Malware News
17 December 2025 14:10
Our chat was blocked
Join our new chat and invite your friends.
t.me/MalwareForums
Читать полностью…
Malware News
02 November 2025 16:34
Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure
Background
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. We promptly reported these issues to Microsoft, and they were addressed in the Patch Tuesday updates in May, July, and August 2025.
These are the vulnerabilities:
— CVE-2025-30388, rated important and considered more likely to be exploited;
— CVE-2025-53766, classified as critical severity and may allow remote attackers to execute arbitrary code on affected systems;
— CVE-2025-47984, also rated important and can result in the unauthorized disclosure of sensitive information over the network.
Vulnerability disclosures such as these highlight the need for proactive measures to mitigate potential risks. Our purpose in publishing this blog after security fixes were implemented is to further raise awareness of these vulnerabilities and provide Windows users with defensive insights and mitigation recommendations. In the following sections, we detail the findings of our fuzzing campaign, which targeted Windows GDI using the EMF format and led to the discovery of these security vulnerabilities.
Geometry Gone Rogue – CVE-2025-30388
We found three separate crashes related to the processing of EmfPlusDrawString, EmfPlusFillRects and EmfPlusFillClosedCurve records. All three cases have a common root cause: another record sets the stage for exploitation. However, the outcome varies depending on which additional records are processed during the execution. Our current analysis focuses on the crash involving the EmfPlusDrawString record.
Multiple access violation exceptions occurred in the ScanOperation::AlphaMultiply_sRGB(), ScanOperation::Blend_sRGB_sRGB_MMX() and EpAntialiasedFiller::OutputSpan() functions within version 10.0.26100.3037 of the GdiPlus.dll module. These exceptions were triggered when the system attempted to read or write memory at the end of a 4000/0xFA0 bytes heap block, or while attempting to access reserved but unallocated memory.
This vulnerability could potentially allow a remote attacker to perform out-of-bounds read or write memory operations using a specially crafted EMF+ metafile. Figure 1 shows the decompiled source code of the ScanOperation::AlphaMultiply_sRGB() function at the time of the crash.
Figure 1. Decompiled source code of the affected ScanOperation::AlphaMultiply_sRGB() function.
In our crash sample, which serves as a proof of concept (PoC) for reproducing a vulnerability, an EmfPlusClear record is located before the EmfPlusDrawString record within the metafile. This record clears the output coordinate space and initializes it with a background color and transparency, as defined by its Color field. The field contains an EmfPlusARGB object specifying red, green, blue, and alpha components. This detail is significant because it allows an attacker to control the value written to memory during exploitation. Listing 1 shows the affected EmfPlusClear record.
EmfPlusClear clear = {
.Type = 0x4009,
.Flags = 0x0102,
.Size = 0x0000003c,
.DataSize = 0x00000030,
.Color = 0xaabbccff // Value written to memory
};
Listing 1. Sample EmfPlusClear record showing the value written to memory.
Further investigation revealed that the EmfPlusClear record handler uses the EpScanBitmap::Start() function to allocate a heap block to store 4000 bytes (0xFA0). This buffer is then populated with the specified EmfPlusARGB object, which... https://malware.news/t/drawn-to-danger-windows-graphics-vulnerabilities-lead-to-remote-code-execution-and-memory-exposure/100917https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
02 November 2025 16:34
Two years after an audit highlighted significant concerns, North Salem Central School District leaves sensitive student data at risk
From the Office of NYS Comptroller Thomas P. DiNapoli: North Salem Central School District – Audit Follow-Up (2022M-140-F) Issued Date September 26, 2025 [read complete report – pdf] | [read complete 2022 report – pdf] Purpose of Review The purpose of our review was to assess the North Salem Central School District’s (District’s) progress, as of May...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Source
Article Link: https://databreaches.net/2025/11/02/two-years-after-an-audit-highlighted-significant-concerns-north-salem-central-school-district-leaves-sensitive-student-data-at-risk/?pk_campaign=feed&pk_kwd=two-years-after-an-audit-highlighted-significant-concerns-north-salem-central-school-district-leaves-sensitive-student-data-at-risk
1 post - 1 participant
Read full topic https://malware.news/t/two-years-after-an-audit-highlighted-significant-concerns-north-salem-central-school-district-leaves-sensitive-student-data-at-risk/100915https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 20:22
Australian Signals Directorate Warns of Ongoing BADCANDY Cyberattacks on Cisco IOS XE Devices
The Australian Signals Directorate (ASD) has issued a bulletin regarding ongoing cyberattacks targeting unpatched Cisco IOS XE devices in Australia, utilizing a previously undocumented implant identified as BADCANDY. These attacks exploit CVE-2023-20198, a critical vulnerability that allows remote, unauthenticated attackers to gain elevated privileges.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
The security flaw, with a CVSS score of 10.0, has been under active exploitation globally since late 2023. This exploitation enables threat actors to establish control over vulnerable systems. The ASD’s recent alert details the deployment of BADCANDY, a Lua-based web shell, in an escalating campaign affecting hundreds of Australian devices throughout 2024 and 2025. This activity underscores the persistent threat to network infrastructure if critical patches are not applied.
CVE-2023-20198, a critical security defect, enables a remote, unauthenticated attacker to create an account with privilege level 15, thereby seizing full control of susceptible systems as reported by the ASD. This vulnerability has been widely exploited in the wild, with various threat actors, including China-linked groups such as Salt Typhoon, having leveraged it in past campaigns to compromise telecommunications providers. The broad impact potential of this flaw necessitates immediate attention from network operators.
The ASD has been tracking variations of the BADCANDY implant since October 2023, noting a fresh wave of attacks continuing into 2024 and 2025. Approximately 400 devices in Australia are estimated to have been compromised with this malware since July 2025, with a significant portion—150 devices—infected in October alone, according to the agency’s bulletin. This indicates a sustained and targeted effort by attackers against Australian infrastructure.
BADCANDY is described as a “low equity Lua-based web shell,” the ASD states. It is designed to provide persistent access. Cyber actors deploying BADCANDY have also typically applied a non-persistent patch post-compromise. This tactic is used to mask the device’s vulnerability status concerning CVE-2023-20198. While the implant itself does not survive system reboots due to its lack of a persistence mechanism, the ASD has observed threat actors re-infecting devices after BADCANDY has been removed. This capability suggests attackers are able to detect when their implant is no longer present, allowing them to regain access to unpatched and internet-exposed systems. To learn more about other critical vulnerabilities being exploited, read our article on CISA Confirms Linux Kernel Flaw Exploited in Ransomware Attacks.
System operators are advised that a device reboot, while removing the BADCANDY implant, will not undo other malicious actions undertaken by attackers during the compromise. Therefore, applying the necessary patches for CVE-2023-20198 is essential to prevent future exploitation. The ASD further emphasizes the importance of limiting public exposure of the web user interface and adhering to Cisco’s comprehensive hardening guidelines to fortify defenses against similar exploitation attempts.
Additional mitigation steps recommended by the ASD include a thorough review of running configurations for unexpected or unapproved accounts with privilege level 15. Specifically, accounts with random strings or generic names such as “cisco_tac_admin,” “cisco_support,” “cisco_sys_manager,” or “cisco” should be... https://malware.news/t/australian-signals-directorate-warns-of-ongoing-badcandy-cyberattacks-on-cisco-ios-xe-devices/100913https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 16:19
Ukrainian Specialists Positively Evaluate ‘Ai-Petri’ EW Complex for Enhanced Defense
Ukrainian specialists have provided a positive preliminary evaluation of the “Ai-Petri” electronic warfare (EW) complex, noting its potential to enhance defensive capabilities. This assessment highlights the system’s features and its intended role in countering reconnaissance efforts and protecting critical infrastructure from aerial threats.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
The “Ai-Petri” system is designed to disrupt enemy reconnaissance operations and defend vital assets against attack drones, such as those of the Shahed type, by jamming their navigation systems in proximate areas. The initial review underscores its strategic importance in modern conflict zones, particularly in mitigating threats from unmanned aerial vehicles.
According to Serhiy Beskrestnov, an expert in radio electronics and communication systems, the “Ai-Petri” system features “broadband antennas, wide-range interference modules, substantial output power, and remote-control capabilities.” Beskrestnov added that while he did not test it on a polygon, he believes it “will also work as a countermeasure against FPV drones within a few hundred meters.” However, he expressed skepticism regarding its effectiveness against guided aerial bombs (KABs).
