Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach
Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.
Security
Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware
Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This […]
IBM Report: Shadow AI and Poor Governance Linked to Costlier Breaches in 2025
Only 34% of organizations with AI governance audit for misuse, IBM’s 2025 breach report warns. Lack of oversight is raising risks and costs.
OnlyFans, Discord ClickFix-Themed Pages Spread Epsilon Red Ransomware
Beware of Epsilon Red ransomware as attackers impersonate Discord, Twitch and OnlyFans using fake verification pages with .HTA files and ActiveX to spread malware.
Attackers actively exploit critical zero-day in Alone WordPress Theme
Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the Alone WordPress theme to hijack sites. Threat actors are actively exploiting a critical flaw, tracked as CVE-2025-5394 (CVSS score of 9.8), in the “Alone – Charity Multipurpose Non-profit WordPress Theme” to compromise websites. On May 30th, 2025, security researcher Thái An […]
The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers.
Vibe Coding Platform’s Vulnerability Could Have Affected Every App Built On It
Base44’s parent company Wix quickly patched the critical vulnerability. Researchers noted that vibe coding on a platform like Base44 can enlarge an app’s attack surface.
Child Screentime Linked to Mental Health Decline
Lack of defensive measures in the young brain means use of social media and similar addictive software causes harm to children. It seems obvious, and research is now beginning to explain it better. …screen use was linked to worse mental health an…
Researchers Link New SS7 Encoding Attack to Surveillance Vendor Activity
Researchers identify a new SS7 encoding attack used by a surveillance vendor to bypass security and access mobile subscriber data without detection.
Ransomware Payment Bans: Prevention Strategy or Misguided Policy?
It’s no secret that ransomware is on the rise, as this escalation is echoed across numerous industry reports. The Verizon 2025 Data Breach Investigations Report (DBIR), for instance, starkly illustrates this reality, revealing that ransomware (with or without encryption) was present in 44% of all breaches reviewed. This marks a substantial 37% increase from their […]
The post Ransomware Payment Bans: Prevention Strategy or Misguided Policy? appeared first on IT Security Guru.