Risk
-
Qilin ransomware deployed in supply-chain attack hits South Korean financial firms
Security researchers say a supply‑chain compromise of a managed service provider enabled Qilin ransomware to hit multiple South Korean financial firms in September 2025, stealing more than 1 million files and about 2 TB of data in a campaign researchers call “Korean Leaks.”
-
Researchers find thousands of credentials in JSONFormatter and CodeBeautify archives
Researchers at watchTowr Labs said they recovered over 80,000 files saved to JSONFormatter and CodeBeautify that contained thousands of credentials and sensitive records spanning government, finance, telecoms and other sectors; both sites have temporarily disabled the save feature.
-
FBI says cybercriminals stole $262 million in account-takeover schemes since January
The FBI said cybercriminals impersonating banks have stolen more than $262 million in account-takeover attacks since January, with the IC3 receiving over 5,100 complaints; attackers use phishing, social engineering and fraudulent websites to capture credentials and move funds to cryptocurrency wallets.
-
Malicious Blender .blend files used to deliver StealC V2, researchers say
Researchers at Morphisec say a campaign has used malicious Blender .blend files uploaded to free 3D asset sites to execute embedded Python scripts and deliver the StealC V2 information stealer and a secondary Python stealer; the attack runs when Blender’s Auto Run option is enabled.
-
CISA warns of active spyware campaigns targeting messaging app users
CISA warned that threat actors are actively using commercial spyware and remote access trojans to compromise users of mobile messaging apps, citing multiple campaigns that used techniques such as zero‑click exploits, device‑linking QR codes and spoofed apps, and urged high‑value individuals to follow specific security guidance.
-
Major US banks review exposure after SitusAMC data breach
SitusAMC, a mortgage services vendor, said attackers accessed its systems in a breach discovered Nov. 12 and confirmed Nov. 22; major banks including JPMorgan, Citi and Morgan Stanley are reviewing potential customer data exposure while the FBI and the company continue an investigation.
-
Harvard discloses Alumni Affairs data breach after voice phishing attack
Harvard said systems used by its Alumni Affairs and Development office were accessed in a phone-based phishing attack discovered on Nov. 18, 2025, exposing contact and fundraising-related information for alumni, donors, students and staff; the university said no Social Security numbers, passwords, payment card or other financial data were in the compromised systems.
-
China-linked APT31 used local cloud services and public tools to target Russian IT sector, Positive Technologies reports
Researchers at Positive Technologies say China-linked APT31 targeted Russian IT firms between 2024 and 2025, using Yandex Cloud and a mix of public and custom tools to maintain long-term access and exfiltrate data.
-
Grafana patches CVSS 10.0 SCIM flaw that could allow impersonation
Grafana released updates to fix CVE-2025-41115, a CVSS 10.0 vulnerability in its SCIM provisioning component that could allow privilege escalation or user impersonation when specific configuration options are enabled; affected Enterprise versions and fixed releases were listed and users are urged to apply patches.
-
Google: APT24 Used New ‘BADAUDIO’ Malware in Years-Long Espionage Campaign
Google Threat Intelligence Group says a China-nexus actor tracked as APT24 used a previously undocumented downloader called BADAUDIO in a campaign from November 2022 into 2025, employing watering holes, supply-chain compromises and spear-phishing to deliver backdoors and second-stage payloads.