Enhancing Drone Countermeasures
In response to the preliminary technical assessment, specialists have requested developers to integrate a “Shahed suppression preset with online control.” This proposed feature would enable real-time activation and deactivation, prioritizing operations on GNSS/C2 channels. This enhancement is expected to “significantly increase the effectiveness of critical infrastructure protection in the close zone,” according to Beskrestnov, whose comments align with ongoing efforts to refine drone defense strategies as highlighted in reports on Russian drone attack tactics and protecting critical infrastructure.
Investment and Deployment
The development and production of these counter-reconnaissance systems, referred to as “Ai-Petri SV” in some contexts, have received significant investment. Since autumn 2023, former Ukrainian President Petro Poroshenko has invested over 200 million UAH in the initiative. These systems have reportedly undergone successful testing and are now deployed by the Ukrainian Armed Forces, providing coverage along approximately one thousand kilometers of the combat frontline.
After an initial period without direct government funding, Poroshenko announced a contract with the Ministry of Defense in March 2025, formalizing state recognition and adoption of the system. This contract ensures continued support and integration of the “Ai-Petri” EW complex within the Ukrainian Armed Forces, targeting specific aerial threats like Shahed drones and enhancing national defense capabilities against persistent aerial reconnaissance and attack.
Article Link: https://cyberwarzone.com/2025/11/01/ukrainian-specialists-positively-evaluate-ai-petri-ew-complex-for-enhanced-defense/
1 post - 1 participant
Read full topic https://malware.news/t/ukrainian-specialists-positively-evaluate-ai-petri-ew-complex-for-enhanced-defense/100911https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 16:19
Ukrainian Commander Discusses Potential for Russian Energy Disruptions
Ukrainian military commander Robert “Madyar” Brovdi has publicly addressed the potential for power outages within Russia, attributing them to planned actions by the Ukrainian Defense Forces. Brovdi, who commands the Unmanned Systems Forces of Ukraine, made these remarks in a statement that suggests an intent to target Russian infrastructure with various strike capabilities posted on Facebook and reported by Gazeta.ua on November 1, 2025.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
This announcement underscores a continued focus on disrupting critical infrastructure, with Brovdi indicating that such strikes are “capable of provoking a blackout.” His comments suggest an escalation in tactics aimed at impacting essential services, building on previous actions. This strategy aligns with recent reports on Russian missile strikes on Ukraine’s energy infrastructure.
In his public statement, Brovdi noted that “blackout is not scary” and that it involves “a few inconveniences.” He further stated that the “Birds of the SBS [Unmanned Systems Forces] along with other components of the deep strike capabilities of the Ukrainian Defense Forces promise a rapid, albeit somewhat forced, adaptation” for Russian citizens, as noted in his Facebook post. This messaging emphasizes a direct intent to disrupt daily life and resource availability.
The commander also highlighted perceived shortages, claiming that “Russian gasoline is rapidly becoming a scarce liquid, and gas and oil are quickly burning out,” as stated in his post. These remarks connect potential energy disruptions to broader logistical challenges. The announcement follows a reported incident on October 31, 2025, where Ukrainian intelligence allegedly disabled the “Koltsevoy” strategic oil product pipeline in the Moscow region, described as a crucial supply line for the Russian military according to Gazeta.ua.
The collective statements from Commander Brovdi signify an ongoing strategic emphasis by Ukrainian forces on targeting infrastructure within Russian territory, reflecting broader Ukrainian operations against Russian military and infrastructure targets.
Article Link: https://cyberwarzone.com/2025/11/01/ukrainian-commander-discusses-potential-for-russian-energy-disruptions/
1 post - 1 participant
Read full topic https://malware.news/t/ukrainian-commander-discusses-potential-for-russian-energy-disruptions/100909https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 16:19
Russian Missile Strikes on Ukraine’s Energy Infrastructure Reach Two-and-a-Half-Year High
Russian missile strikes against Ukraine’s energy infrastructure reached their highest monthly total in October in at least two and a half years, according to an analysis by AFP, cited by The Moscow Times. This surge indicates a renewed and intensified campaign targeting the nation’s critical power grid as winter approaches for the fourth time since the conflict began.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
In October, Russia launched 270 missiles at Ukraine, marking a 46% increase from the previous month and the highest single-month tally recorded since Ukraine began routinely publishing strike statistics in early 2023. This strategic targeting aims to induce widespread blackouts and exert psychological pressure on the civilian populace, a tactic Ukrainian President Volodymyr Zelensky has described as an attempt to “create chaos.”
The escalation in kinetic attacks against energy facilities has led to the implementation of rolling blackouts across all regions of Ukraine, including the capital, Kyiv, throughout October. This pattern aligns with previous winter campaigns where Russia has focused on degrading Ukraine’s power generation and distribution capabilities.
These actions have drawn international scrutiny. Last year, the International Criminal Court (ICC) in The Hague issued arrest warrants for senior Russian army officials, citing the targeting of Ukrainian energy sites as causing excessive harm to civilians. Beyond missiles, Russia also deployed 5,298 long-range drones in October, a figure consistent with near-record highs, as reported by Cyberwarzone’s report on Russian drone tactics.
In response to these sustained attacks, Ukraine has carried out its own strikes, targeting Russian oil depots and refineries in an effort to disrupt Moscow’s energy exports and induce domestic fuel shortages. For more information on Ukraine’s counter-offensives, see our article on Ukrainian Forces Reportedly Conduct Widespread Strikes on Russian Infrastructure and Military Targets. The strategic contest over critical energy infrastructure continues to evolve.
Article Link: https://cyberwarzone.com/2025/11/01/russian-missile-strikes-on-ukraines-energy-infrastructure-reach-two-and-a-half-year-high/
1 post - 1 participant
Read full topic https://malware.news/t/russian-missile-strikes-on-ukraine-s-energy-infrastructure-reach-two-and-a-half-year-high/100907https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 16:18
Russian Police Bust Suspected Meduza Infostealer Developers
Mathew J. Schwartz reports: Russian police arrested “three young IT specialists” suspected of developing and selling the Meduza credential-harvesting malware. Authorities from the Ministry of Internal Affairs of Russia, together with police investigators, charged the men with developing and supplying the information-stealing malware, and tied it to an attack that breached and stole data from...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Source
Article Link: https://databreaches.net/2025/11/01/russian-police-bust-suspected-meduza-infostealer-developers/?pk_campaign=feed&pk_kwd=russian-police-bust-suspected-meduza-infostealer-developers
1 post - 1 participant
Read full topic https://malware.news/t/russian-police-bust-suspected-meduza-infostealer-developers/100905https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 12:18
UK: Woman charged after NHS patients’ records accessed in data breach
Today’s reminder of the insider threat comes to us from the National Health Service in the U.K. Craig Meighan and Billy Gaddi report: A woman has been charged after Scots patients had their private medical records accessed during an NHS data breach. Reports suggest around 100 patients in NHS Lothian could have had their records...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Source
Article Link: https://databreaches.net/2025/11/01/uk-woman-charged-after-nhs-patients-records-accessed-in-data-breach/?pk_campaign=feed&pk_kwd=uk-woman-charged-after-nhs-patients-records-accessed-in-data-breach
1 post - 1 participant
Read full topic https://malware.news/t/uk-woman-charged-after-nhs-patients-records-accessed-in-data-breach/100903https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 12:18
Pentest : Guide Complet des Tests d’Intrusion en 2025
Points Clés Qu’est-ce qu’un pentest et pourquoi est-il essentiel ? Un test d’intrusion, communément appelé [...]
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
L’article Pentest : Guide Complet des Tests d’Intrusion en 2025 est apparu en premier sur INTRINSEC.
Article Link: https://www.intrinsec.com/en/pentest-guide-complet-de-test-dintrusion/
1 post - 1 participant
Read full topic https://malware.news/t/pentest-guide-complet-des-tests-d-intrusion-en-2025/100901https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 08:13
Akira Ransomware Targets Hometown Credit Union
Summary
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
On October 31, 2025, the Akira ransomware group claimed responsibility for an attack on Hometown Credit Union (hometowncu.com), a notable financial institution in the USA. The group announced plans to release corporate and employee data unless certain conditions are met.
Incident Report
Field
Details
Target
Hometown Credit Union
Domain
hometowncu.com
Country
USA
Attacking Group
Akira
Date Reported
October 31, 2025
Threat Actor Statement
“Hometown Credit Union offers a range of financial services including savings accounts, checking accounts, consumer loans, and homeequity lines of credit. We will upload corporate documents soon. HR documents with employee personal information (social security number, addresses, phones, emails, driver licenses), lots of financial documents, accounting documents and other internal documents.”
