AhnLab EDR Utilization in Detecting Akira Ransomware Attack Case – ASEC
Akira is a relatively new ransomware actor active since March 2023, known for infiltrating organizations, encrypting files, and stealing sensitive information for negotiation purposes. The ransomware attacks have significantly impacted numerous sectors, as demonstrated by statistics from 2024. Affected: organizations, information technology, cybersecurity

Keypoints :

Akira ransomware has been active since March 2023.…
Read More
GreenSpot APT Targets NetEase 163.com Users with Fake Download Pages and Spoofed Domains
The GreenSpot APT group, active since 2007 and believed to be based in Taiwan, targets entities in China, utilizing phishing campaigns aimed primarily at stealing login credentials from users of the 163.com email service. The group registers deceptive domains to impersonate legitimate services, hosting malicious login pages and download services to lure victims.…
Read More
Hackers exploiting bug in popular Trimble Cityworks tool used by local gov’ts
Summary: Federal civilian agencies are mandated to patch a critical vulnerability (CVE-2025-0994) affecting Trimble Cityworks, a widely-used infrastructure management tool. CISA warns that this vulnerability could allow hackers to execute remote code on affected systems, with a deadline for patches set for February 28. The bug has a high severity score of 8.4, impacting all versions prior to 15.8.9, and the company has issued guidance to enhance security measures for its customers.…
Read More
LLM Hijackers Quickly Incorporate DeepSeek API Keys
Summary: Recent incidents of LLMjacking have emerged, wherein cybercriminals illegally exploit stolen access to deep learning models like those from DeepSeek. This underhanded practice allows individuals to use expensive language models for various illicit purposes without incurring the costs. The rapid adoption of reverse proxy tools and growing communities around LLMjacking highlight that this trend is escalating rapidly, posing significant risks to victims and organizations alike.…
Read More
Dark Web Profile: Tortoiseshell APT
Tortoiseshell, an Iranian cyber-espionage group linked to the IRGC, has ramped up operations since its emergence in 2018, targeting defense, aerospace, and military organizations primarily in the US, Israel, and the Middle East. Utilizing social engineering, phishing, and a sophisticated malware toolkit, Tortoiseshell conducts espionage while evading detection and often employs fake personas to gain trust.…
Read More
Phones, email, classes disrupted in University of The Bahamas ransomware attack
Summary: The University of The Bahamas experienced a ransomware attack that incapacitated its internet and phone systems, affecting approximately 5,000 students across three campuses. The incident, which began on February 2, has led to the cancellation of online classes and adjustments in administrative processes while the university collaborates with law enforcement to manage the situation.…
Read More
Student group sues Education Department over reported DOGE access to financial aid databases
Summary: Students from the University of California have filed a lawsuit against the federal Education Department to prevent members of Elon Musk’s government technology team from accessing federal student financial aid databases containing sensitive information. The lawsuit claims that this access is a violation of the federal Privacy Act and highlights concerns over the lack of public transparency regarding how the data is being used.…
Read More
LLMjacking targets DeepSeek
LLMjacking attacks have rapidly evolved, targeting platforms like DeepSeek. Since its discovery in May 2024, these attacks exploit stolen credentials to bypass service charges of large language models (LLMs). This piece outlines the increasing trend of LLMjacking, its methods, and the business surrounding proxy servers which allow cybercriminals to abuse LLMs while exposing significant vulnerabilities in cloud service accounts.…
Read More
Chinese-Speaking Group Manipulates SEO with BadIIS
This article discusses an SEO manipulation campaign that targets Asia, primarily through the exploitation of Internet Information Services (IIS) using a malware called BadIIS. The campaign is financially motivated, redirecting users to illegal gambling sites and potentially exposing multiple sectors to threats. Recommendations for enterprises to secure their environments against such attacks are also provided.…
Read More
ThreatMate Raises .2 Million for Attack Surface Management Platform
Summary: Cybersecurity startup ThreatMate has raised .2 million in seed funding led by Top Down Ventures to enhance its AI-powered attack surface management platform. The platform is designed for managed service providers to offer enterprise-grade cyber protections to small and medium-sized businesses. Funds will be allocated towards product development and expanding market operations.…
Read More
Databarracks Launches Air Gap Recover
Summary: Databarracks has launched Air Gap Recover, a new service designed to enhance protection against cyber threats, particularly for cloud-native environments. This service provides isolated data protection and automated failover capabilities to ensure rapid recovery from cyber attacks, such as ransomware. It addresses the limitations of traditional data protection solutions by offering robust security for large volumes of data stored in modern cloud systems.…
Read More
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
Summary: Trimble is alerting users about a critical deserialization vulnerability (CVE-2025-0994) in Cityworks software, which allows hackers to remotely execute commands on IIS servers. The flaw has led to reports of unauthorized access to customer networks and exploitation is currently taking place. Customers are urged to update to the latest versions and secure their deployments promptly to mitigate risks.…
Read More
FinStealer
This article discusses a sophisticated malware campaign targeting a leading Indian bank through fake mobile applications, advancing financial fraud via credential theft and social engineering. Key tactics include phishing links, dynamic payloads, and encrypted communications with C2 servers. The malware’s primary objective is to steal credentials and sensitive data for financial gain.…
Read More
Google’s DMARC Push Pays Off, but Email Security Challenges Remain
Summary: The adoption of the DMARC email authentication standard has significantly increased in the past year, doubling the number of domains utilizing it, which improves email security against spoofing and phishing. Despite this progress, 87% of domains still lack a DMARC record, indicating that many organizations, particularly in sectors like healthcare, need to enhance their cybersecurity measures.…
Read More