breaches in April 2023. The idea is not to create panic or fear. The endeavour is simply to highlight that cybersecurity attacks are not going anywhere. If anything, they're rising in number and intensity. 

While there is no wishing them away, the only thing business owners and organisations can do is to stay proactive in identifying them and having a solid plan to deal with them. 

In this context, the UK Cyber Security Breaches Survey also pointed to the fact that while cyber resilience is much spoken of across the globe, only 21% businesses in the UK have a cyber incident response plan

A Cyber Incident Response Plan contains agreed-upon steps and processes that an organisation will take when under attack. This helps to control the compromise and mitigate damage. It is important to have a plan that specifies individual roles and responsibilities, guidance on external and internal reporting and ways to protect the most critical assets. 

Every business must accord importance to being prepared for a cyber attack. This can be achieved by reviewing or creating existing plans, policies and processes with the help of external cybersecurity experts like our Virtual Cyber Assistants

Board engagement and corporate governance is another important aspect that needs to be improved upon. Executive training, enhancing board knowledge about the threats to their business, improving overall board engagement with cybersecurity are certainly critical if the below lists are anything to go by.    

New call-to-action

Ransomware Attacks in April 2023




Threat Actor

Business Impact

Source Link

April 3, 2023

British outsourcing services provider Capita

Capita cyber attack disrupted access to its Microsoft Office 365 apps and hackers stole its data.

Black Basta Ransomware

Capita said the attack impacted limited parts of the network. It also said that the disruption only affected some services provided to individual clients, while most of its customer base didn’t experience any adverse impacts. Capita also admitted that hackers exfiltrated data from its systems as the ransomware gang threatened to sell stolen data.

Capita ransomware attack 

April 6, 2023

Open University of Cyprus

Medusa ransomware claims attack on Open University of Cyprus.

Medusa ransomware gang

The attack forced several central services and critical systems to go offline.

Open University of Cyprus ransomware attack

April 7, 2023

Taiwanese PC vendor MSI

MSI confirms security breach following ransomware attack claims.

Money Message ransomware gang

According to chats allegedly seen by Bleeping Computer between the ransomware gang and an MSI representative, the threat actors demanded a ransom payment of $4,000,000 based on a claim that they've stolen roughly 1.5TB worth of documents from MSI's network. The gang threatened to leak some of the files online if the company refused to pay the $4 million ransom.

Ransomware attack on MSI

April 10, 2023

Yum! Brands

KFC, Pizza Hut owner discloses data breach after ransomware attack  in January 2023.


The attackers stole some employees' personal information, including names, driver's licence numbers, and other ID card numbers but there was supposedly no impact on customers’ data.

KFC, Pizza Hut owner data breach incident

April 12, 2023

Fincantieri Marine Group

US Navy Contractor Fincantieri Marine Group Hit by cyber attack.


The attack affected its email server and some network operations and caused a temporary disruption to certain computer systems running on its network

US Navy contractor Fincantieri Marine Group data breach

April 13, 2023

NCR, an American software and technology consulting company

NCR suffers Aloha POS outage after BlackCat ransomware attack.

BlackCat/ALPHV gang

One of NCR's products, the Aloha POS platform used in hospitality services, has suffered an outage. The threat actors claimed to have stolen credentials for NCR's customers and stated that they would be published if a ransom was not paid.

Ransomware attack on American software company NCR

April 18, 2023


Hackers publish sensitive employee data stolen during CommScope ransomware attack.


Hackers published a trove of data stolen from U.S. network infrastructure giant CommScope, including thousands of employees’ Social Security numbers and bank account details.

CommScope ransomware attack

April 24, 2023

Kenya-based supermarket chain Naivas

Naivas confirms a ransomware attack on its data.


Nivas said that some of its data had been compromised, but the containment process is complete and its system is now secure.

Kenya-based supermarket chain Naivas ransomware attack

April 24, 2023

Fullerton India

LockBit 3.0 ransomware targets retail banking company Fullerton India. Company forced to switch to offline operations as a precaution

LockBit 3.0

The group claimed to have over 600 GB of sensitive data, including loan agreements, account statuses, bank agreements, international transfers, financial documents, and personal customer information, and also demanded a ransom of $3 million. 

Ransomware attack on Fullerton India

April 28, 2023

Hardenhuish School

Hardenhuish School in Chippenham hit by a ransomware attack


Unknown hackers gained access to IT systems and disrupted the IT network of Hardenhuish School and demanded a ransom in return for restored access.

