In a significant development in international cybercrime enforcement, Evgenii Ptitsyn, a Russian national and suspected administrator of the notorious Phobos ransomware operation, has been extradited from South Korea to face charges in the United States. This marks a pivotal moment in efforts to combat ransomware-as-a-service (RaaS) platforms that have wreaked havoc globally.
In a landmark decision, the Canadian government has ordered the shutdown of TikTok Technology Canada, citing national security risks. This directive comes after an in-depth, multi-step review conducted by Canada’s security and intelligence agencies, which concluded that TikTok’s Canadian operations may pose a potential risk to the country's national security.
Schneider Electric, a leading French multinational in energy and automation solutions, has confirmed that a cybersecurity incident involving unauthorized access occurred on one of its internal project tracking platforms. The breach reportedly led to the theft of sensitive data, as a hacker claimed to have stolen over 40GB of information from the company’s JIRA server, including project details, user data, and email addresses.
SingTel Breach Raises Alarms as China-Linked Hacking Group Volt Typhoon Targets Telecom and Critical Infrastructure"
In a concerning development in global cybersecurity, Bloomberg News recently reported that a China-linked hacking group, dubbed Volt Typhoon, is suspected of breaching Singapore Telecommunications (SingTel) in June. This attack appears to be part of a larger campaign targeting telecom companies and critical infrastructure operators worldwide. The breach, if confirmed, underscores an escalating trend in cyber espionage aimed at high-value sectors across the globe.
The Ollama artificial intelligence (AI) framework, popular for deploying large language models (LLMs) locally on devices like Windows, Linux, and macOS, has recently been found to contain several critical security vulnerabilities. Cybersecurity researchers at Oligo Security disclosed these flaws, which could allow malicious actors to execute various attacks, including denial-of-service (DoS), model poisoning, and model theft—all with a single HTTP request.
Windows Kernel Downgrade Attacks: Bypassing Security on Fully Patched Systems to Deploy Rootkits
A newly discovered method to downgrade Windows kernel components is allowing attackers to bypass critical security features like Driver Signature Enforcement (DSE), enabling rootkit deployments even on fully patched systems. This vulnerability, reported by SafeBreach security researcher Alon Leviev, enables attackers with administrative access to take control of Windows Update and introduce outdated, vulnerable components without changing the system’s “fully patched” status.
AWS Seizes Domains Used by Russian Threat Group APT29 in Credential-Stealing Campaign
Amazon Web Services (AWS) has disrupted a phishing operation by seizing several domains used by APT29, a Russian state-linked threat group, in a campaign aimed at stealing credentials from what AWS described as "Russian adversaries." The malicious effort by APT29—also known as Midnight Blizzard, Cozy Bear, and Nobelium—targeted government agencies, enterprises, and military organizations with phishing emails written in Ukrainian, marking a broader reach than typical APT29 operations.
Phobos Ransomware Admin Extradited: A Major Win in the Fight Against Cybercrime In a significant development in international cybercrime e...
