Cyber Attack

The global ransomware landscape continues to shift in 2025, with SafePay rapidly emerging as one of the most active and disruptive groups. In June, SafePay claimed responsibility for attacks on 73 victim organizations, a record-breaking monthly tally that placed it at the top of Bitdefender’s Threat Debrief rankings. The surge …

Bangladesh Cyber Threat Landscape 2024, by BGD e-GOV CIRT, reveals a sharp escalation in cyber threats across Bangladesh. The year saw a surge in ransomware, phishing, hacktivism, and data breaches, affecting both public and private sectors. Critical vulnerabilities in outdated systems, increased use of the dark web for trading stolen …

Investigations into the Nx “s1ngularity” NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. According to a post-incident evaluation by Wiz researchers, the Nx compromise has resulted in the exposure of 2,180 accounts and 7,200 repositories across three distinct phases. Wiz …

Jeremiah Fowler, a cybersecurity researcher, found an unprotected server revealing 378 GB of Navy Federal Credit Union files, including operational Tableau data, but no customer details. The misconfigured server has been found with sensitive internal files from Navy Federal Credit Union (NFCU), the largest credit union for military members. He …

Attackers attempted to steal $130 million from Brazil’s real-time payment system on Friday by wielding valid credentials for an IT service provider. Unauthorized funds were transferred through a breach of the IT system of Sinqia, a Brazilian subsidiary of Evertec. Some of the funds have been recovered. Sinqia, based in …

Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. The company states that it was one of hundreds of companies affected by a supply-chain attack disclosed last week, in …

Hackers on Telegram threatened to leak Google databases unless the company fires two employees. A hacking group urged the tech giant to fire Austin Larsen and Charles Carmakal and to suspend Google Threat Intelligence Group’s investigations. The group is claimed to be a network of hackers made up of members …

Domains aimed at capitalizing on the FIFA Club World Cup 2025 in the U.S. have been discovered, signaling preparations for the upcoming 2026 World Cup. PreCrime Labs from BforeAI, a cybersecurity firm focused on proactive threat prevention, reports that many domains for the FIFA World Cup 2026 have already been registered …

A new Android malware called SikkahBot is targeting students in Bangladesh by pretending to be official apps from the Bangladesh Education Board. Cyble Research and Intelligence Labs (CRIL) found that this malware has been active since July 2024. According to CRIL, the SikkahBot malware is distributed through shortened URLs, including …