Hardenhuish School ransomware attack

Worried by the recent rise in ransomware attacks and demands? Use these FREE resources created by our cybersecurity experts to help you prepare for ransomware attacks and mitigating the damage they can cause:

  1. Ransomware Mitigation Checklist
  2. Ransomware Response Checklist
  3. Ransomware Response Workflow Guide  

Back to Top 

New call-to-action

Data Breaches in April 2023




Threat Actor

Business Impact

Source Link

April 3, 2023

Western Digital

The California-based computer drive maker Western Digital discloses network breach; My Cloud service down.


The incident affected the company's My Cloud service. Western Digital said that based on the investigation to date, the company believes the unauthorised party obtained certain data from its systems. The company is still working to understand the nature and scope of that data.

Data breach takes Western Digital’s My Cloud Service goes down

April 8, 2023

The Kodi Foundation

Kodi discloses data breach after forum database for sale online.

A hacker named The seller, Amius, on a hacking forum)

The hackers stole the organisation's MyBB forum database containing user data and private messages and attempted to sell it online.

The Kodi Foundation data breach

April 12, 2023


Hyundai data breach exposes owner details in France and Italy.


The data breach impacted Italian and French car owners and those who booked a test drive as the victim company warned that hackers gained access to personal data like e-mail addresses, physical addresses, telephone numbers, vehicle chassis numbers.

Hyundai data breach

April 13, 2023


Darktrace says investigation found no evidence of LockBit breach.

LockBit ransomware group

As per Darktrace’s statement, there is no impact but the ransomware group claimed that it has stolen data from the company’s systems.

Darktrace data breach

April 18, 2023

Philippine Agencies NBI, PNP, BIR, and SAF

Over 1M records from NBI, PNP, and other agencies leaked in a massive data breach.


The hack incident exposed 817.54 gigabytes of both applicant and employee records under multiple state agencies, including the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF). It has put the personal information of millions of Filipinos at risk. 

Data breach attack on Philippine Agencies - NBI, PNP, BIR and SAF 

April 19, 2023

Indian Furniture rental startup RentoMojo

Furniture rental startup RentoMojo reports data breach by hackers. 1.5 lakh subscribers could  potentially be affected.


The victim firm said the attackers were able to get unauthorised access to its customer data, including in some cases personally identifiable information by exploiting the cloud misconfiguration through extremely sophisticated attacks, thus breaching one of the databases. The attackers also, apparently, started blackmailing RentoMojo customers.  

RentoMojo data breach

April 19, 2023


NationsBenefits confirms thousands had personal data stolen in Fortra breach.


Florida-based technology company NationsBenefits said that more than 7,100 state residents had their personal information stolen in the late-January ransomware attack on Fortra’s systems.

Florida-based technology company NationsBenefits data breach

April 20, 2023

American Bar Association

American Bar Association data breach hits 1.4 million members.


The hackers compromised the Bar Association's network and gained access to older credentials for 1,466,000 members.

American Bar Association data breach

April 20, 2023

Angel One

Client data breach at Angel One; stock falls 2%.


Client profile data (like name, email, mobile number) and client holding data may have been accessed. The company's stock price also dropped down by 2% apparently due to the incident.

Angel One data breach

April 21, 2023


ICICI Bank refutes data breach allegation.


Over 3.6 million ICICI Bank files comprising the bank's and its clients' information was allegedly leaked from a publicly accessible cloud storage bucket managed by DigitalOcean. The hackers allegedly stole bank statements, credit card numbers, KYCs, PAN card info., scanned passport copies, and also the resumes of current and prospective employees. But ICICI bank denies the breach saying they don’t own the URL captured by the hackers. 

ICICI Bank data breach

April 23, 2023

Yellow Pages Canada

Yellow Pages Canada confirms cyber attack as Black Basta leaks data.

Black Basta Ransomware

The ransomware group has leaked a sample of sensitive documents exposing personal information. These include but are not limited to ID documents (such as scans of passports and driver licences) exposing people's date of birth and address, tax documents—exposing Social Insurance Number (SIN), Sales and purchase agreements, 'Accounts Receivable' spreadsheet dated February, 28 2023, Budget and debt forecast dated December 2022.

Yellow Pages Canada data breach

April 24, 2023

US Consumer Financial Protection Bureau

The US Consumer Financial Protection Bureau suffers a breach affecting 256,000 consumer accounts.

A former CFPB employee

In this February data breach, the personal information of around 256,000 consumer accounts was compromised.

