Ravie Lakshmanan reports: The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. “The group’s core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk,” Google’s…
Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
Martin Fornusek reports: Aeroflot, Russia’s largest airline, reported a massive malfunction in its information system on July 28, forcing the cancellation of dozens of flights to and from Moscow. “There has been a failure in the airline’s information systems. Service disruptions are possible,” the Russian flag carrier said on Telegram without clarifying the cause of the disruptions….
AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
In November 2022, the All India Institute of Medical Sciences (“AIIMS“) reportedly suffered a ransomware attack. They may have just escaped another incident thanks to the responsible disclosure of a vulnerability found by a researcher. Ashish Khaitan reports: A critical vulnerability in the AIIMS portal exposed highly sensitive data of voluntary organ and tissue donors…
Two Data Breaches in Three Years: McKenzie Health
SuspectFile reports: Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients. Although the incidents are technically distinct, they reveal a troubling pattern of systemic vulnerabilities and raise critical questions about the resilience of smaller…
Scattered Spider is running a VMware ESXi hacking spree
Bill Toulas reports: Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors. According to the Google Threat Intelligence Group (GITG), the attackers keep employing their usual tactics that do not include vulnerability exploits but rely on perfectly executed social engineering…
BreachForums — the one that went offline in April — reappears with a new founder/owner
After BreachForums went offline in April, several clones emerged to try to replace it, but none were truly successful. Yesterday, the “official” BreachForums (if it can be said that there is an “official” one) reappeared on its darkweb address. The forum looked the same and some of the moderators’ names were familiar, but it was…