Latest Security News Collection
Hackers Fuel Cargo Theft with Sophisticated Cyber‑Enabled Campaigns
Section titled “Hackers Fuel Cargo Theft with Sophisticated Cyber‑Enabled Campaigns”#CyberSecurity #CargoTheft #SupplyChainSecurity #CyberCrime #Logistics #OrganisedCrime #RemoteAccess #Phishing #ThreatIntelligence #TransportSecurity
Cybercriminals are running highly sophisticated campaigns that blend hacking techniques with traditional organised crime to steal physical cargo, according to new research cited by The Record. The attackers specifically target trucking and logistics companies, using phishing and social engineering to gain access to corporate systems. Once inside, they deploy legitimate remote access and monitoring tools, allowing them to observe operations, steal credentials and impersonate trusted business partners. With this access, the criminals can fraudulently bid on shipments, reroute deliveries and ultimately hijack valuable cargo, which is then sold online or shipped overseas. Researchers note that the campaigns show deep knowledge of logistics workflows and supply‑chain processes, making them difficult to detect. The trend highlights how cybercrime increasingly enables real‑world financial theft, turning digital intrusions into large‑scale supply‑chain losses and posing a growing threat to the global transport industry.
→ Read more on therecord.media
ZionSiphon Malware Signals a New Threat to Water and Desalination Infrastructure
Section titled “ZionSiphon Malware Signals a New Threat to Water and Desalination Infrastructure”#CyberSecurity #Malware #ZionSiphon #CriticalInfrastructure #WaterSecurity #OTSecurity #ICS #ThreatIntelligence #CyberWarfare #InfrastructureProtection
Security researchers have identified a new malware strain dubbed ZionSiphon, designed to target water treatment and desalination systems. Analysis shared by The Hacker News shows that the malware is explicitly tailored for operational technology (OT) environments, with a strong focus on infrastructure located in Israel. ZionSiphon combines classic malware functions such as privilege escalation, persistence and USB propagation with capabilities to scan industrial control protocols including Modbus, DNP3 and S7comm. Researchers found that the malware attempts to tamper with configuration files linked to chlorine dosing and pressure controls, indicating disruptive or sabotage‑oriented intent rather than data theft. Although the current sample appears unfinished and contains logic flaws, experts warn that it reflects a worrying trend: politically motivated experimentation with OT‑focused malware. ZionSiphon highlights the growing cyber risk to critical water infrastructure worldwide, where digital attacks can translate into real‑world impact.
→ Read more on thehackernews.com
Operation PowerOFF Disrupts Global DDoS‑for‑Hire Networks in Major Law Enforcement Crackdown
Section titled “Operation PowerOFF Disrupts Global DDoS‑for‑Hire Networks in Major Law Enforcement Crackdown”#CyberSecurity #CyberCrime #DDoS #OperationPowerOFF #LawEnforcement #GlobalSecurity #ThreatIntelligence #CyberAttack #OnlineCrime #SecurityOperations
International law enforcement agencies have dealt a significant blow to cybercrime with Operation PowerOFF, a coordinated global action targeting DDoS‑for‑hire services. According to Security Affairs, authorities seized 53 domains, dismantled the infrastructure behind illegal “booter” services, and uncovered databases linked to over three million criminal user accounts. These platforms allowed users — often with little technical skill — to pay for distributed denial‑of‑service (DDoS) attacks against websites, networks and online services. The operation involved agencies from 21 countries, led to multiple arrests, and resulted in tens of thousands of warning messages sent to identified users. By taking down both operators and customer infrastructure, investigators aim to disrupt a cybercrime model that has made large‑scale attacks cheap and accessible. The takedown highlights growing international cooperation against commercially driven cybercrime and sends a clear warning that using DDoS‑for‑hire services carries serious legal consequences.