US Consumer Financial Protection Bureau data breach

April 24, 2023


Data security breach may have left Jewel-Osco employees' information exposed.


Thousands of Jewel-Osco employees might have had their personal information exposed in a December 2022 data breach.

Jewel-Osco data breach

April 24, 2023

Dutch tank storage company Koninklijk Vopak

Vopak Suffers Data Breach at Crude Terminal in Malaysia.


A data breach incident resulted in the unauthorised access of some data at the Vopak terminal in Malaysia. The victim company said there was no impact to Vopak’s global network.

Dutch tank storage company Vopak data breach

April 26, 2023


Cold storage giant Americold outage caused by network breach.


The attack impacted the IT network of Americold and disrupted the operations due to which the victim company halted the inbound and outbound deliveries.

Americold network breach incident

Back to Top 

New call-to-action

Cyber Attacks in April 2023




Threat Actor

Business Impact

Source Link

April 6, 2023

The UK's Criminal Records Office-ACRO

UK criminal records office confirms cyber incident behind portal issues.


The incident caused delays to the issuing of Police Certificates.

Cyber attack on the UK's Criminal Records Office

April 10, 2023

Belgian HR and payroll giant SD Worx

SD Worx shuts down UK payroll, HR services after cyber attack.


The cyber attack forced SD Worx to shut down all IT systems for its UK and Ireland services.

Belgian payroll giant SD Worx cyber attack

April 14, 2023


Rheinmetall suffers cyber attack, military business unaffected, spokesperson says.


The cyber attack impacted a division of its business dealing with industrial customers, mostly in the automotive sector.

Cyber attack on Rheinmetall 

April 24, 2023


KuCoin's Twitter account was hacked to promote a crypto scam.


The compromise allowed attackers to promote a fake giveaway scam that led to the theft of over $22.6K in cryptocurrency.

KuCoin Twitter account hack

April 24, 2023

Mossad, National Insurance Institute of Israel 

Mossad, Israeli companies targeted in major cyber attack by Sudanese hacker group.

A hacker group calling itself Anonymous Sudan

The cyber attack forced various Israeli websites, including those of Mossad and the so-called National Insurance Institute, which is responsible for the social security of Israeli settlers, to go offline.

Cyber attack on Mossad, and Israeli companies

April 24, 2023

Lowell city government 

Cyber attack disrupts Lowell city government, shuts down computers.


The attack impacted the IT network and computer systems of the municipality of the city of Lowell. The computer servers, networks, phones, and other systems throughout the City became inaccessible.

Cyber attack on Lowell city government 

April 25, 2023

Irrigation system and waste water in Israel

Irrigation systems in Israel hit with a cyber attack that temporarily disabled farm equipment.

Annual Hacktivist Campaign

The Galil Sewage Corporation was one of the targeted wastewater processors that was breached. The cyber attack, reportedly, blocked several controllers for about a day and disrupted some treatment processes.

Hacktivists’ attack on Israel’s irrigation systems

 April 26, 2023


UPSRTC ticket website hacked.  Hacker demands Bitcoins worth Rs 40 crores to restore system.


The attack disrupted the online booking system of UPSRTC with hackers demanding BTC worth Rs 40 crores to restore the systems.

UPSRTC cyber attack

April 27, 2023

Israel’s Electric Company

Major power failure in Israel after suspected cyber attack.

A hacker group calling itself Anonymous Sudan

The attack caused major power disruption in cities across Israel. The hackers apparently said that the electric attack was just for fun and there's more to come for Israel. 

Cyber attack on the electric company of Israel

Back to Top 

New call-to-action

New Ransomware/Malware Discovered in April 2023

New Ransomware


Source Link

Money Message ransomware

A new ransomware gang named 'Money Message' has appeared, targeting victims worldwide and demanding million-dollar ransoms not to leak data and release a decryptor.

New Money Message ransomware demands million dollar ransoms

New Stop/Djvu Ransomware-v0682

Stop/Djvu Ransomware (v0682); Extension: .kiop; Ransom note: _readme.txt

New version of Stop/Djvu Ransomware-v0682

A new Android trojan ‘Chameleon’ 

A new Android trojan called ‘Chameleon’ has been targeting users in Australia and Poland since the start of the year, mimicking the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank.

New Chameleon Android malware mimics bank, govt, and crypto apps

A new malware family named 'Domino' 

Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named 'Domino' in attacks on corporate networks.

