news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Jobinfo
- Israel
- Handala
- Business Services
- Data Encrypted For Impact
- Middle East
- Asia
- Shelter Locations In Israel
- Retail
- Saudi Arabia
- Saudi Games
- Cyber Fattah Team
- Ben Horin & Alexandrovitz
- Zachary Levi And Sons - Construction
- Sivim It
- Kibbutz Almog
- Government
- Manufacturing
- Saban Brands Israel
- Digitalghost
- Mprest
- The Knesset
- Evil_Byte
- Gonjeshke Darande
- Nobitex
- Chemicals And Allied Products
- Kimia Farma
- exclusive
- South-Eastern Asia
- Indonesia
- Sentap
- Transportation
- Northern Europe
- Scania
- Europe
- Hensi
- Sweden
- Tbn Israel
- Media
- Weizmann Institute Of Science
- Education
- Resistancetrench
- Israeli Air Force
- Dienet
- Israel Antiquities Authority
- United States
- Mirai
- CVE-2025-24016
- North America
- Wazuh
- Cve-2025-24016
- Epsilor Electric Fuel
- Clayoxtymus1337
- Technology
- Southern Asia
- Advanced Weapons And Equipment India
- India
- More_Eggs
- Fin6
- Cryptocurrency
- Alex Lab
- Edf Energy
- United Kingdom
- Zoldyck
- Critical Infrastructures
- Sudo And Sudo Caching
- Telecommunications
- Credentials In Files
- Spearphishing Link
- Disable Or Modify Tools
- Match Legitimate Name Or Location
- Spectrum
- Unix Shell
- Ingress Tool Transfer
- Amos
- Israel Defense Forces
- Food And Kindred Products
- Coca-Cola Europacific Partners
- Ghna
- Italy
- Automotive
- Southern Europe
- Locauto
- Whitecoat
- Spain
- Mercadona
- Ups
- Wow Health Solutions
- Healthcare
- Cyprus Airways
- Rip_Real_World
- Netsupport Rat
- Tel Aviv University
- Illeak
- Desec0X
- Unc6032
- Numero
- Chaos
- Lucky_Gh0$T
- Yashma
- Cyberlock
- 303
- Deloitte
- Gucci
- Credentials From Web Browsers
- Password Managers
- Input Capture
- User Execution
- Credentials From Password Stores
- Obfuscated Files Or Information
- Phishing
- System Information Discovery
- Command And Scripting Interpreter
- Exfiltration Over C2 Channel
- Virtualization/Sandbox Evasion
- Screen Capture
- Windows Credential Manager
- Eddiestealer
- Drive-By Compromise
- File And Directory Discovery
- Data From Local System
- Australia And New Zealand
- Australia
- W_Tchdogs
- Superloop
- Resource Hijacking
- Network Service Discovery
- Exploitation For Client Execution
- Escape To Host
- Docker
- External Remote Services
- Smb/Windows Admin Shares
- Remote System Discovery
- Lateral Tool Transfer
- Deploy Container
- Web Protocols
- Change Default File Association
- Exploit Public-Facing Application
- Romania
- Venom Rat
- Bitdefender
- Financial Theft
- Eastern Europe
- Cameleon
- Cve-2023-20118
- Vicioustrap
- Cisco
- Macao Special Administrative Region
- CVE-2023-20118
- Eastern Asia
- Cve-2025-0944
- CVE-2025-0944
- Tetraloader
- Uat-6382
- Trimble
- Dynamic-Link Library Injection
- Silver Fox
- Regsvr32
- Reflective Code Loading
- Valleyrat
- Process Discovery
- Scheduled Task
- File Deletion
- Powershell
- Obfuscated Files Or Information: Encrypted Or Encoded Data
- China
- Malicious File
- Masquerade Task Or Service
- Rundll32
- Qakbot
- Trickbot
- Bumblebee
- Danabot
- Warmcookie
- Cetus
- Purehvnc
- Bytebreaker
- Viralgod
- Telcel
- Latin America And The Caribbean
- Mexico
- Peter Green Chilled
- Cellcom
-
Jun 24, 2025
Handala Claims Cyberattack on Israeli Recruitment Firm
On June 24, 2025, the pro-Palestinian hacktivist group Handala claimed responsibility for a cyberattack targeting Israel Job Info Ltd, a prominent Israeli recruitment and placement company. The group alleged it had exfiltrated 419 gigabytes of internal data, including resumes, employment contracts, internal communications, and client records, and published over 50,000 documents as proof of compromise. Additionally, They warned of additional leaks to come.
