Hackers Exploit Microsoft Flaw to Breach Canadian House of Commons to Gain Unauthorized Access

Por
Hackers Exploit Microsoft Flaw to Breach Canadian House of Commons to Gain Unauthorized Access

The Canadian House of Commons has fallen victim to a significant cyberattack orchestrated by an unidentified “threat actor” who successfully exploited a recent Microsoft vulnerability to access sensitive government employee data. The incident, which occurred on Friday, August 9, 2025, represents one of the most serious cybersecurity breaches to affect Canada’s parliamentary system in recent … Ler mais

Pro-Russian hackers blamed for water dam sabotage in Norway

Por
Picus Blue Report 2025

The Norwegian Police Security Service (PST) says that pro-Russian hackers took control of critical operation systems at a dam and opened outflow valves. The attack occurred in April and isthought to have been a demonstration of Russia’s ability to remotely hack critical infrastructure in the country. At the Arendalsuka annual national forum in the city … Ler mais

Malvertising Campaign Deploys Modular PowerShell Malware PS1Bot

Por
Malvertising Campaign Deploys Modular PowerShell Malware PS1Bot

An ongoing malware campaign active throughout 2025 is using malvertising to deliver a sophisticated PowerShell-based framework. According to Cisco Talos researchers, the malware is named “PS1Bot” due to its similarities with the AHK Bot malware family. It deploys multiple malicious modules capable of stealing sensitive information, logging keystrokes, capturing screens and maintaining persistence. The infection … Ler mais

Qilin Ransomware Dominates July with Over 70 Claimed Victims

Por
Chinese Hackers Exploit SharePoint Flaws to Deploy Backdoors, Ransomware, and Loaders

The Qilin ransomware group has solidified its position as the most active threat actor in July 2025, marking its third top ranking in four months following the downturn of former leader RansomHub. According to cybersecurity intelligence from Cyble, Qilin claimed responsibility for 73 victims on its data leak site (DLS), representing approximately 17% of the … Ler mais

Microsoft fixes Windows Server bug causing cluster, VM issues

Por
Picus Blue Report 2025

Microsoft has resolved a known issue that triggers Cluster service and VM restart issues after installing July’s Windows Server 2019 security updates. The company acknowledged the bug in a private advisory seen by BleepingComputer three weeks ago and asked businesses to reach out for support to mitigate the cluster issues. As Redmond explained at the … Ler mais

Booking.com phishing campaign uses sneaky 'ん' character to trick you

Por
Intuit phishing email on desktop

Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware. The attack makes use of theJapanesehiragana character,ん, which can, on some systems, appear as a forward slash and make a phishing URL appear realistic to a person at a casual glance. BleepingComputer has … Ler mais

When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers

Por
Blue Book ransomware threats

Ransomware and infostealer threats are evolving faster than most organizations can adapt. While security teams have invested heavily in ransomware resilience, particularly through backup and recovery systems, Picus Security’s Blue Report 2025 shows that today’s most damaging attacks aren’t always about encryption. Instead, both ransomware operators and infostealer campaigns often focus on credential theft, data … Ler mais

FBI Shares Tips to Spot Fake Lawyer Schemes

Por
FBI Shares Tips to Spot Fake Lawyer Schemes

The FBI has updated its alert about fake lawyers defrauding victims of cryptocurrency scams, adding due diligence measures to help victims. The FBI’s Internet Crime Complaint Center (IC3) has previously warned that fraudsters were posing as lawyers from fictitious law firms and using social media and messaging services to defraud victims of cryptocurrency scams. In … Ler mais

Canada’s House of Commons investigating data breach after cyberattack

Por
Picus Blue Report 2025

The House of Commons of Canada is currently investigating a data breach after a threat actor reportedly stole employee information in a cyberattack on Friday. While the lower house of the Parliament of Canada has yet to issue a public statement regarding this incident, CBC News reports that House of Commons staff were notified of … Ler mais

Hacked Law Enforcement and Government Email Accounts Sold on Dark Web

Por
Hacked Law Enforcement and Government Email Accounts Sold on Dark Web

Cybercriminals are selling access to active law enforcement and government email accounts for as little as $40 on the dark web, according to an investigation by Abnormal AI. These compromised accounts belong to officials from the US, UK, India, Brazil and Germany, with agencies such as the FBI among those affected. The ability to impersonate … Ler mais