Security News

PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure. The company operates at a global level with a staff of more than 2,000 and specializes in software solutions for major energy suppliers.

In the wake of yesterday's surprise law enforcement takeover of LockBit's leak site, the UK National Crime Agency and Europol have shared more information about the extent of the takedown. "Today, after infiltrating the group's network, the NCA has taken control of the infrastructure that allows the Lockbit service to operate, compromising their entire criminal enterprise and damaging their credibility," the Agency said.

Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's...

The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. Warzone RAT is commodity malware created in 2018 that offers numerous features to aid cybercrime, including UAC bypass, hidden remote desktop, cookie and password stealing, keylogging, webcam recording, file operations, reverse proxy, remote shell, and process management.

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. The domains – www.warzone[.]ws and...

The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five...

The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies. Volt Typhoon hackers are known for extensively using living off the land techniques as part of their attacks on critical infrastructure organizations.

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical...

69% of identity-based incidents involved malicious logins from suspicious infrastructure, which are hosting providers or proxies that aren't expected for a user or organization, according to Expel. Identity-based incidents accounted for 64% of all incidents investigated by the Expel SOC, a volume increase of 144% from 2022 to 2023.

The FBI has disrupted the KV botnet, used by People's Republic of China state-sponsored hackers to target US-based critical infrastructure organizations. A botnet for probing critical infrastructure organizations.