Jimmy Blake

ATT&CK v18: Detection Strategies, More Adversary Insights, ATT&CK v18 is released with new Detection Strategies, Analytics, and revamped Data Components!

ATT&CK v18: The Detection Overhaul You’ve Been Waiting For

Everest Leaks AT&T Records, Demands $1M for Dublin Airport Passenger Data Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Everest Leaks AT&T Records, Demands $1M for Dublin Airport Passenger Data

Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD Qilin ransomware group used Linux binaries on Windows to evade EDRs, steal backups, and disable defenses via BYOVD attacks.

Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD to disable defences

Qilin ransomware abuses WSL to run Linux encryptors in Windows The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.

Qilin ransomware abuses WSL to run Linux encryptors in Windows

CySecurity News - Latest Information Security and Hacking Incidents: Global Ransomware Groups Hit Record High as Smaller Threat Actors Emerge Global ransomware groups hit record high as smaller threat actors emerge, driving a fragmented cybercrime surge worldwide.

Global Ransomware Groups Hit Record High as Smaller Threat Actors Emerge www.cysecurity.news/2025/10/glob...

MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS MITRE has unveiled the latest version of ATT&CK, with the most significant changes in the defensive part of the framework.

MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile and Industrial Control Systems <- every update to ATT&CK helps us all uplift our cyber resiliency efforts by being able to describe adversary behaviour. Big kudos to MITRE.

Muji's minimalist vibe wrecked amid supply chain attack : Japanese retailer halts online orders after attack cripples third-party vendor

Muji's minimalist vibe wrecked amid supply chain attack www.theregister.com/2025/10/21/m...

Ransomware Payouts Surge to $3.6m Amid Evolving Tactics According to ExtraHop’s latest threat landscape report, average ransomware payments surged 44% to $3.6m in 2025 despite fewer incidents

Ransomware Payouts Surge to $3.6m Amid Evolving Tactics www.infosecurity-magazine.com/news/ransomw...

SocGholish Malware Using Compromised Sites to Deliver Ransomware Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

SocGholish Malware Using Compromised Sites to Deliver Ransomware hackread.com/socgholish-m...

Russian Government Now Actively Managing Cybercrime Groups: Security Firm The relationship between the Russian government and cybercriminal groups has evolved from passive tolerance.

Russian Government Now Actively Managing Cybercrime Groups: Recorded Future www.securityweek.com/russian-gove...

CySecurity News - Latest Information Security and Hacking Incidents: Asahi Group Confirms Ransomware Attack Disrupting Operations and Leaking Data Group confirms ransomware attack disrupting operations and leaking data, delaying financial results amid ongoing investigation.

Asahi Group Confirms Ransomware Attack Disrupting Operations and Leaking Data www.cysecurity.news/2025/10/asah...

LockBit Returns — and It Already Has Victims - Check Point Blog Key Takeaways LockBit is back. After being disrupted in early 2024, the ransomware group has resurfaced and is already extorting new victims. New version,

LockBit Returns — and It Already Has Victims blog.checkpoint.com/research/loc...

MEA Hackers Target Gov'ts, Finance, and Small Retailers In the hotly political Middle East, you'd expect hacktivism and disruption of services. But retail attacks?

MEA Hackers Target Gov'ts, Finance, and Small Retailers www.darkreading.com/cybersecurit...

Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy The attack on Jaguar Land Rover costs the UK economy $2.5B, marking its most damaging cyber incident, says CMC.

Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy securityaffairs.com/183733/secur...

Japanese retailer Muji halted online sales after a ransomware attack on logistics partner Muji halted online sales after a ransomware attack on its logistics partner Askul, disrupting orders, app services, and website access.

Japanese retailer Muji halted online sales after a ransomware attack on logistics partner securityaffairs.com/183639/break...

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE Lazarus Group used PondRAT, ThemeForestRAT, and RemotePE in a 2024 DeFi attack, likely via Chrome zero-day.

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE <- take note if you're the CISO or Director of Security Operations at a cryptocurrency exchange!