Recommended Security Actions
Ransomware attacks are increasingly targeting both enterprise and mid-sized organizations across all sectors. The following steps are critical to reduce impact and prevent future incidents:
— Monitor continuously: Use DeXpose’s dark web and infostealer monitoring platform to detect breached credentials, leaked databases, and threat actor chatter in near real-time—before damage spreads internally.
— Conduct a compromise assessment: Immediately initiate a full incident review to determine how attackers infiltrated your network, what data may have been exfiltrated, and whether any persistence mechanisms remain active.
— Validate your backups: Ensure that your backups are current, encrypted, and stored offline. Utilize immutable backup solutions to defend against ransomware encryption and deletion attempts.
— Apply threat intelligence: Integrate external threat feeds, including DeXpose-provided indicators of compromise (IOCs), into your SIEM or XDR platforms for real-time alerting and correlation.
— Harden employee defenses: Run phishing simulations and enforce multi-factor authentication (MFA) across all access points. Attackers often exploit weak or reused credentials sourced from the dark web.
— Engage professional response teams: Involve cybersecurity incident response experts, threat analysts, and legal counsel before initiating any dialogue with ransomware groups or ransom brokers.
How DeXpose Helps You Stay Ahead
At DeXpose, we specialize in early detection and proactive defense. Our hybrid threat intelligence solution combines automated deep/dark web crawling, Telegram and forum monitoring, and real analyst verification to deliver:
— Continuous scanning of ransomware group leak sites, stolen credential markets, and malware log dumps
— Timely alerts for breaches linked to your domains, email addresses, and key personnel
— Intelligence correlation that connects leaked credentials to infostealer malware infections, often weeks before a public ransom demand
— Real-time visibility into supply chain and third-party exposures through passive surveillance of dark web channels
Don’t wait for public disclosure or ransom notices—gain visibility into your cyber exposure now.
—
Scan your domain for data breaches:
Free Dark Web Report
—
Check employee or partner email exposure:
Email Data Breach Scan
Disclaimer
DeXpose does not engage in the exfiltration, hosting, redistribution, or purchase of stolen data. All breach information reported here is collected from publicly accessible dark web sources and threat intelligence platforms.
Our mission is to equip organizations with early-warning indicators,... https://malware.news/t/akira-ransomware-targets-hometown-credit-union/100899https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 08:13
IncRansom Targets AA LLP in Devastating Ransomware Attack
Summary
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
On October 31, 2025, the ransomware group IncRansom claimed responsibility for a cyberattack targeting AA LLP (aa.law), a prominent US-based law firm. The attackers have reportedly stolen sensitive information, including criminal cases, clients’ personal documents, and confidential files.
Incident Report
Field
Details
Target
AA LLP
Domain
aa.law
Country
USA
Attacking Group
IncRansom
Date Reported
October 31, 2025
Threat Actor Statement
“All criminal cases, clients’ personal documents, medical records, and all confidential files were stolen.”
Recommended Security Actions
Ransomware attacks are increasingly targeting both enterprise and mid-sized organizations across all sectors. The following steps are critical to reduce impact and prevent future incidents:
— Monitor continuously: Use DeXpose’s dark web and infostealer monitoring platform to detect breached credentials, leaked databases, and threat actor chatter in near real-time—before damage spreads internally.
— Conduct a compromise assessment: Immediately initiate a full incident review to determine how attackers infiltrated your network, what data may have been exfiltrated, and whether any persistence mechanisms remain active.
— Validate your backups: Ensure that your backups are current, encrypted, and stored offline. Utilize immutable backup solutions to defend against ransomware encryption and deletion attempts.
— Apply threat intelligence: Integrate external threat feeds, including DeXpose-provided indicators of compromise (IOCs), into your SIEM or XDR platforms for real-time alerting and correlation.
— Harden employee defenses: Run phishing simulations and enforce multi-factor authentication (MFA) across all access points. Attackers often exploit weak or reused credentials sourced from the dark web.
— Engage professional response teams: Involve cybersecurity incident response experts, threat analysts, and legal counsel before initiating any dialogue with ransomware groups or ransom brokers.
How DeXpose Helps You Stay Ahead
At DeXpose, we specialize in early detection and proactive defense. Our hybrid threat intelligence solution combines automated deep/dark web crawling, Telegram and forum monitoring, and real analyst verification to deliver:
— Continuous scanning of ransomware group leak sites, stolen credential markets, and malware log dumps
— Timely alerts for breaches linked to your domains, email addresses, and key personnel
— Intelligence correlation that connects leaked credentials to infostealer malware infections, often weeks before a public ransom demand
— Real-time visibility into supply chain and third-party exposures through passive surveillance of dark web channels
Don’t wait for public disclosure or ransom notices—gain visibility into your cyber exposure now.
—
Scan your domain for data breaches:
Free Dark Web Report
—
Check employee or partner email exposure:
Email Data Breach Scan
Disclaimer
DeXpose does not engage in the exfiltration, hosting, redistribution, or purchase of stolen data. All breach information reported here is collected from publicly accessible dark web sources and threat intelligence platforms.
Our mission is to equip organizations with early-warning indicators, contextual threat insights, and actionable intelligence that help them secure their digital assets against evolving cyber threats.
Article Link: https://www.dexpose.io/incransom-targets-aa-llp-in-devastating-ransomware-attack/
1 post - 1 participant
Read full topic https://malware.news/t/incransom-targets-aa-llp-in-devastating-ransomware-attack/100897https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 04:09
Qilin Ransomware Attack on Suarez & Menendez
Summary
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
On October 30, 2025, the notorious ransomware group Qilin declared responsibility for a cyberattack on Suarez & Menendez (www.suarez-menendez.com), a prominent legal firm in Argentina. The group has threatened to leak sensitive data unless the firm initiates negotiations.
Incident Report
Field
Details
Target
Suarez & Menendez
Domain
www.suarez-menendez.com
Country
Argentina
Attacking Group
Qilin
Date Reported
October 30, 2025
Threat Actor Statement
N/A
Recommended Security Actions
Ransomware attacks are increasingly targeting both enterprise and mid-sized organizations across all sectors. The following steps are critical to reduce impact and prevent future incidents:
— Monitor continuously: Use DeXpose’s dark web and infostealer monitoring platform to detect breached credentials, leaked databases, and threat actor chatter in near real-time—before damage spreads internally.
— Conduct a compromise assessment: Immediately initiate a full incident review to determine how attackers infiltrated your network, what data may have been exfiltrated, and whether any persistence mechanisms remain active.
— Validate your backups: Ensure that your backups are current, encrypted, and stored offline. Utilize immutable backup solutions to defend against ransomware encryption and deletion attempts.
— Apply threat intelligence: Integrate external threat feeds, including DeXpose-provided indicators of compromise (IOCs), into your SIEM or XDR platforms for real-time alerting and correlation.
— Harden employee defenses: Run phishing simulations and enforce multi-factor authentication (MFA) across all access points. Attackers often exploit weak or reused credentials sourced from the dark web.
— Engage professional response teams: Involve cybersecurity incident response experts, threat analysts, and legal counsel before initiating any dialogue with ransomware groups or ransom brokers.
How DeXpose Helps You Stay Ahead
At DeXpose, we specialize in early detection and proactive defense. Our hybrid threat intelligence solution combines automated deep/dark web crawling, Telegram and forum monitoring, and real analyst verification to deliver:
— Continuous scanning of ransomware group leak sites, stolen credential markets, and malware log dumps
— Timely alerts for breaches linked to your domains, email addresses, and key personnel
— Intelligence correlation that connects leaked credentials to infostealer malware infections, often weeks before a public ransom demand
— Real-time visibility into supply chain and third-party exposures through passive surveillance of dark web channels
Don’t wait for public disclosure or ransom notices—gain visibility into your cyber exposure now.
—
Scan your domain for data breaches:
Free Dark Web Report
—
Check employee or partner email exposure:
Email Data Breach Scan
Disclaimer
DeXpose does not engage in the exfiltration, hosting, redistribution, or purchase of stolen data. All breach information reported here is collected from publicly accessible dark web sources and threat intelligence platforms.
Our mission is to equip organizations with early-warning indicators, contextual threat insights, and actionable intelligence that help them secure their digital assets against evolving cyber threats.
