US Charges Alleged Administrator of LockerGoga, MegaCortex, and Nefilim Ransomware

News

US Charges Alleged Administrator of LockerGoga, MegaCortex, and Nefilim Ransomware Summary of the DOJ Action The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his alleged role as the administrator of three major ransomware operations: LockerGoga, MegaCortex, and Nefilim. This charging announcement aligns with an ongoing law-enforcement campaign to identify, charge,…

How CISOs Win Budget Approval: Framing Security as Business Risk Management

News

How CISOs Win Budget Approval: Framing Security as Business Risk Management Why the budget fight matters now It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. For many organizations the security function remains a cost center competing with product development, sales initiatives, and operational efficiency projects. Yet the consequences of underfunding security…

Salesloft GitHub Account Compromise Triggered Drift Supply‑Chain Breach, Mandiant Says

News

Salesloft GitHub Account Compromise Triggered Drift Supply‑Chain Breach, Mandiant Says Summary of the incident Salesloft has disclosed that the chain of events behind a data breach tied to its Drift application began with the compromise of a Salesloft GitHub account. Google-owned Mandiant, which investigated the incident, reported that the threat actor tracked as UNC6395 accessed…

Drift Breach and a Week of Active Zero‑Days: What Security Teams Must Do Now

News

Drift Breach and a Week of Active Zero‑Days: What Security Teams Must Do Now Overview — this week’s headlines Cybersecurity coverage this week was dominated by two interlocking themes: a high‑visibility breach involving the conversational marketing vendor Drift, and a wave of active zero‑day exploits prompting urgent patch warnings. Reporting and vendor advisories emphasized the…

SVG-based phishing campaign impersonates Colombian judiciary to deliver malware

News

SVG-based phishing campaign impersonates Colombian judiciary to deliver malware The campaign: what VirusTotal uncovered Security researchers at VirusTotal have identified a phishing campaign that hides malicious content inside Scalable Vector Graphics (SVG) files. The SVGs are designed to render convincing portal pages that impersonate Colombia’s judicial system, and they act as delivery mechanisms for malware.…

Microsoft Enforces MFA for Azure Portal Sign‑Ins Across All Tenants

News

Microsoft Enforces MFA for Azure Portal Sign‑Ins Across All Tenants What Microsoft changed Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign‑ins across all tenants since March 2025. Microsoft has been enforcing multifactor authentication for Azure Portal sign‑ins across all tenants since March 2025. The change applies to interactive access to…

Critical SAP S/4HANA Code Injection Vulnerability Actively Exploited

News

Critical SAP S/4HANA Code Injection Vulnerability Actively Exploited Overview: what has been observed Security researchers are reporting active exploitation of a critical code injection vulnerability in SAP S/4HANA, used by attackers to compromise internet-exposed systems. The flaw allows an attacker to inject and execute code on vulnerable S/4HANA instances, giving them a pathway to escalate…

Cloudflare Says It Mitigated a Record 11.5 Tbps Volumetric DDoS Attack

News

Cloudflare Says It Mitigated a Record 11.5 Tbps Volumetric DDoS Attack What Cloudflare reported Cloudflare announced that its network automatically mitigated a volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). In the same post the company said its systems had “autonomously blocked hundreds of hyper-volumetric DDoS attacks” over recent weeks,…

Hackers Breach Fintech Environment, Attempted $130M Theft via Brazil’s Pix Network

News

Hackers Breach Fintech Environment, Attempted $130M Theft via Brazil’s Pix Network What happened On 2 September 2025, security reporting indicated that attackers gained unauthorized access to the environment of Evertec’s Brazilian subsidiary, Sinqia S.A., and attempted to steal $130 million by exploiting connectivity to Brazil’s central bank real‑time payment system, Pix. “Hackers tried to steal…

Lazarus Group Uses PondRAT, ThemeForestRAT and RemotePE in Social‑Engineering Strike on DeFi Organization

News

Lazarus Group Uses PondRAT, ThemeForestRAT and RemotePE in Social‑Engineering Strike on DeFi Organization Summary of the observed campaign Security researchers at NCC Group’s Fox‑IT observed a social‑engineering campaign in 2024 that has been attributed to the North Korea‑linked actor known as the Lazarus Group. The campaign distributed three distinct pieces of cross‑platform malware — named…