Cybersecurity News

The U.S. Department of Justice (DOJ) and FBI have disrupted a major North Korean scheme in which IT workers, posing as remote employees, infiltrated over 100 U.S. companies—including Fortune 500 firms and a defense contractor—to steal money, sensitive data, and cryptocurrency, and funnel millions of dollars back to North Korea’s regime.

A recent investigation has revealed that three major hacks of the U.S. Treasury Department in the past five years were directly linked to failures in deploying basic cybersecurity measures that could have either prevented the attacks or detected them much sooner. These incidents have exposed persistent vulnerabilities within the agency responsible for safeguarding the integrity of the U.S. financial system, raising significant concerns among both regulators and the banking sector.

The FIDO Alliance’s 2024 Online Authentication Barometer found that more than half of consumers (53%) reported an increase in suspicious messages and online scams in 2024. This rise was most commonly observed in SMS messages (53%) and email (49%), with notable increases also seen in phone/voice messages, social media, instant messaging apps, fake adverts, and fake articles.

Switzerland has officially confirmed that sensitive information from several federal offices has been impacted by a ransomware attack targeting the third-party organization Radix, a Zurich-based non-profit health foundation. The attack, which occurred on June 16, 2025, resulted in both the theft and encryption of data. Hackers subsequently leaked the stolen data on the dark web, with reports indicating that the Sarcoma ransomware group claimed responsibility and published approximately 1.3 TB of data in several compressed archives.

Microsoft has announced a new feature for its Defender for Office 365 cloud-based email security suite: automatic detection and blocking of email bombing attacks. This enhancement, called Mail Bombing Detection, is designed to protect organizations from coordinated efforts to flood mailboxes with large volumes of emails, which can overwhelm systems and obscure important messages, potentially masking genuine threats or hindering business operations.

Researchers from Zscaler ThreatLabz recently uncovered a sophisticated cyber campaign that exploits public interest in popular AI tools such as ChatGPT and Luma AI. Threat actors have created AI-themed websites that use Black Hat SEO techniques to manipulate search engine rankings, making these malicious sites appear prominently in results for trending AI-related queries.

The threat actor group Blind Eagle (also known as AguilaCiega, APT-C-36, or APT-Q-98) has been linked to the Russian bulletproof hosting service Proton66 in a campaign targeting Colombian financial institutions. Trustwave SpiderLabs assessed this connection with high confidence after tracing Proton66-linked infrastructure to active clusters deploying phishing tools and remote access trojans (RATs) against banks like Bancolombia, BBVA, Banco Caja Social, and Davivienda.

Europol, in collaboration with law enforcement agencies from Spain, France, Estonia, and the United States, has helped disrupt a major international cryptocurrency investment fraud ring responsible for laundering approximately $540 million (€460 million) from over 5,000 victims worldwide. The operation was led by Spanish authorities, with arrests made in Madrid and the Canary Islands, resulting in the apprehension of five individuals—three on the Canary Islands and two in Madrid.

The GIFTEDCROOK malware, operated by the cyber-espionage group UAC-0226, has undergone a significant transformation from a basic browser data stealer to a sophisticated intelligence-gathering tool. This evolution occurred through rapid version updates between April and June 2025, aligning with critical geopolitical events like Ukraine’s peace negotiations in Istanbul.