Ransomware Activity Nearly Triples in 2024 <- there is no light at the end of the rainbow unless you build resilience to a Ransomware attack. 100% protection is a fairytale, the only solution is to be able to response quickly and recover securely.

CISA Adds Citrix and Git Flaws to KEV Catalogue Amid Active Exploitation Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities (KEV) Catalogue Amid Their Active Exploitation in the Wild hackread.com/cisa-citrix-...

Cybercrime Is Hiring: Recruiting AI, IoT, and Cloud Experts to Fuel Future Campaigns Cybercriminals are hiring AI, IoT, and cloud experts to scale cyberattacks, with dark-web forums doubling recruitment posts focused on social engineering skills.

According to ReliaQuest's report on the cybercriminal recruitment ecosystem, fluent English speakers with social engineering skills are highly sought after buff.ly/DfoCSDe

New Phishing Kit Bypasses MFA to Steal Microsoft 365 Credentials Attackers are using a newly discovered phishing-as-a-service (PhaaS) platform dubbed “Salty 2FA” to target a wide range of industries across...

New Phishing Kit Bypasses Multi Factor Authentication to Steal Microsoft 365 Credentials blog.knowbe4.com/new-phishing...

Attackers stick with effective intrusion points, valid credentials and exploits Infostealers fueled the staying power of identity-based attacks, increasing 84% on a weekly average last year, according to IBM X-Force.

Attackers stick with effective intrusion points, valid credentials and exploits <- this aligns with what is coming in most research and what we’re seeing, phishing attacks to get users to deploy malware are decreasing, those to capture cred and exploiting vulns increasing

CISA Warns of Exploited Broadcom, Commvault Vulnerabilities CISA urges immediate patching for recently disclosed Broadcom, Commvault, and Qualitia vulnerabilities exploited in the wild.

CISA Warns of Exploited Broadcom and Commvault Vulnerabilities being exploited in the wild

Villain: Open-source framework for managing and enhancing reverse shells - Help Net Security Villain is an open-source Stage 0/1 command-and-control (C2) framework designed to manage multiple reverse TCP and HoaxShell-based shells.

Villain: Open-source framework for managing and enhancing reverse shells

CySecurity News - Latest Information Security and Hacking Incidents: Symantec Links Betruger Backdoor Malware to RansomHub Ransomware Attacks Symantec uncovers Betruger backdoor malware used by RansomHub affiliates in ransomware attacks targeting critical infrastructure and healthcare.

Symantec Links Betruger Backdoor Malware to RansomHub Ransomware Attacks

ELENOR-corp Ransomware Targets Healthcare Sector ELENOR-corp ransomware, a new version of Mimic, is targeting healthcare organizations using advanced capabilities

ELENOR-corp Ransomware Targets Healthcare Sector

Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks While the Verizon annual report showed that ransomware is rising, it also found that ransom payments are in decline

Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks

CySecurity News - Latest Information Security and Hacking Incidents: Interlock Ransomware Gang Deploys ClickFix Attacks to Breach Corporate Networks The Interlock ransomware gang uses ClickFix social engineering attacks to breach systems, steal data, and deploy malware using fake IT tools.

Interlock Ransomware Gang Deploys ClickFix Attacks to Breach Corporate Networks www.cysecurity.news/2025/04/inte...

Interlock Ransomware Say It Stole 20TB of DaVita Healthcare Data Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Interlock Ransomware Say It Stole 20TB of DaVita Healthcare Data hackread.com/interlock-ra...

SAP zero-day vulnerability under widespread active exploitation Researchers attribute the attacks to an initial access broker who is exploiting the 10.0 critical vulnerability.

CVE-2025-31324: A SAP zero-day with a perfect 10 under widespread active exploitation cyberscoop.com/sap-netweave...

The Top Ransomware Groups Targeting the Healthcare Sector In this post, we identify and analyze the top ransomware groups that have been actively targeting the healthcare sector.

The Top Ransomware Groups Targeting the Healthcare Sector flashpoint.io/blog/ransomw...