→ Read more on securityaffairs.com
NIST Scales Back Vulnerability Analysis as CVE Backlog Reaches Record Levels
Section titled “NIST Scales Back Vulnerability Analysis as CVE Backlog Reaches Record Levels”#CyberSecurity #VulnerabilityManagement #NIST #CVE #NVD #RiskBasedApproach #PatchManagement #ThreatAnalysis #CyberRisk #InfoSec
The US National Institute of Standards and Technology (NIST) has introduced new criteria for analysing software vulnerabilities in response to a rapidly growing backlog in the National Vulnerability Database (NVD). According to Cybersecurity Dive, NIST will now prioritise in‑depth analysis only for high‑risk CVEs, such as those listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, vulnerabilities affecting federal government systems, or software classified as critical. All other CVEs will still be published in the NVD but without detailed enrichment, including severity scoring. The decision follows an explosion in vulnerability disclosures, driven in part by automated and AI‑assisted discovery tools, which have made it increasingly difficult for NIST to keep pace. The agency says the change will help stabilise the NVD and ensure limited resources are focused on flaws with the greatest potential for widespread impact.
→ Read more on cybersecuritydive.com
Ransomware Attack Disrupts Automotive Data Provider Autovista’s Global Services
Section titled “Ransomware Attack Disrupts Automotive Data Provider Autovista’s Global Services”#CyberSecurity #Ransomware #Autovista #AutomotiveIndustry #DataAnalytics #CyberAttack #IncidentResponse #BusinessDisruption #ThreatLandscape #InfoSec
Automotive data and analytics company Autovista has confirmed it is dealing with a ransomware attack that has disrupted key services across Europe and Australia, according to The Register. The London‑based firm, which provides vehicle valuation, residual value analysis and total cost of ownership tools to car manufacturers, dealers and insurers, said several of its core applications were affected. Autovista has brought in external cybersecurity specialists to help contain the incident and investigate how attackers gained access, but has not yet identified the intrusion method or provided a full recovery timeline. As a precaution, some customers were reportedly advised to block emails from Autovista‑associated domains while internal email access for staff was temporarily restricted. No known ransomware group has claimed responsibility so far. The incident highlights how data‑driven platforms in the automotive sector are increasingly becoming high‑value targets for cybercriminals.
→ Read more on theregister.com
CISA Flags Actively Exploited SQL Injection Flaw in FortiClient EMS
Section titled “CISA Flags Actively Exploited SQL Injection Flaw in FortiClient EMS”#CyberSecurity #CISA #Fortinet #SQLInjection #CVE202621643 #Vulnerability #PatchNow #ThreatIntelligence #EndpointSecurity #InfoSec
US cybersecurity agency CISA has issued an urgent warning about a critical SQL injection vulnerability in Fortinet FortiClient Enterprise Management Server (EMS) that is being actively exploited in real‑world attacks. The flaw, tracked as CVE‑2026‑21643, allows unauthenticated attackers to send specially crafted HTTP requests containing malicious SQL commands. Successful exploitation could lead to data theft, system manipulation, or full server compromise, including arbitrary code execution. Due to confirmed exploitation, CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalogue and gave US federal agencies a tight deadline to apply patches. Fortinet has released fixed versions, while older or unpatched systems remain at high risk. Security experts urge organisations using FortiClient EMS to update immediately and review logs for indicators of compromise, underscoring how endpoint management platforms have become high‑value targets for attackers.
→ Read more on security-insider.de
ShinyHunters Escalates “Pay or Leak” Threats Against Zara, Carnival and 7‑Eleven
Section titled “ShinyHunters Escalates “Pay or Leak” Threats Against Zara, Carnival and 7‑Eleven”#CyberSecurity #Ransomware #ShinyHunters #DataBreach #PayOrLeak #CyberCrime #ThreatIntelligence #SupplyChainRisk #DataExtortion #InfoSec
The cybercriminal group ShinyHunters has issued a new “pay or leak” warning, naming global brands Zara, Carnival and 7‑Eleven as its latest targets. According to Cybernews, the group is threatening to publish large volumes of allegedly stolen data unless ransom demands are met before an April 21 deadline. More than nine million records could be at risk, potentially exposing personal and corporate information. The campaign reflects ShinyHunters’ shift away from classic ransomware encryption towards data extortion, where reputational damage and regulatory fallout are used as leverage. Researchers note that some of the claims appear linked to wider breaches in cloud and SaaS ecosystems, suggesting supply‑chain and identity‑based attack paths rather than direct network intrusions. The incident underscores the growing impact of ransomware groups that combine persistence, public pressure and large‑scale data theft to coerce major organisations across multiple industries.