-
Jun 22, 2025
Ben Horin Alexandrovitz Media Firm Alleged Breached by Handala
On June 22, 2025, the pro-Palestinian hacktivist group Handala claimed responsibility for a large-scale breach of Israeli media and communications firm Ben Horin Alexandrovitz Ltd. The group alleges to have exfiltrated 11 TB of internal data, released over 50,000 documents as proof of compromise and disrupted operations by wiping servers and accessing affiliated platforms. The attack was described as targeting the firm’s alleged ties to Israeli intelligence and psychological operations.
-
Jun 22, 2025
Construction Firm Zacharia Levi Ltd Alleged Breached by Handala
On June 21, 2025, the pro-Palestinian hacktivist group Handala claimed responsibility for a breach targeting Israeli construction company Zacharia Levi Ltd. The group alleges to have exfiltrated the company’s entire database, including project files, contracts, financial documents, internal communications, and technical blueprints. Over 20GB of data was leaked as proof of compromise.
-
Jun 22, 2025
-
Jun 19, 2025
DigitalGhost Claims Breach of Israeli Iron Dome Contractor
A threat actor operating under the alias "DigitalGhost" has claimed responsibility for allegedly breaching mPrest, an Israeli technology contractor allegedly involved in developing software for the Iron Dome missile defense system. According to the attacker, they managed to access a database containing personal information of individuals connected to the company. No official confirmation has been provided regarding the authenticity or scope of the breach.
-
Jun 11, 2025
Exploitation of Wazuh Vulnerability by Mirai Botnet Variants
Researchers have reported that threat actors are exploiting a critical vulnerability (CVE-2025-24016) in Wazuh servers to deploy Mirai botnet variants for conducting distributed denial-of-service (DDoS) attacks. This vulnerability allows remote code execution and has been targeted shortly after its public disclosure in February 2025. The attacks involve two different botnets using malicious shell scripts to download Mirai payloads from external servers. The research indicates that the botnets are leveraging various exploits, including those targeting IoT devices, and have been found to particularly focus on devices in regions such as China, India, and several others. The ongoing exploitation of this vulnerability highlights the rapid response of botnet operators to newly published security flaws.
-
Jun 11, 2025
Hacktivist group Claims Breach of Indian Defense Contractor
In June 2025, a threat actor group named ClayOxtymus1337 claimed to have breached Advanced Weapons and Equipment India Limited (AWEIL) and to have gained access to its database. According to the threat actor, sensitive data belonging to AWEIL was taken, including critical weapon technical specifications, secret R&D projects, arms export contracts worth ₹581 crore, and a list of importing countries that could trigger diplomatic pressure.
-
Jun 01, 2025
Deloitte Reportedly Breached, Source Code and GitHub Credentials Leaked
A threat actor known as "303" claimed on the dark net forum "darkforums" to have breached "Deloitte," leaking GitHub credentials and internal source code from a "Deloitte" repository. A sample Git configuration file was posted, showing what appears to be access to a private GitHub project related to Deloitte’s U.S. consulting services. "Deloitte," headquartered in London, is one of the "Big Four" accounting and consulting firms, providing services in audit, tax, consulting, risk, and financial advisory across over 150 countries.
-
May 28, 2025
Cryptojacking Campaign Targets Misconfigured Docker APIs
A new malware campaign has emerged, targeting misconfigured Docker API instances to create a cryptocurrency mining botnet focused on mining Dero currency. The threat actor exploits insecurely published Docker APIs to gain access to running containerized infrastructures, propagating the malware through a worm-like mechanism to infect other exposed Docker instances. The attack utilizes two main components: a propagation malware named 'nginx' that scans for vulnerable Docker APIs, and a 'cloud' Dero cryptocurrency miner. This campaign has been linked to previous cryptojacking operations and poses a significant risk to any network with insecure Docker APIs.
-
May 28, 2025
New Malicious Campaign Exploits Fake Antivirus Website to Distribute Venom RAT
Cybersecurity researchers have uncovered a malicious campaign that utilizes a fraudulent website masquerading as Bitdefender's antivirus software to distribute a remote access trojan known as Venom RAT. The site, bitdefender-download[.]com, tricks users into downloading a zip file containing malware disguised as an installer. This campaign aims to compromise victims' credentials and crypto wallets, highlighting a trend of sophisticated, modular malware that leverages open-source components for more effective attacks.
-
May 26, 2025
Chinese Threat Actor UAT-6382 Exploits Vulnerability in Trimble Cityworks
A Chinese-speaking threat actor known as UAT-6382 has been linked to the exploitation of a recently patched remote-code-execution vulnerability (CVE-2025-0944) in Trimble Cityworks. This group successfully targeted enterprise networks of local governing bodies in the United States, deploying various web shells and custom malware, including Cobalt Strike and a Rust-based loader called Tetraloader, to maintain long-term access to compromised systems. The attacks began in January 2025, and the vulnerability was added to the U.S. Cybersecurity and Infrastructure Security Agency's known exploited vulnerabilities catalog in February 2025.