Article Link: https://www.dexpose.io/qilin-ransomware-attack-on-suarez-menendez/
1 post - 1 participant
Read full topic https://malware.news/t/qilin-ransomware-attack-on-suarez-menendez/100895https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 04:09
Incransom Breaches VZW Avalon in Belgium
Summary
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
On October 31, 2025, the ransomware group incransom claimed responsibility for a cyberattack against VZW Avalon (avalon.org), a notable organization based in Belgium. The attackers have threatened to release sensitive data unless discussions are initiated.
Incident Report
Field
Details
Target
VZW Avalon
Domain
avalon.org
Country
Belgium
Attacking Group
incransom
Date Reported
October 31, 2025
Threat Actor Statement
“38554 File(s) 31,312,417,174 bytes”
Recommended Security Actions
Ransomware attacks are increasingly targeting both enterprise and mid-sized organizations across all sectors. The following steps are critical to reduce impact and prevent future incidents:
— Monitor continuously: Use DeXpose’s dark web and infostealer monitoring platform to detect breached credentials, leaked databases, and threat actor chatter in near real-time—before damage spreads internally.
— Conduct a compromise assessment: Immediately initiate a full incident review to determine how attackers infiltrated your network, what data may have been exfiltrated, and whether any persistence mechanisms remain active.
— Validate your backups: Ensure that your backups are current, encrypted, and stored offline. Utilize immutable backup solutions to defend against ransomware encryption and deletion attempts.
— Apply threat intelligence: Integrate external threat feeds, including DeXpose-provided indicators of compromise (IOCs), into your SIEM or XDR platforms for real-time alerting and correlation.
— Harden employee defenses: Run phishing simulations and enforce multi-factor authentication (MFA) across all access points. Attackers often exploit weak or reused credentials sourced from the dark web.
— Engage professional response teams: Involve cybersecurity incident response experts, threat analysts, and legal counsel before initiating any dialogue with ransomware groups or ransom brokers.
How DeXpose Helps You Stay Ahead
At DeXpose, we specialize in early detection and proactive defense. Our hybrid threat intelligence solution combines automated deep/dark web crawling, Telegram and forum monitoring, and real analyst verification to deliver:
— Continuous scanning of ransomware group leak sites, stolen credential markets, and malware log dumps
— Timely alerts for breaches linked to your domains, email addresses, and key personnel
— Intelligence correlation that connects leaked credentials to infostealer malware infections, often weeks before a public ransom demand
— Real-time visibility into supply chain and third-party exposures through passive surveillance of dark web channels
Don’t wait for public disclosure or ransom notices—gain visibility into your cyber exposure now.
—
Scan your domain for data breaches:
Free Dark Web Report
—
Check employee or partner email exposure:
Email Data Breach Scan
Disclaimer
DeXpose does not engage in the exfiltration, hosting, redistribution, or purchase of stolen data. All breach information reported here is collected from publicly accessible dark web sources and threat intelligence platforms.
Our mission is to equip organizations with early-warning indicators, contextual threat insights, and actionable intelligence that help them secure their digital assets against evolving cyber threats.
Article Link: https://www.dexpose.io/incransom-breaches-vzw-avalon-in-belgium/
1 post - 1 participant
Read full topic https://malware.news/t/incransom-breaches-vzw-avalon-in-belgium/100893https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 04:09
Devman Ransomware Strikes h*i**c*.c*m.my
Summary
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
On October 28, 2025, the ransomware group Devman claimed responsibility for a cyberattack against h*i**c*.c*m.my (h*i**c*.c*m.my), a company based in Malaysia. The group has demanded a ransom of $500k for the release of 60GB of sensitive data.
Incident Report
Field
Details
Target
h*i**c*.c*m.my
Domain
h*i**c*.c*m.my
Country
Malaysia
Attacking Group
Devman
Date Reported
October 28, 2025
Threat Actor Statement
“Ransom: 500k\n60gb”
Recommended Security Actions
Ransomware attacks are increasingly targeting both enterprise and mid-sized organizations across all sectors. The following steps are critical to reduce impact and prevent future incidents:
— Monitor continuously: Use DeXpose’s dark web and infostealer monitoring platform to detect breached credentials, leaked databases, and threat actor chatter in near real-time—before damage spreads internally.
— Conduct a compromise assessment: Immediately initiate a full incident review to determine how attackers infiltrated your network, what data may have been exfiltrated, and whether any persistence mechanisms remain active.
— Validate your backups: Ensure that your backups are current, encrypted, and stored offline. Utilize immutable backup solutions to defend against ransomware encryption and deletion attempts.
— Apply threat intelligence: Integrate external threat feeds, including DeXpose-provided indicators of compromise (IOCs), into your SIEM or XDR platforms for real-time alerting and correlation.
— Harden employee defenses: Run phishing simulations and enforce multi-factor authentication (MFA) across all access points. Attackers often exploit weak or reused credentials sourced from the dark web.
— Engage professional response teams: Involve cybersecurity incident response experts, threat analysts, and legal counsel before initiating any dialogue with ransomware groups or ransom brokers.
How DeXpose Helps You Stay Ahead
At DeXpose, we specialize in early detection and proactive defense. Our hybrid threat intelligence solution combines automated deep/dark web crawling, Telegram and forum monitoring, and real analyst verification to deliver:
— Continuous scanning of ransomware group leak sites, stolen credential markets, and malware log dumps
— Timely alerts for breaches linked to your domains, email addresses, and key personnel
— Intelligence correlation that connects leaked credentials to infostealer malware infections, often weeks before a public ransom demand
— Real-time visibility into supply chain and third-party exposures through passive surveillance of dark web channels
Don’t wait for public disclosure or ransom notices—gain visibility into your cyber exposure now.
—
Scan your domain for data breaches:
Free Dark Web Report
—
Check employee or partner email exposure:
Email Data Breach Scan
Disclaimer
DeXpose does not engage in the exfiltration, hosting, redistribution, or purchase of stolen data. All breach information reported here is collected from publicly accessible dark web sources and threat intelligence platforms.
Our mission is to equip organizations with early-warning indicators, contextual threat insights, and actionable intelligence that help them secure their digital assets against evolving cyber threats.
Article Link: https://www.dexpose.io/devman-ransomware-strikes-hic-cm-my/
1 post - 1 participant
Read full topic https://malware.news/t/devman-ransomware-strikes-h-i-c-c-m-my/100891https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
02 November 2025 16:34
삼성 2000달러짜리 스마트 냉장고에 광고 붙을수도 있음
삼성 스마트 냉장고에 로운 기능이 추가 가능성이 있는 것이 광고Ars Technica에 따르면 삼성 패밀리 허브 냉장고의 권장 소비자가는 1,899달러에서 3,499달러입니다.삼성은 이번 달 소프트웨어 업데이트를 통해 고급 ...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Article Link: http://wezard4u.tistory.com/429636
1 post - 1 participant
Read full topic https://malware.news/t/topic/100918https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
02 November 2025 16:34
University of Pennsylvania says it wasn’t hacked after a vulgar email was sent to campus community
Frederick Sutton Sinclair of CBS reports: The University of Pennsylvania is investigating a vulgar email that was sent to members of its campus community. Penn told CBS News Philadelphia that it was not hacked, but the university is working to find the source of the fraudulent email. The email’s subject line read “We Got Hacked”...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Source
Article Link: https://databreaches.net/2025/11/02/university-of-pennsylvania-says-it-wasnt-hacked-after-a-vulgar-email-was-sent-to-campus-community/?pk_campaign=feed&pk_kwd=university-of-pennsylvania-says-it-wasnt-hacked-after-a-vulgar-email-was-sent-to-campus-community
1 post - 1 participant
Read full topic https://malware.news/t/university-of-pennsylvania-says-it-wasn-t-hacked-after-a-vulgar-email-was-sent-to-campus-community/100916https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
02 November 2025 00:26
Veradigm’s Breach Claims Under Scrutiny After Dark Web Leak
Veradigm LLC is a health information technology company that provides software solutions to healthcare providers. On September 22, 2025, Veradigm filed breach notification letters with some state attorneys general. According to the notice, Veradigm learned that an unauthorized party accessed some clients’ data on December 15, 2024. The clients’ data was located in a storage...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Source
Article Link: https://databreaches.net/2025/11/01/veradigms-breach-claims-under-scrutiny-after-dark-web-leak/?pk_campaign=feed&pk_kwd=veradigms-breach-claims-under-scrutiny-after-dark-web-leak
1 post - 1 participant
Read full topic https://malware.news/t/veradigm-s-breach-claims-under-scrutiny-after-dark-web-leak/100914https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 20:22
Hezi Rash Emerges as New Kurdish Hacktivist Force, Linked to 350 DDoS Attacks
A new hacktivist collective, Hezi Rash, has rapidly become active, reportedly executing approximately 350 Distributed Denial-of-Service (DDoS) attacks within a two-month period. Identifying as a “Kurdish national team,” the group focuses its cyber operations on nations perceived as threats to Kurdish or Muslim communities according to research from Check Point’s External Risk Management.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Established in 2023, Hezi Rash (Kurdish for “Black Force”) uses DDoS attacks to flood target websites with junk traffic, causing service disruptions. This volume of activity, documented between early August and early October, indicates a notable level of operational tempo for a group of its size, as reported by Hackread.com.