→ Read more on cybernews.com
Germany Approves Controversial UN Cybercrime Convention Despite Global Surveillance Concerns
Section titled “Germany Approves Controversial UN Cybercrime Convention Despite Global Surveillance Concerns”#CyberSecurity #UNConvention #Cybercrime #Surveillance #DataProtection #HumanRights #DigitalPolicy #Privacy #InternationalLaw #InfoSec
The German government has approved the signing of the United Nations Convention against Cybercrime, a global treaty intended to strengthen international cooperation in combating cybercrime. According to heise online, Berlin supports measures such as faster cross‑border access to electronic evidence (e‑evidence) to help law enforcement investigate serious digital crimes. However, the decision has sparked strong criticism from civil rights groups and privacy advocates, who warn the agreement grants states extensive leeway that could enable worldwide surveillance and human rights abuses. Critics fear that authoritarian regimes could exploit the convention’s provisions to target journalists, activists and political opponents. The federal justice ministry defends the move, arguing that human rights safeguards and refusal mechanisms are built into the framework and that Germany, together with the EU, pushed hard for these protections. The debate highlights the growing tension between global cybersecurity cooperation and the protection of fundamental rights.
→ Read more on heise.de
Hackers Hide Ransomware Operations Inside QEMU Virtual Machines to Evade Detection
Section titled “Hackers Hide Ransomware Operations Inside QEMU Virtual Machines to Evade Detection”#CyberSecurity #Ransomware #QEMU #Virtualisation #ThreatActors #EndpointSecurity #DefenseEvasion #CyberCrime #Malware #InfoSec
Cybercriminals are increasingly abusing the open‑source virtualisation tool QEMU to conceal ransomware attacks and bypass modern endpoint security, according to an analysis reported by IT‑Daily. Instead of deploying malware directly on a compromised system, attackers run their entire operation inside a hidden virtual machine, making malicious activity nearly invisible to host‑based security tools. The technique has been observed in targeted, financially motivated campaigns linked to the PayoutsKing ransomware and the threat group known as GOLD ENCOUNTER. By disguising QEMU disk images as benign files and using scheduled tasks for persistence, attackers can steal credentials, conduct reconnaissance and prepare ransomware deployment without raising alarms. Recent campaigns also combine this stealthy approach with social engineering, such as impersonating IT support via collaboration tools. Security experts warn that the misuse of legitimate virtualisation software represents a growing blind spot and forces organisations to rethink detection strategies.
→ Read more on it-daily.net
DraftKings Credential‑Stuffing Hacker Sentenced to Prison After Selling Stolen Accounts
Section titled “DraftKings Credential‑Stuffing Hacker Sentenced to Prison After Selling Stolen Accounts”#CyberCrime #CyberSecurity #DraftKings #CredentialStuffing #DataBreach #OnlineFraud #LawEnforcement #Hacking #AccountSecurity #InfoSec
A US court has sentenced Kamerin Stokes, a 23‑year‑old from Tennessee, to prison for his role in a credential‑stuffing attack against the online betting platform DraftKings, according to SecurityWeek. Stokes received 30 months in prison, followed by supervised release, and was ordered to pay $125,000 in forfeiture and $1.3 million in restitution. The 2022 attack saw criminals use stolen usernames and passwords from other breaches to access around 60,000 DraftKings accounts, with the aim of withdrawing funds. Operating under the alias TheMFNPlug, Stokes bought compromised accounts in bulk and sold access through an online marketplace he controlled. Prosecutors revealed that he even resumed selling stolen credentials after pleading guilty, openly promoting his activity. The case highlights the real‑world consequences of large‑scale account abuse and the growing impact of credential‑stuffing attacks.
→ Read more on securityweek.com
+49 89 360 5310 | security-awareness@metafinanz.de
The editors are not responsible for the content of each article.