Ex-Conti members and FIN7 devs team up to push new Domino malware

VoNiX Ransomware

VoNiX Ransomware; Xorist ransomware family; Extension: .VoNiX; Ransom note: HOW TO DECRYPT FILES.txt

VoNiX Ransomware a new version of Xorist ransomware family

Stop/Djvu Ransomware (v0697)

Stop/Djvu Ransomware:v0697; Extension: .foza; Ransom note: _readme.txt

A new version of Stop/Djvu Ransomware:v0697

Attack Ransomware

Attack Ransomware; MedusaLocker ransomware family; Extension: .attack7 (the number may differ); Ransom note: how_to_back_files.html

Attack Ransomware, a new version of MedusaLocker ransomware family

Stop/Djvu Ransomware (v0696)

Stop/Djvu Ransomware (v0696); Extension: .foty; Ransom note: _readme.txt

A new version of Stop/Djvu Ransomware: v0696)

DVN Ransomware

DVN Ransomware; Based on Chaos ransomware; Extension: .devinn; Ransom note: unlock_here.txt

DVN Ransomware from Chaos ransomware family

A new version of ViperSoftX malware

A new version of the ViperSoftX information-stealing malware has been discovered with a broader range of targets, including targeting the KeePass and 1Password password managers.

ViperSoftX info-stealing malware now targets password managers

Back to Top 

Vulnerabilities/Patches Discovered in April 2023




Source Link

April 3, 2023


The Cybersecurity and Infrastructure Security Agency (CISA) warned federal agencies to patch a Zimbra Collaboration (ZCS) cross-site scripting flaw exploited by Russian hackers to steal emails in attacks targeting NATO countries.

CISA warns of Zimbra bug exploited in attacks against NATO countries

April 4, 2023


HP announced in a security bulletin that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers.

HP to patch critical bug in LaserJet printers within 90 days

April 5, 2023






Multiple vulnerabilities discovered in Nexx smart devices can be exploited to control garage doors, disable home alarms, or smart plugs.

Hackers can open Nexx garage doors remotely, and there's no fix

April 7, 2023


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) increased by five its list of security issues that threat actors have used in attacks, three of them in Veritas Backup Exec exploited to deploy ransomware.

CISA orders agencies to patch Backup Exec bugs used by ransomware gang

April 7, 2023



Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.

Apple fixes two zero-days exploited to hack iPhones and Macs

April 7, 2023


Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment.

Exploit available for critical bug in VM2 JavaScript sandbox library

April 11, 2023


CVE-2023-28765, and CVE-2023-29186

SAP has released its security updates for several of its products, which includes fixes for two critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform.

SAP releases security updates for two critical-severity flaws

April 11, 2023


Microsoft has patched a zero-day flaw in the Windows Common Log File System (CLFS), actively exploited by hackers to escalate privileges and deploy Nokoyawa ransomware payloads.

Windows zero-day vulnerability exploited in ransomware attacks

April 11, 2023

CVE-2023-28252 - Zero Day.

The number of bugs in each vulnerability category is listed below:

20 Elevation of Privilege Vulnerabilities,

8 Security Feature Bypass Vulnerabilities,

45 Remote Code Execution Vulnerabilities,

10 Information Disclosure Vulnerabilities,

9 Denial of Service Vulnerabilities, and

6 Spoofing Vulnerabilities

Microsoft's April 2023 Patch Tuesday, and security updates fix one actively exploited zero-day vulnerability and a total of 97 flaws.

Microsoft April 2023 Patch Tuesday fixes 1 zero-day, 97 flaws

April 12, 2023


A Kyocera Android printing app is vulnerable to improper intent handling, allowing other malicious applications to abuse the flaw to download and potentially install malware on devices.

Kyocera Android app with 1M installs can be abused to drop malware

April 12, 2023


Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft during this month's Patch Tuesday.

Windows admins warned to patch critical MSMQ QueueJumper bug

April 14, 2023


Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year.

Google Chrome emergency update fixes first zero-day of 2023

April 19, 2023


Google has released a security update for the Chrome web browser to fix the second zero-day vulnerability found to be exploited in attacks this year.

Google patches another actively exploited Chrome zero-day

April 19, 2023

ZDI-CAN-18987 / PO-1216

ZDI-CAN-19226 / PO-1219

Print management software developer PaperCut is warning customers to update their software immediately, as hackers are actively exploiting flaws to gain access to vulnerable servers.

Hackers actively exploit critical RCE bug in PaperCut servers

April 20, 2023


VMware addressed a critical vRealize Log Insight security vulnerability that allows remote attackers to gain remote execution on vulnerable appliances.