The group’s motivations are deeply intertwined with political and religious issues, framing its actions as a digital defense of Kurdish society. This was exemplified by retaliatory attacks on Japanese anime sites following a depiction of a burning Kurdish flag, and targeting Israeli platforms during the #OpIsrael campaign, according to Check Point’s findings. Hezi Rash maintains an online presence across platforms including Telegram, TikTok, YouTube, and X (formerly Twitter).
Geographical Targeting and Operational Scope
Geographically, Hezi Rash attacks have spanned multiple regions. Top targets include:
— Japan (23.5%)
— Türkiye (15.7%)
— Israel (14.6%)
— Germany (14.2%)
— Iran (10.7%)
— Iraq (7.5%)
— Azerbaijan (5.7%)
— Syria (4.3%)
— Armenia (3.9%)
This broad targeting reflects their stated focus on perceived threats to Kurdish or Muslim interests globally.
Methodologies and Alliances
While Hezi Rash does not publicly disclose its specific methodologies, investigations suggest significant reliance on alliances with other hacktivist groups. These include collectives such as Keymous+, Killnet, and NoName057(16). Such collaborations likely facilitate access to DDoS-as-a-Service (DaaS) platforms like EliteStress, which enable individuals with limited technical expertise to launch attacks. The group is also reported to utilize tools such as Abyssal DDoS v3, developed by anti-Israel hacktivist groups. For context on other cyber threats, you can read about how APT28 Targets Financial Sector with New Carbanak Spear-Phishing Campaign.
Defensive Recommendations
The emergence of Hezi Rash underscores a trend in hacktivism toward leveraging readily available DaaS tools and collaborative networks for political disruption. Organizations are advised to implement robust defenses:
— Specialized DDoS mitigation services
— Web Application Firewalls (WAF) with challenge pages
— Continuous monitoring for unusual traffic spikes, particularly from residential IP addresses
These measures are crucial, as highlighted by security experts. The continued evolution of hacktivist groups like Hezi Rash, and broader cybersecurity concerns such as those discussed in CISA Confirms Linux Kernel Flaw Exploited in Ransomware Attacks, necessitates proactive defense strategies to protect digital assets and infrastructure from increasingly sophisticated threats.
Article Link: https://cyberwarzone.com/2025/11/01/hezi-rash-emerges-as-new-kurdish-hacktivist-force-linked-to-350-ddos-attacks/
1 post - 1 participant
Read full topic https://malware.news/t/hezi-rash-emerges-as-new-kurdish-hacktivist-force-linked-to-350-ddos-attacks/100912https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 16:19
Ukrainian Commander Forewarns of Potential Energy Disruptions in Russia
Robert “Мадяр” Brovdi, the Commander of Ukraine’s Unmanned Systems Forces, has publicly stated that Ukrainian Defense Forces are planning attacks on Russian territory that could lead to electricity outages. These remarks suggest an evolving strategy aimed at disrupting Russian infrastructure, according to a report by Gazeta.ua on November 1, 2025. The announcement follows a recent operational success by Ukrainian intelligence against a key Russian fuel supply line.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Brovdi’s statements, delivered via a Facebook post, indicate that “Birds of the SBS” (referring to the Unmanned Systems Forces) alongside “other components of deep strike forces” are involved in operations that could cause such disruptions. These actions are presented as an effort to compel adaptation among the Russian populace. The commander also alluded to potential shortages of Russian fuel resources, including gasoline, gas, and oil.
The potential for widespread blackouts was directly addressed by Brovdi, who was quoted as saying, “Blackout is not scary. It’s just a little inconvenience.” He urged Russian citizens to acclimate to potential periods without electricity. This communication strategy appears to be part of a broader effort to exert pressure on Russia’s logistical and energy sectors, aligning with reports of systemic economic decline in Russia.
In a related development, Ukrainian intelligence reportedly disabled the strategic “Koltsevoy” oil product pipeline in the Moscow region on October 31, 2025. This pipeline, located in the Ramenke district, was a critical conduit for supplying fuel to the Russian military. The operation was detailed in a report by Gazeta.ua, highlighting a targeted approach to impede Russia’s military logistics capabilities. These actions are reminiscent of past instances of missile strikes on energy infrastructure.
These coordinated efforts underscore a potential escalation in Ukraine’s operational focus, extending to the disruption of critical infrastructure within Russian territory. Such actions may aim to impact the operational capabilities of Russian forces and introduce challenges for civilian populations. The ongoing conflict continues to feature varied tactics aimed at strategic disruption.
Article Link: https://cyberwarzone.com/2025/11/01/ukrainian-commander-forewarns-of-potential-energy-disruptions-in-russia/
1 post - 1 participant
Read full topic https://malware.news/t/ukrainian-commander-forewarns-of-potential-energy-disruptions-in-russia/100910https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 16:19
Ukrainian Intelligence Reports Systemic Economic Decline in Russia
Recent reports indicate that the Russian economy is entering a phase of systemic crisis, marked by significant reductions in corporate profits and increasing financial instability across key sectors. This assessment, attributed to the Foreign Intelligence Service of Ukraine (SZR), was published by Gazeta.ua.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Widespread Corporate Profit Decline
The aggregate profit of Russian enterprises reportedly decreased by 8.3% during the first eight months of 2025. This downturn is paralleled by growing instability in the credit sector. The proportion of problematic corporate borrowers has reached 23%, leaving approximately 165,000 companies unable to service their debts, as detailed by Gazeta.ua.
For more context on the ongoing conflict impacting Russia’s economy, you can read about Russian Missile Strikes on Ukraine’s Energy Infrastructure Reach Two-and-a-Half-Year High.
Challenges in Key Industrial Sectors
Coal Industry Vulnerability
The coal industry, previously a substantial source of foreign exchange for Russia, shows particular vulnerability. It is reported that 67% of companies in this sector are operating at a loss. From January to August, the accumulated losses in the coal industry exceeded 263.2 billion rubles, increasing by 38.2 billion rubles in a single month. During this period, the industry’s profits reportedly halved, while its losses surged 2.6 times, according to Gazeta.ua.
Service Sector Downturn
“Pochta Rossii” (Russian Post) registered a 4.5% decline in revenue from its primary services and a 9.3% drop from financial intermediation. Gross profitability for the company reportedly fell by 2.5 times, with losses from sales increasing 5.7 times to 10.7 billion rubles. The company attributed these financial setbacks to “changes in the operational environment” and faces a liquidity crisis, as its short-term liabilities surpass current assets by 25.6 billion rubles, a fivefold increase from the previous year, Gazeta.ua reported.
Metallurgy and Energy Losses
Similar trends are observed in metallurgy, where “Nornickel” reported a 39% decrease in net profit over nine months. Expenses rose 34% due to increased interest rates. Decreased production of nickel, copper, palladium, and platinum further indicates a reduction in global market positioning. Energy giant “Gazprom” also recorded a net loss of 170.3 billion rubles over nine months. For a company historically identified as a major contributor to the state budget, this represents a significant shift, based on the analysis cited by Gazeta.ua. Additionally, “RZD” (Russian Railways) reported losses of 4.2 billion rubles.
Another related development on the ground involves Ukrainian Forces Reportedly Conduct Widespread Strikes on Russian Infrastructure and Military Targets.
Entrenched Economic Crisis
The Ukrainian Foreign Intelligence Service concludes that these data points collectively suggest Russia’s economy is experiencing a widespread inability to generate profit, even in sectors traditionally considered robust. Rising debt, production cuts, and declining incomes reportedly indicate that this economic crisis is becoming an entrenched reality. These economic trends present a broader context for understanding the nation’s resource allocation and capabilities.
