Latest Security News Collection
Radiology Associates of Richmond Breach Exposes Data of Over 1.4 Million Patients
Section titled “Radiology Associates of Richmond Breach Exposes Data of Over 1.4 Million Patients”#DataBreach #CyberSecurity #HealthcareSecurity #PatientPrivacy #RARBreach #InfoSec #CreditMonitoring #MedicalDataLeak #CyberAttack #RichmondRadiology
Radiology Associates of Richmond (RAR), a century-old radiology provider in Virginia, has confirmed a major data breach affecting over 1.4 million individuals. The breach, which occurred between 2–6 April 2024, was discovered after a forensic investigation concluded on 2 May 2025. Threat actors accessed systems containing sensitive personal and health information. While there is no evidence of misuse, RAR has begun notifying affected individuals and is offering complimentary credit monitoring to those whose Social Security numbers were compromised. The organisation acted swiftly to contain the threat and engaged cybersecurity experts to secure its systems. Patients are advised to remain vigilant and monitor their financial and medical records for suspicious activity. No ransomware group has claimed responsibility for the breach to date.
→ Read more on securityaffairs.com
3,500 Websites Compromised in Stealthy Global Cryptojacking Campaign
Section titled “3,500 Websites Compromised in Stealthy Global Cryptojacking Campaign”#CyberSecurity #Cryptojacking #JavaScriptMalware #WebSecurity #StealthMining #Magecart #ClientSideAttack #DigitalThreats #WebsiteHijack #InfoSec
A sophisticated cryptojacking campaign has silently hijacked over 3,500 websites worldwide, embedding stealthy JavaScript miners to exploit visitors’ devices for cryptocurrency mining. The attack uses obfuscated scripts and WebSockets to dynamically adjust mining intensity based on device performance, ensuring minimal detection. Unlike earlier brute-force methods, this new wave prioritises persistence and stealth, turning unsuspecting users into long-term crypto resource providers. The same infrastructure has also been linked to Magecart credit card skimming, suggesting a broader criminal strategy. Researchers warn that attackers are increasingly blending cryptojacking with other client-side threats, including fake payment forms and malicious redirects. The campaign highlights the evolving nature of web-based threats and the urgent need for robust client-side security measures.
→ Read more on thehackernews.com
PoisonSeed Bypasses FIDO2 MFA in Sophisticated Phishing Campaign
Section titled “PoisonSeed Bypasses FIDO2 MFA in Sophisticated Phishing Campaign”#FIDO2 #PoisonSeed #PhishingAttack #CyberSecurity #MFABypass #AdversaryInTheMiddle #IdentityProtection #SessionHijacking #InfoSec #AuthenticationSecurity
Cybercrime group PoisonSeed, previously linked to major cryptocurrency thefts, has developed a novel phishing technique that successfully bypasses FIDO2 multifactor authentication (MFA) — one of the most secure forms of login protection. According to researchers at Expel, the attackers use an adversary-in-the-middle (AiTM) method to intercept authentication flows, tricking users into handing over session tokens even when using physical security keys. This marks a significant escalation in phishing sophistication, as FIDO2 was designed to be phishing-resistant. The campaign highlights the growing threat posed by AiTM attacks and the need for continuous innovation in identity protection. Experts urge organisations to adopt layered defences and user education to mitigate such advanced threats.
→ Read more on databreachtoday.com
UK Exposes Russian GRU’s ‘Authentic Antics’ Malware Targeting Microsoft Services
Section titled “UK Exposes Russian GRU’s ‘Authentic Antics’ Malware Targeting Microsoft Services”#CyberEspionage #AuthenticAntics #FancyBear #GRU #MicrosoftSecurity #OutlookMalware #UKCyberDefence #APT28 #NCSC #CredentialTheft
The UK government has publicly attributed a newly discovered malware campaign—dubbed Authentic Antics—to Russia’s GRU-linked cyber unit APT28, also known as Fancy Bear. This malware, embedded within Microsoft Outlook, tricks users into entering credentials via fake login prompts and stealthily exfiltrates data, including OAuth tokens, without leaving traces in sent folders. The malware grants access to Microsoft services like Exchange Online, SharePoint, and OneDrive. The revelation follows coordinated sanctions by the UK against three GRU units for sustained cyberattacks. The UK’s National Cyber Security Centre (NCSC) warns that the campaign underscores the persistent and evolving threat posed by Russian state-backed actors, especially as they continue targeting Western logistics and aid infrastructure linked to Ukraine.
→ Read more on theregister.com
Microsoft Warns of Active SharePoint Zero-Day Exploit With No Patch Available
Section titled “Microsoft Warns of Active SharePoint Zero-Day Exploit With No Patch Available”#SharePoint #ZeroDay #MicrosoftSecurity #CyberThreat #PatchManagement #ThreatHunting #EnterpriseSecurity #InfoSec #VulnerabilityAlert #ExploitInTheWild
Microsoft has issued an urgent warning regarding a zero-day vulnerability actively exploited in the wild targeting SharePoint servers. The flaw, which currently has no available patch, allows attackers to execute arbitrary code and potentially gain full control of affected systems. Security experts urge organisations to begin immediate threat hunting and apply available mitigations, such as disabling specific features or isolating vulnerable servers. The attack is part of a broader trend of targeting enterprise collaboration platforms, and Microsoft is working closely with partners to investigate and respond. Until a formal fix is released, vigilance and proactive defence are essential to prevent compromise and data loss.