VMware fixes vRealize bug that lets attackers run code as root

April 21, 2023

CVE-2023-28205 and CVE-2023-28206

Apple has released emergency updates to backport security patches, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs.

Apple fixes recently disclosed zero-days on older iPhones and iPads

April 21, 2023

Cloud Platform (GCP) security vulnerability 

Google has addressed a Cloud Platform (GCP) security vulnerability impacting all users and allowing attackers to backdoor their accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers.

GhostToken GCP flaw let attackers backdoor Google accounts

April 24, 2023




APC's Easy UPS Online Monitoring Software is vulnerable to unauthenticated arbitrary remote code execution, allowing hackers to take over devices and, in a worst-case scenario, disabling its functionality altogether.

APC warns of critical unauthenticated RCE flaws in UPS software

April 24, 2023

CVE-2023-27350 and CVE-2023-27351

Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers.

Exploit released for PaperCut flaw abused to hijack servers, patched now

April 25, 2023

CVE-2023-20869 and


VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched versions of the company's Workstation and Fusion software hypervisors.

VMware fixes critical zero-day exploit chain used at Pwn2Own

April 25, 2023


The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router flaw tracked as CVE-2023-1389 to incorporate devices into DDoS swarms.

TP-Link Archer WiFi router flaw exploited by Mirai malware

April 25, 2023


A new reflective Denial-of-Service (DoS) amplification vulnerability in the Service Location Protocol (SLP) allows threat actors to launch massive denial-of-service attacks with 2,200X amplification.

New SLP bug can lead to massive 2,200x DDoS amplification attacks

April 26, 2023


The open-source e-commerce platform PrestaShop has released a new version that addresses a critical-severity vulnerability allowing any back-office user to write, update, or delete SQL databases regardless of their permissions.

PrestaShop fixes bug that lets any backend user delete databases

April 26, 2023


Cisco disclosed a zero-day vulnerability in the company's Prime Collaboration Deployment (PCD) software that can be exploited for cross-site scripting attacks.

Cisco discloses XSS zero-day flaw in server management tool

 Back to Top 

cta Free incident response checklist




Source Link


Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company's multi-day network outage.

DISH slapped with multiple lawsuits after ransomware cyber attack


The U.S. Department of Justice seized six virtual currency accounts containing over $112 million in funds stolen in cryptocurrency investment schemes.

US seizes $112 million from cryptocurrency investment scammers


The police in Spain have arrested José Luis Huertas (aka "Alcaseca", "Mango", “chimichuri”), a 19-year-old regarded amongst the most dangerous hackers in the country.

Spain's most dangerous and elusive hacker now in police custody


A new dark web marketplace called STYX launched earlier this year and appears to be on its way to becoming a thriving hub for buying and selling illegal services or stolen data.

New dark web market STYX focuses on financial fraud services


Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge.

Hackers use Rilide browser extension to bypass 2FA, steal crypto


An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux backdoor that researchers named Balada Injector.

Massive Balada Injector campaign attacking WordPress sites since 2017


The Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch two security vulnerabilities actively exploited in the wild to hack iPhones, Macs, and iPads.

CISA orders govt agencies to update iPhones, Macs by May 1st


VoIP communications company 3CX confirms that a North Korean hacking group was behind last month's supply chain attack.

3CX confirms North Korean hackers behind supply chain attack


Hackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware visitors.

Hacked sites caught spreading malware via fake Chrome updates


Microsoft and Citizen Lab discovered commercial spyware made by an Israel-based company QuaDream used to compromise the iPhones of high-risk individuals using a zero-click exploit named ENDOFDAYS.

iPhones hacked via invisible calendar invites to drop QuaDream spyware


Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access to corporate networks.

Microsoft: Phishing attack targets accountants as Tax Day approaches


WhatsApp announces the introduction of several new security features, one of them dubbed "Device Verification" and designed to provide better protection against account takeover (ATO) attacks.

WhatsApp boosts defence against account takeover via malware


Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's Foreign Intelligence Service (SVR), to widespread attacks targeting NATO and European Union countries.

Russian hackers linked to widespread attacks targeting NATO and EU


Europol and Eurojust announced the arrest of five individuals believed to be part of a massive online investment fraud ring with at least 33,000 victims who lost an estimated €89 million (roughly $98 million).

Police disrupts $98M online fraud ring with 33,000 victims


A new Android malware named 'Goldoson' has infiltrated Google Play through 60 legitimate apps that collectively have 100 million downloads.

