Cybercrime
-
Hackers breach Evertec’s Brazilian unit in $130 million Pix heist attempt
Hackers breached Evertec’s Brazilian subsidiary Sinqia to access the Pix real-time payments system, attempting a $130 million unauthorized transfer. Part of the funds was recovered, Pix access was revoked by the Central Bank of Brazil, and investigators are pursuing the case, with HSBC linked by local media reports.
-
Cloudflare says it blocked largest recorded DDoS attack at 11.5 Tbps
Cloudflare says it blocked the largest recorded volumetric DDoS attack, peaking at 11.5 Tbps and lasting about 35 seconds, with most traffic traced to Google Cloud as the company notes a broader rise in high-volume DDoS campaigns.
-
Jaguar Land Rover says cyberattack severely disrupted production; no evidence of customer data theft yet
Jaguar Land Rover said a weekend cyberattack severely disrupted production and retail operations, but there is no evidence yet that customer data was stolen. The company is restarting affected systems and did not specify a timeline for full recovery.
-
Palo Alto Networks says Salesforce data exposed in breach tied to Salesloft Drift supply-chain attack
Palo Alto Networks disclosed a data breach linked to a broader Salesloft Drift supply-chain attack that exposed customer data in its Salesforce CRM. The incident involved OAuth token abuse, mass exfiltration of Salesforce records, and credential harvesting, prompting token revocation, Drift disablement, and guidance for customers to review logs and rotate secrets.
-
Ukrainian Network FDN3 Linked to Massive Brute-Force Campaign Against SSL VPNs and RDP Devices
A Ukraine-based IP network, FDN3, is linked to a broad abusive infrastructure conducting large-scale brute-force and password-spraying campaigns against SSL VPN and RDP devices, with activity spanning June to July 2025 and connections to offshore bulletproof hosting groups.
-
Zscaler confirms Salesforce data exposure tied to Salesloft Drift compromise amid wider Salesforce breach activity
Zscaler confirms a data breach tied to the Salesloft Drift supply-chain attack, exposing customer Salesforce data due to compromised Drift credentials. The company revoked Drift integrations, rotated tokens, and reinforced customer authentication while investigations continue; Google Threat Intelligence links UNC6395 to the broader campaign affecting Salesforce environments.
-
ScarCruft Uses RokRAT in HanKook Phantom Campaign Targeting South Korea
Researchers have uncovered a targeted phishing campaign by North Korea-linked ScarCruft (APT37), dubbed Operation HanKook Phantom, delivering RokRAT to South Korean academics, former officials, and researchers via a manipulated LNK attack chain and PowerShell-based payloads, with exfiltration to multiple cloud services and a willingness to use decoy documents tied to high-profile statements.
-
Amazon says APT29 attempted watering-hole attack to harvest Microsoft credentials; AWS says no systems affected
Amazon said it disrupted an APT29 watering-hole campaign aimed at harvesting Microsoft credentials, stressing that no AWS systems were compromised. The operation used spoofed Cloudflare pages and randomized redirects to trick users, with Google Threat Intelligence and AWS detailing evasion techniques and previous similar activity.
-
WhatsApp patches high-severity vulnerability tied to Apple zero-day in targeted attacks on iOS and macOS
WhatsApp has patched a high-severity vulnerability in its iOS and macOS apps (CVE-2025-55177) that could allow an attacker to process content from an arbitrary URL on a target device, potentially in conjunction with a separate Apple zero-day. Affected versions include iOS and Mac apps; targeted individuals have been notified and advised to reset devices and…
-
TamperedChef information stealer emerges in malvertising campaign promoting AppSuite PDF Editor
Cybersecurity researchers have identified a malvertising campaign delivering a backdoored PDF editor, AppSuite PDF Editor, that drops a new information stealer dubbed TamperedChef. The operation leverages Windows Registry persistence, a C2-enabled backdoor, and widespread Google ad campaigns to maximize downloads.