→ Read more on securityweek.com
AI-Generated LCryx Ransomware Emerges in Cryptomining Botnet
Section titled “AI-Generated LCryx Ransomware Emerges in Cryptomining Botnet”#LCryx #AIThreats #Ransomware #CyberSecurity #Cryptomining #LLMGeneratedMalware #FortiGuard #MalwareAnalysis #InfoSec #BotnetThreats
Security researchers from FortiGuard Labs have uncovered a new ransomware strain, LCryx, embedded within a long-running cryptomining botnet known as H2miner. Believed to be generated using artificial intelligence, LCryx—specifically its variant “Lcrypt0rx”—exhibits unusual and flawed coding behaviours, including redundant functions, malformed syntax, and ineffective antivirus evasion. The ransomware, written in VBScript, not only encrypts files but also disrupts system usability and bundles infostealers and hacking tools. Analysts suspect the use of large language models (LLMs) in its creation, citing illogical script actions such as attempting to open encrypted files in Notepad and invalid TOR addresses in ransom notes. While lacking the sophistication of major ransomware families, LCryx signals a concerning trend: cybercriminals leveraging AI to automate malware development, albeit with mixed results.
→ Read more on infosecurity-magazine.com
SquidLoader Malware Targets Financial Firms in Hong Kong with Stealthy Precision
Section titled “SquidLoader Malware Targets Financial Firms in Hong Kong with Stealthy Precision”#SquidLoader #CyberSecurity #FinancialSectorThreats #HongKongCyberAttack #MalwareCampaign #Trellix #AdvancedEvasion #AsiaPacificSecurity #EndpointProtection #ThreatIntelligence
Cybersecurity firm Trellix has uncovered a sophisticated malware campaign deploying SquidLoader, a malicious loader targeting financial institutions in Hong Kong, Singapore, and Australia. The malware is designed with advanced evasion techniques, including obfuscation and sandbox detection, allowing it to bypass traditional security measures. SquidLoader acts as a gateway for delivering additional payloads, enabling attackers to infiltrate systems undetected and maintain persistence. The campaign demonstrates a high level of operational stealth and technical refinement, raising concerns about the resilience of financial sector defences in the Asia-Pacific region. Trellix warns that the malware’s modular architecture and adaptability make it a potent threat, urging organisations to enhance endpoint protection and threat intelligence capabilities.
→ Read more on hackread.com
Japan Releases Free Decryptor for Phobos Ransomware Following Global Crackdown
Section titled “Japan Releases Free Decryptor for Phobos Ransomware Following Global Crackdown”#PhobosRansomware #DecryptorReleased #CyberSecurity #RansomwareTakedown #JapanCyberPolice #8Base #PHOBOSAETOR #DigitalForensics #CyberCrimeArrests #InfoSec
In a significant breakthrough for cybercrime victims, Japan’s National Police Agency has released a free decryptor for the notorious Phobos ransomware, following a coordinated international takedown operation. The tool enables victims to recover encrypted files without paying ransoms, marking a major win against ransomware operators. The operation, dubbed PHOBOS AETOR, led to the arrest of four European suspects in Phuket, Thailand, accused of stealing over $16 million from more than 1,000 victims globally. The suspects are linked to both Phobos and the 8Base ransomware group, whose leak site was also seized. Authorities from Switzerland, the US, Germany, and the UK collaborated in the effort. Experts note that while Phobos has evolved over time, its codebase remains vulnerable to decryption, offering hope to affected organisations worldwide.
→ Read more on therecord.media
Phishing Evolves: AI-Powered Attacks Challenge Traditional Cyber Defences
Section titled “Phishing Evolves: AI-Powered Attacks Challenge Traditional Cyber Defences”#Phishing #CyberSecurity #GenerativeAI #AIThreats #EmailSecurity #SocialEngineering #MFABypass #FlowerStorm #InfoSec #AdaptiveSecurity
Phishing remains one of the most persistent and effective cyberattack methods, with over 30.4 million incidents recorded in 2024 alone. Alarmingly, 70% of these attacks bypassed traditional security mechanisms. As organisations increasingly adopt AI to boost productivity, cybercriminals are also leveraging generative AI to craft highly convincing and scalable phishing campaigns. These attacks often mimic trusted brands and exploit emotional triggers like urgency or fear. Platforms such as “FlowerStorm” exemplify this shift, offering Phishing-as-a-Service with real-time credential harvesting and MFA token capture. The rise of AI-driven phishing highlights the urgent need for adaptive, risk-based security strategies that integrate AI not just for productivity, but for defence. Email security alone is no longer sufficient—organisations must rethink their entire cyber resilience approach.
→ Read more on it-daily.net
Cyberattacks Surge Across Europe and North America Amid Rising Geopolitical Tensions
Section titled “Cyberattacks Surge Across Europe and North America Amid Rising Geopolitical Tensions”#CyberSecurity #Ransomware #EuropeUnderAttack #NorthAmericaCyberThreat #GeopoliticalCyberRisk #EducationSectorSecurity #GovernmentCyberDefence #TelecomThreats #CheckPointResearch #InfoSec
Cyberattacks have surged dramatically across Europe and North America, with Europe experiencing a 22% year-on-year increase—the highest globally—driven by geopolitical instability, regulatory fragmentation, and the region’s concentration of high-value data. North America follows closely with a 20% rise and remains the primary target for ransomware, accounting for 53% of global incidents. Education, government, and telecommunications sectors are among the most targeted, with education institutions facing an average of 4,388 weekly attacks. The report by Check Point Research highlights that cybercriminals are exploiting underfunded defences and sensitive data to gain geopolitical leverage. As threats grow in volume and sophistication, experts urge organisations to adopt a prevention-first strategy, supported by layered security and continuous monitoring
→ Read more on cybernews.com
+49 89 360 5310 | security-awareness@metafinanz.de
The editors are not responsible for the content of each article.