Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
ViLE gang members sentenced for extortion, police portal breach
Description: Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme. [...]
Source: BleepingComputer
June 5th, 2025 (2 days ago)
Interlock ransomware claims Kettering Health breach, leaks stolen data
Description: The Interlock ransomware gang has claimed a recent cyberattack on the Kettering Health healthcare network and leaked data allegedly stolen from breached systems. [...]
Source: BleepingComputer
June 5th, 2025 (2 days ago)
FBI: Play Ransomware Breached 900 Organizations Worldwide
Description: The Play ransomware group, one of the most prolific cybercrime syndicates of the past two years, has compromised approximately 900 organizations across multiple continents, according to a joint advisory released this week by the FBI, CISA, and Australia's ASD. The advisory outlines updated tactics, techniques, and indicators of compromise observed as recently as January 2025. ā€¦ The post FBI: Play Ransomware Breached 900 Organizations Worldwide appeared first on CyberInsider.
Source: CyberInsider
June 5th, 2025 (2 days ago)
šŸ“ā€ā˜ ļø Flocker has just published a new victim : Lts.com.vn
Description: For The Council Of LTS Group We have breached your main system Lts.com.vn LTS LAW, a key component of LTS [ā€¦]
Source: Ransomware.live
June 5th, 2025 (2 days ago)
FBI: Play ransomware breached 900 victims, including critical orgs
Description: In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023. [...]
Source: BleepingComputer
June 4th, 2025 (2 days ago)
Hacker arrested for breaching 5,000 hosting accounts to mine crypto
Description: The Ukrainian police arrested a 35-year-old hacker who breached 5,000 accounts at an international hosting company and used them to mine cryptocurrency, resulting in $4.5Ā million in damages. [...]
Source: BleepingComputer
June 4th, 2025 (2 days ago)
Ransomware Attack at Lee Enterprises Impacted Nearly 40,000 Individuals
Description: Nearly four months after a ransomware attack paralyzed Lee Enterprisesā€™ nationwide newspaper operations, the company has confirmed the breach also compromised sensitive personal data of 39,779 individuals. According to a filing with the Maine Attorney Generalā€™s Office, the attackers gained unauthorized access to Lee's systems as early as February 1, 2025, exfiltrating personal data during ā€¦ The post Ransomware Attack at Lee Enterprises Impacted Nearly 40,000 Individuals appeared first on CyberInsider.
Source: CyberInsider
June 4th, 2025 (2 days ago)
Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App
Description: Google has disclosed details of a financially motivated threat cluster that it said "specialises" in voice phishing (aka vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracking the activity under the moniker UNC6040, which it said exhibits characteristics that align with
Source: TheHackerNews
June 4th, 2025 (2 days ago)
Alleged breach of Hacendado via 0-day in third-party vendor ā€“ 27M User Records Exposed
Description: Alleged breach of Hacendado via 0-day in third-party vendor ā€“ 27M User Records Exposed
Source: DarkWebInformer
June 4th, 2025 (3 days ago)
Introduction Google Threat Intelligence Group (GTIG) is tracking UNC6040, a financially motivated threat cluster that specializes in voice phishing...
Description: Introduction Google Threat Intelligence Group (GTIG) is tracking UNC6040, a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns specifically designed to compromise organizationā€™s Salesforce instances for large-scale data theft and subsequent extortion. Over the past several months, UNC6040 has demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements. This approach has proven particularly effective in tricking employees, often within English-speaking branches of multinational corporations, into actions that grant the attackers access or lead to the sharing of sensitive credentials, ultimately facilitating the theft of organizationā€™s Salesforce data. In all observed cases, attackers relied on manipulating end users, not exploiting any vulnerability inherent to Salesforce. A prevalent tactic in UNC6040's operations involves deceiving victims into authorizing a malicious connected app to their organization's Salesforce portal. This application is often a modified version of Salesforceā€™s Data Loader, not authorized by Salesforce. During a vishing call, the actor guides the victim to visit Salesforce's connected app setup page to approve a version of the Data Loader app with a name or branding that differs from the legitimate version.Ā This step inadvertently grants UNC6040 significant capabilities to access, query, and exfiltrat...
Source: Google Threat Intelligence
June 4th, 2025 (3 days ago)