Android malware infiltrates 60 Google Play apps with 100M installs


The LockBit ransomware gang has created encryptors targeting Macs for the first time, likely becoming the first major ransomware operation to ever specifically target macOS.

LockBit ransomware encryptors found targeting Mac devices


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of a high-severity Android vulnerability believed to have been exploited by a Chinese e-commerce app Pinduoduo as a zero-day to spy on its users.

CISA warns of Android bug exploited by Chinese app to spy on users


The Chinese state-sponsored hacking group APT41 was found abusing the GC2 (Google Command and Control) red teaming tool in data theft attacks against Taiwanese media and an Italian job search company.

Hackers abuse Google Command and Control red team tool in attacks


QBot malware is now distributed in phishing campaigns utilising PDFs and Windows Script Files (WSF) to infect Windows devices.

New QBot email attacks use PDF and WSF combo to install malware


The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device.

US, UK warn of govt hackers using custom malware on Cisco routers


Microsoft has discovered that an Iranian hacking group known as 'Mint Sandstorm' is conducting cyberattacks on US critical infrastructure in what is believed to be retaliation for recent attacks on Iran's infrastructure.

Microsoft: Iranian hackers behind retaliatory cyberattacks on US orgs


The Play ransomware group has developed two custom tools in .NET, namely Grixba and VSS Copying Tool, which it uses to improve the effectiveness of its cyberattacks.

Play ransomware gang uses custom Shadow Volume Copy data-theft tool


Threat actors use a new hacking tool dubbed AuKill to disable Endpoint Detection & Response (EDR) Software on targets' systems before deploying backdoors and ransomware in Bring Your Own Vulnerable Driver (BYOVD) attacks.

Ransomware gangs abuse Process Explorer driver to kill security software


Fortra has completed its investigation into the exploitation of CVE-2023-0669, a zero-day flaw in the GoAnywhere MFT solution that the Clop ransomware gang exploited to steal data from over a hundred companies.

Fortra shares findings on GoAnywhere MFT zero-day attacks


A new Lazarus campaign considered part of "Operation DreamJob" has been discovered targeting Linux users with malware as it is an ongoing operation targeting people who work in software or DeFi platforms with fake job offers on LinkedIn or other social media and communication platforms.

Lazarus hackers now push Linux malware via fake job offers


More than 100,000 current and former customers have joined a class action lawsuit against Australian telecommunications giant Optus over a cybersecurity breach last year that compromised roughly 1.2 million customers.

Australia's Optus hit with class action over cybersecurity breach


Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors.

Attackers use abandoned WordPress plugin to backdoor websites


Websites of multiple U.S. universities are serving Fortnite and 'gift card' spam as the cyber security researchers observed Wiki and documentation pages being hosted by universities including Stanford, MIT, Berkeley, UMass Amherst, Northeastern, Caltech, among others, were compromised.

University websites using MediaWiki, TWiki hacked to serve Fortnite spam


The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace.

Google ads push BumbleBee malware used by ransomware gangs


A new enterprise-targeting malware toolkit called ‘Decoy Dog’ has been discovered after inspecting anomalous DNS traffic that is distinctive from regular internet activity.

Decoy Dog malware toolkit found after analysing 70 billion DNS queries


At least 18 persons were arrested from different parts of India in connection with the Cosmos Bank cyber fraud that was executed over a period of two days in August 2018.

11 Convicted In India's Biggest Cyberattack On Cosmos Bank


​Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities (CVE-2023–27350 / ZDI-CAN-18987 / PO-1216

CVE-2023–27351 / ZDI-CAN-19226 / PO-1219)  

Clop, LockBit ransomware gangs behind PaperCut server attacks


The Ukrainian cyber police have arrested a 36-year-old man from the city of Netishyn for selling the personal data and sensitive information of over 300 million people, citizens of Ukraine, and various European countries.

Ukrainian arrested for selling data of 300M people to Russians


A Chinese APT hacking group known as 'Evasive Panda' is linked to a mysterious attack that distributed the MsgBot malware as part of an automatic update for the Tencent QQ messaging app.

Tencent QQ users hacked in mysterious malware attack, says ESET


Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033.'

Chinese hackers use new Linux malware variants for espionage


A set of 38 Minecraft copycat games on Google Play infected devices with the Android adware 'HiddenAds' to stealthily load ads in the background to generate revenue for its operators.

Android Minecraft clones with 35M downloads infect users with adware

Back to Top 

New call-to-action

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422