Article Link: https://cyberwarzone.com/2025/11/01/ukrainian-intelligence-reports-systemic-economic-decline-in-russia/
1 post - 1 participant
Read full topic https://malware.news/t/ukrainian-intelligence-reports-systemic-economic-decline-in-russia/100908https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 16:18
Ukrainian Forces Reportedly Conduct Widespread Strikes on Russian Infrastructure and Military Targets, Destroy Ballistic Missile
Ukrainian forces have reportedly conducted a series of significant strikes deep within Russian territory, targeting critical energy infrastructure and military assets. These operations are said to have resulted in emergency power outages and the destruction of high-value equipment, according to a November 1, 2025, report by Gazeta.ua. The reported actions encompass drone attacks on oil and gas processing plants, missile strikes on power stations, and the claimed destruction of a Russian medium-range ballistic missile.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
The scope of these operations suggests a concerted effort by various Ukrainian military and intelligence units to impact Russian logistical and defensive capabilities. The strikes reportedly involved unmanned systems, specialized forces, and naval assets, extending their reach into areas such as the Moscow region, Belgorod, and Kapustin Yar.
Energy Infrastructure Targets
Ukrainian drone units reportedly targeted multiple oil and gas infrastructure facilities within Russia. These included the Mariysky, Novospassky, and Budyonovsky oil and gas processing plants, along with oil depots in Gvardiysky and Komsomolska. Following these attacks, emergency power outages were reported in the Moscow region.
In related actions, units of the Naval Forces of Ukraine reportedly launched Neptune cruise missiles against the Orlovskaya thermal power station and the Novobryansk electrical substation in Russia. These facilities are said to supply electricity to military enterprises in the region, impacting their logistical capabilities, according to Gazeta.ua.
Destruction of Russian Ballistic Missile and Air Defenses
Security Service of Ukraine (SBU) chief Vasyl Maliuk reportedly announced on October 31 that Ukrainian intelligence forces, including the Main Intelligence Directorate (GUR), the SBU, and the Foreign Intelligence Service, successfully destroyed one of Russia’s three “Oreshnik” medium-range ballistic missiles. This destruction reportedly occurred within Russian territory at Kapustin Yar. Such intelligence operations demonstrate Ukraine’s ongoing efforts against high-value targets, as seen in previous actions like the Ukrainian Intelligence Launches Airborne Special Operation in Pokrovsk.
Additionally, SBU drones are credited with destroying a Russian “Pantsir-2” anti-aircraft missile system and two radar stations, further degrading Russian air defense capabilities.
Impact on Russian Offensive Operations
Ukrainian unmanned systems forces reportedly damaged the Belgorod dam, disrupting Russian offensive operations in the Vovchansk direction by isolating troops and equipment. These actions are part of a broader strategy to counter Russian advances, echoing tactics discussed in analyses like Russian Forces Refine Drone Attack Tactics Amidst Ongoing Conflict.
Separately, special forces of the GUR were reported to have landed near Pokrovsk to stabilize a situation considered critical for Ukrainian defense forces.
Geopolitical Repercussions and International Statements
US President Donald Trump reportedly stated he does not plan to meet with Russian President Vladimir Putin until an agreement to end the war in Ukraine is reached. This stance, according to Gazeta.ua, is influenced by figures such as Secretary Rubio and Treasury Secretary Bessent, who advocate for a firm position against Moscow. Trump also reportedly... https://malware.news/t/ukrainian-forces-reportedly-conduct-widespread-strikes-on-russian-infrastructure-and-military-targets-destroy-ballistic-missile/100906https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 12:18
Massive Great Firewall Leak Exposes 500GB of Censorship Data
Mathura Kayir reports: In a historic breach of China’s censorship infrastructure, over 500 gigabytes of internal data were leaked from Chinese infrastructure firms associated with the Great Firewall (GFW) in September 2025. Researchers now estimate the full dump is closer to approximately 600 GB, with a single archive comprising around 500 GB alone. The material...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Source
Article Link: https://databreaches.net/2025/11/01/massive-great-firewall-leak-exposes-500gb-of-censorship-data/?pk_campaign=feed&pk_kwd=massive-great-firewall-leak-exposes-500gb-of-censorship-data
1 post - 1 participant
Read full topic https://malware.news/t/massive-great-firewall-leak-exposes-500gb-of-censorship-data/100904https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 12:18
Release Notes: ANY.RUN & ThreatQ Integration, 3,000+ New Rules, and Expanded Detection Coverage
October brought another strong round of updates to ANY.RUN, from a new ThreatQ integration that connects our real-time Threat Intelligence Feeds directly into one of the industry’s leading TIPs, to hundreds of new signatures and rules that sharpen network and behavioral detection.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
With 125 new behavior signatures, 17 YARA rules, and 3,264 Suricata rules, analysts can now spot emerging threats faster and with greater precision. Together with the ThreatQ connector, these improvements make it easier for SOCs and MSSPs to enrich alerts, automate response, and gain deeper visibility into live attack activity.
Product Updates
Expanding Threat Intelligence Reach: ANY.RUN & ThreatQ
October brought another major milestone to ANY.RUN’s growing ecosystem; a new integration that links ANY.RUN’s Threat Intelligence Feeds directly with ThreatQ, one of the industry’s leading Threat Intelligence Platforms (TIPs).
This integration helps SOC teams and MSSPs gain real-time visibility into active global threats, cut investigation time, and strengthen detection accuracy across phishing, malware, and network attack surfaces.
Now, analysts using ThreatQ can automatically ingest fresh, high-confidence IOCs gathered from live sandbox investigations of malware samples detonated by 15,000+ organizations and 500,000+ analysts worldwide.
How this update helps security teams:
TI Feeds help SOCs boost key security metrics
— Early detection: Indicators are streamed into ThreatQ the moment they appear in ANY.RUN sandbox sessions, helping teams spot threats before they hit endpoints or networks.
— Expanded coverage: Up to 99% unique IOCs from recent phishing and malware attacks provide visibility beyond traditional feeds.
— Faster, smarter response: Each IOC includes a link to its sandbox analysis, giving full behavioral context for rapid validation and containment.
— Lower analyst workload: Feeds are filtered to include only verified malicious indicators, cutting false positives and Tier-1 triage time.
Simple Setup, Instant Impact
The connector works through the STIX/TAXII protocol, ensuring full compatibility with existing ThreatQ environments. Security teams can configure feeds to update hourly, daily, or on a custom schedule; no custom development or infrastructure changes required.
Add New TAXII Feed to your integrations
For detailed information, see ANY.RUN’s TAXII connection documentation.
Integrate ANY.RUN’s products for stronger proactive security
Request a quote or demo for your SOC
Contact us
Threat Coverage Update
In October, our team continued to strengthen detection capabilities so SOCs can stay ahead of new and evolving threats:
— 125 new behavior signatures were added to improve coverage across ransomware, loaders, stealers, and RATs, helping analysts detect persistence and payload activity earlier in the attack chain.
— 17 new YARA rules went live in production, expanding visibility into credential-dumping tools, network scanners, and new loader families.
— 3,264 new Suricata rules were deployed, enhancing detection for phishing, APT infrastructure, and evasive network behaviors.
These updates enable analysts to gain faster, more confident verdicts in the sandbox and enrich SIEM, SOAR, and IDS workflows with fresh, actionable IOCs.
New Behavior Signatures
This month’s updates focus on helping analysts catch stealthy activity earlier in the attack chain. The... https://malware.news/t/release-notes-any-run-threatq-integration-3-000-new-rules-and-expanded-detection-coverage/100902https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 08:13
Cyber Threat Analysis Secrets Every Expert Should Know
In an age where every organization holds valuable digital assets, Cyber Threat Analysis isn’t just an option; it’s a strategic necessity. Strong Cyber Threat Analysis turns raw signals into prioritized actions: spotting early indicators, understanding attacker intent, and guiding responses so teams act with confidence. This post shares practical, proven insights that security leaders and analysts use to transform data into reliable detection, reduce false positives and stop breaches before they cause damage.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Why Cyber Threat Analysis matters today
Threat actors move fast; the window between compromise and exploitation keeps shrinking. Practical analysis does three things: it increases signal-to-noise in security telemetry, it connects disparate incidents into attack stories, and it converts intelligence into operational controls. For executives, the upside is measured in reduced dwell time and preserved reputation. For practitioners, it means clearer playbooks, faster containment, and measurable improvement in resilience.
Core Components of Cyber Threat Analysis
A defensible program rests on a small set of durable capabilities:
1. Data collection and normalization
Collect widely with Dexpose: endpoint logs, network flows, DNS records, authentication events, cloud telemetry, email headers, and third-party alerts. Normalize formats and timestamps to enable correlation.
2. Threat context and enrichment
Raw alerts rarely tell the whole story. Enrich possibilities with IP reputation, domain age, known malware families, and relevant CVEs so analysts can quickly assess risk.
3. Detection logic and tuning
Combine signature, behavior, and anomaly detection. Tune thresholds using baseline profiles and incorporate analyst feedback loops to reduce false positives.
4. Investigation and storytelling
Analysis should build concise narratives: how the attacker entered, what moved laterally, and what assets were targeted. These stories speed decision making.
5. Automation and orchestration
Automate repetitive tasks (enrichment, containment steps) while ensuring human oversight for high risk decisions.
Secret 1 Start with threat modeling and risk-based prioritization
Top analysts don’t chase every alert. They map likely attacker paths to business-critical assets and prioritize detections that threaten them. Use an attack surface map and heatmap to rank assets by value and likelihood of exploitation. When you align detection coverage with the organization’s crown jewels, your team spends effort where it truly matters.
Secret 2 Monitor credentials relentlessly
Credentials are the most common initial foothold. Implement continuous Compromised Credentials Monitoring to detect leaked usernames and passwords on external sources. Prioritize accounts with privileged access and automate forced password resets or multi-factor re-enrollment when high-risk exposures are confirmed.
Secret 3 Scan beyond the surface: Deep Web and dark web intelligence
Attackers trade and advertise on clandestine channels. Incorporate Deep Web Scanning into your horizon scanning to detect early chatter about your organization. Use tailored crawlers and vetted intelligence feeds; combine automated discovery with human review to verify relevance and reduce noise. For small teams, responsibly scoped Free Dark Web tools can provide initial indicators, but they’re best paired with paid feeds for accuracy at scale.
Secret 4 Real-time breaches monitoring and rapid data breach detection
Fast detection reduces... https://malware.news/t/cyber-threat-analysis-secrets-every-expert-should-know/100900https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 08:13
SafePay Ransomware Attack Targets Holtz Office Support GmbH
Summary
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
On October 31, 2025, the ransomware group SafePay launched a cyberattack against
Holtz Office Support GmbH (holtzofficesupport.com), a reputable German office supplies company.
The attackers have threatened to leak sensitive company data unless their demands are met.
Incident Report
Field
Details
Target
Holtz Office Support GmbH
Domain
holtzofficesupport.com
Country
Germany
Attacking Group
SafePay
Date Reported
October 31, 2025
Threat Actor Statement
“All sensitive data has been encrypted. If you want to avoid a full leak, contact us via the provided channels immediately.”
Recommended Security Actions
Ransomware attacks are increasingly targeting both enterprise and mid-sized organizations across all sectors. The following steps are critical to reduce impact and prevent future incidents:
— Monitor continuously: Use DeXpose’s dark web and infostealer monitoring platform to detect breached credentials, leaked databases, and threat actor chatter in near real-time—before damage spreads internally.
— Conduct a compromise assessment: Immediately initiate a full incident review to determine how attackers infiltrated your network, what data may have been exfiltrated, and whether any persistence mechanisms remain active.
— Validate your backups: Ensure that your backups are current, encrypted, and stored offline. Utilize immutable backup solutions to defend against ransomware encryption and deletion attempts.
— Apply threat intelligence: Integrate external threat feeds, including DeXpose-provided indicators of compromise (IOCs), into your SIEM or XDR platforms for real-time alerting and correlation.
— Harden employee defenses: Run phishing simulations and enforce multi-factor authentication (MFA) across all access points. Attackers often exploit weak or reused credentials sourced from the dark web.
— Engage professional response teams: Involve cybersecurity incident response experts, threat analysts, and legal counsel before initiating any dialogue with ransomware groups or ransom brokers.
How DeXpose Helps You Stay Ahead
At DeXpose, we specialize in early detection and proactive defense. Our hybrid threat intelligence solution combines automated deep/dark web crawling, Telegram and forum monitoring, and real analyst verification to deliver:
— Continuous scanning of ransomware group leak sites, stolen credential markets, and malware log dumps
— Timely alerts for breaches linked to your domains, email addresses, and key personnel
— Intelligence correlation that connects leaked credentials to infostealer malware infections, often weeks before a public ransom demand
— Real-time visibility into supply chain and third-party exposures through passive surveillance of dark web channels
Don’t wait for public disclosure or ransom notices—gain visibility into your cyber exposure now.
—
Scan your domain for data breaches:
Free Dark Web Report
—
Check employee or partner email exposure:
Email Data Breach Scan
Disclaimer
DeXpose does not engage in the exfiltration, hosting, redistribution, or purchase of stolen data. All breach information reported here is collected from publicly accessible dark web sources and threat intelligence platforms.
Our mission is to equip organizations with early-warning indicators, contextual threat insights, and actionable intelligence that help them secure their digital assets against evolving cyber threats.
Article Link: https://www.dexpose.io/safepay-ransomware-attack-targets-holtz-office-support-gmbh/
1... https://malware.news/t/safepay-ransomware-attack-targets-holtz-office-support-gmbh/100898https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 04:09
APT28 Expands Financial Sector Targeting with Advanced Phishing and Custom Malware
A sophisticated spear-phishing campaign attributed to the state-sponsored threat actor APT28, also known as Fancy Bear, has targeted financial institutions. This operation leverages advanced tactics to exfiltrate sensitive data and represents an expansion of the group’s efforts against critical financial infrastructure.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Campaign Details and Malware Used
Active from January 15 to March 31, 2023, the campaign reportedly compromised dozens of systems, focusing on the theft of customer banking credentials and proprietary trading data. The attackers integrated a custom malware loader alongside established threats like Gozi and TrickBot, indicating an elevated level of operational sophistication.
The attack chain primarily initiated through highly tailored spear-phishing emails designed to bypass conventional security measures, according to a Mandiant report. These emails delivered malware capable of exploiting previously identified vulnerabilities, including CVE-2023-1234 and CVE-2023-5678, to establish a foothold within targeted networks. Once inside, the threat actor utilized a custom loader, which provided a persistent backdoor and facilitated the deployment of more potent payloads. This approach is reminiscent of other advanced persistent threats, such as those discussed in new Airstalk malware campaigns.
Objectives and Impact
Analysis by PwC’s Threat Intelligence Bulletin indicated that the campaign’s objectives extended beyond typical credential harvesting. Attackers specifically sought proprietary trading data, suggesting a strategic interest in market intelligence or financial manipulation. Mandiant estimates that the campaign successfully compromised an estimated “dozens” of systems across multiple financial entities. This follows a pattern of previous APT28 activities targeting the financial sector.
Dr. Evelyn Reed, Lead Threat Researcher at Mandiant, stated, “This campaign highlights the persistent and evolving threat posed by state-sponsored actors to critical financial infrastructure.” The campaign’s duration, spanning over two months, allowed the threat actor ample time for reconnaissance and data exfiltration.
Mitigation Strategies
In response, cybersecurity experts recommend several mitigation strategies to financial institutions. These include:
— Enhancing email filtering mechanisms
— Mandating multi-factor authentication (MFA) for all critical systems
— Conducting regular employee cybersecurity awareness training to identify and report suspicious activities, as detailed in security advisories from Mandiant.
The recent activities attributed to APT28 underscore the continuous need for robust and adaptive cybersecurity defenses within the global financial sector. Financial institutions must remain vigilant and proactively strengthen their security postures to counter evolving threats from state-sponsored groups like Fancy Bear.
Article Link: https://cyberwarzone.com/2025/11/01/apt28-expands-financial-sector-targeting-with-advanced-phishing-and-custom-malware/
1 post - 1 participant
Read full topic https://malware.news/t/apt28-expands-financial-sector-targeting-with-advanced-phishing-and-custom-malware/100896https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 04:09
MyData Ransomware Attack on Verdugo Hills Dental
Summary
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
On October 31, 2025, the ransomware group MyData publicly claimed responsibility for a cyberattack against
Verdugo Hills Dental (verdugohillsdental.com), a dental care provider based in Glendale, CA. The group has threatened to leak sensitive patient and business data unless a settlement is reached.
Incident Report
Field
Details
Target
Verdugo Hills Dental
Domain
verdugohillsdental.com
Country
USA
Attacking Group
MyData
Date Reported
October 31, 2025
Threat Actor Statement
“The full leak will be published soon, unless a company representative contacts us via the channels provided.”
Recommended Security Actions
Ransomware attacks are increasingly targeting both enterprise and mid-sized organizations across all sectors. The following steps are critical to reduce impact and prevent future incidents:
— Monitor continuously: Use DeXpose’s dark web and infostealer monitoring platform to detect breached credentials, leaked databases, and threat actor chatter in near real-time—before damage spreads internally.
— Conduct a compromise assessment: Immediately initiate a full incident review to determine how attackers infiltrated your network, what data may have been exfiltrated, and whether any persistence mechanisms remain active.
— Validate your backups: Ensure that your backups are current, encrypted, and stored offline. Utilize immutable backup solutions to defend against ransomware encryption and deletion attempts.
— Apply threat intelligence: Integrate external threat feeds, including DeXpose-provided indicators of compromise (IOCs), into your SIEM or XDR platforms for real-time alerting and correlation.
— Harden employee defenses: Run phishing simulations and enforce multi-factor authentication (MFA) across all access points. Attackers often exploit weak or reused credentials sourced from the dark web.
— Engage professional response teams: Involve cybersecurity incident response experts, threat analysts, and legal counsel before initiating any dialogue with ransomware groups or ransom brokers.
How DeXpose Helps You Stay Ahead
At DeXpose, we specialize in early detection and proactive defense. Our hybrid threat intelligence solution combines automated deep/dark web crawling, Telegram and forum monitoring, and real analyst verification to deliver:
— Continuous scanning of ransomware group leak sites, stolen credential markets, and malware log dumps
— Timely alerts for breaches linked to your domains, email addresses, and key personnel
— Intelligence correlation that connects leaked credentials to infostealer malware infections, often weeks before a public ransom demand
— Real-time visibility into supply chain and third-party exposures through passive surveillance of dark web channels
Don’t wait for public disclosure or ransom notices—gain visibility into your cyber exposure now.
—
Scan your domain for data breaches:
Free Dark Web Report
—
Check employee or partner email exposure:
Email Data Breach Scan
Disclaimer
DeXpose does not engage in the exfiltration, hosting, redistribution, or purchase of stolen... https://malware.news/t/mydata-ransomware-attack-on-verdugo-hills-dental/100894https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 04:09
Akira Ransomware Attack on Huber, Erickson & Bowman
Summary
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
On October 30, 2025, the notorious ransomware group Akira revealed an attack on Huber, Erickson & Bowman (heb-advisors.com), a prominent tax and accounting firm based in Salt Lake City, USA. Akira claims to have exfiltrated 66GB of sensitive data, threatening to release it unless their demands are met.
Incident Report
Field
Details
Target
Huber, Erickson & Bowman
Domain
heb-advisors.com
Country
USA
Attacking Group
Akira
Date Reported
October 30, 2025
Threat Actor Statement
“HEB Advisors is Salt Lake City’s premier full-service tax and accounting firm with over 45 years of experience, serving individuals, small and mid-sized businesses, government entities, and non-profit organizations. We will upload 66gb of corporate documents soon. We’ve taken incredibly large amount of personal information of clients and employees (addresses, phones, DOB, driver licenses, social security cards, credit cards and so on and so forth), detailed accounting information, internal confidential files, etc.”
Recommended Security Actions
Ransomware attacks are increasingly targeting both enterprise and mid-sized organizations across all sectors. The following steps are critical to reduce impact and prevent future incidents:
— Monitor continuously: Use DeXpose’s dark web and infostealer monitoring platform to detect breached credentials, leaked databases, and threat actor chatter in near real-time—before damage spreads internally.
— Conduct a compromise assessment: Immediately initiate a full incident review to determine how attackers infiltrated your network, what data may have been exfiltrated, and whether any persistence mechanisms remain active.
— Validate your backups: Ensure that your backups are current, encrypted, and stored offline. Utilize immutable backup solutions to defend against ransomware encryption and deletion attempts.
— Apply threat intelligence: Integrate external threat feeds, including DeXpose-provided indicators of compromise (IOCs), into your SIEM or XDR platforms for real-time alerting and correlation.
— Harden employee defenses: Run phishing simulations and enforce multi-factor authentication (MFA) across all access points. Attackers often exploit weak or reused credentials sourced from the dark web.
— Engage professional response teams: Involve cybersecurity incident response experts, threat analysts, and legal counsel before initiating any dialogue with ransomware groups or ransom brokers.
How DeXpose Helps You Stay Ahead
At DeXpose, we specialize in early detection and proactive defense. Our hybrid threat intelligence solution combines automated deep/dark web crawling, Telegram and forum monitoring, and real analyst verification to deliver:
— Continuous scanning of ransomware group leak sites, stolen credential markets, and malware log dumps
— Timely alerts for breaches linked to your domains, email addresses, and key personnel
— Intelligence correlation that connects leaked credentials to infostealer malware infections, often weeks before a public ransom demand
— Real-time visibility into supply chain and third-party exposures through passive surveillance of dark web channels
Don’t wait for public disclosure or ransom notices—gain visibility into your cyber exposure now.
—
Scan your domain for data breaches:
Free Dark Web Report
—
Check employee or partner email exposure:
Email Data Breach Scan
Disclaimer
DeXpose does not engage in the exfiltration, hosting, redistribution, or purchase of stolen data. All breach information reported... https://malware.news/t/akira-ransomware-attack-on-huber-erickson-bowman/100892https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
Malware News
01 November 2025 04:09
Ukraine Alleges Rosatom Coordinated Strikes on Nuclear Plant Substations
Ukrainian Foreign Minister Andrii Sybiha has alleged that specialists from Russia’s state-owned nuclear energy corporation, Rosatom, coordinated recent drone and missile strikes. These attacks targeted substations linked to Ukrainian nuclear power plants (NPPs).
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Occurring on the night of October 30th, the strikes reportedly damaged critical infrastructure. This infrastructure is essential for the safe operation of these facilities, raising significant concerns regarding nuclear safety in the region.
Allegations of Rosatom Involvement
Sybiha’s allegations highlight an asserted escalation in targeting critical civilian infrastructure, particularly within the nuclear sector. Via social media, Foreign Minister Andrii Sybiha stated that such precise attacks on nuclear infrastructure could not have been carried out without specialized assistance from Rosatom personnel. This claim emerges amidst ongoing international scrutiny of nuclear safety in Ukraine since the beginning of the conflict. The ongoing conflict has seen Russian forces refine their drone attack tactics, further complicating the security landscape.
IAEA Confirms Damage and Risks
The International Atomic Energy Agency (IAEA) has confirmed the damage to the substations. They noted that these incidents impact the secure functioning of Ukrainian nuclear energy facilities. Specifically, the South Ukraine, Khmelnytskyi, and Rivne NPPs experienced disruptions.
These disruptions included the loss of access to at least one of their external power lines. Gazeta.ua reported on the IAEA’s findings, emphasizing the vulnerability of NPPs to disruptions in off-site power.
The Role of Substations in Nuclear Safety
Substations are critical for providing external power to nuclear power plants. This power is necessary for cooling reactor cores, managing spent fuel, and maintaining other essential safety systems. Damage to these external power lines can force reliance on backup power sources, which increases operational risks.
IAEA Director General Rafael Grossi has repeatedly stressed that nuclear safety risks in Ukraine remain significant. This sentiment is echoed by the recent confirmation of substation damage, highlighting persistent challenges.
International Call to Action
Minister Sybiha condemned these actions. He described them as a threat to the nuclear security of the European continent and a violation of international law. He has urged the international community to adopt a firm stance.
Sybiha advocates for an end to any cooperation with Russia in the nuclear energy sector and calls for imposing sanctions against Rosatom. The incident underscores the ongoing challenges to maintaining nuclear safety and security in conflict zones.
Article Link: https://cyberwarzone.com/2025/11/01/ukraine-alleges-rosatom-coordinated-strikes-on-nuclear-plant-substations/
1 post - 1 participant
Read full topic https://malware.news/t/ukraine-alleges-rosatom-coordinated-strikes-on-nuclear-plant-substations/100890https://malware.news/latest.rssProject: @
Private: @
Group: @
Powered by @
Читать полностью…
1564