Threat Actor: USDoD Victim: FICO
Information:
USDoD is the threat actor responsible for the alleged leak of FICOβs database.
FICO is a prominent analytics software company operating in over 90 countries.
The leaked database contains 170,000 rows in CSV format.
Personal and professional details of individuals linked to FICO are included in the leak.β¦
Threat Actor: Unknown Victim: Mashvisor
Information:
The threat actor claims responsibility for selling a database sourced from Mashvisor.
The attack occurred in March 2024.
The compromised data includes sensitive CRM data.
The compromised data consists of 1,359 million records.
The price tag for the alleged database is $10000.β¦
Threat Actor: Unknown threat actor Victim: 16 companies (names not provided)
Information:
The threat actor is offering unauthorized access to 16 companies.
The compromised entities include small-scale enterprises and medium-scale corporations.
The sectors of the compromised companies include Hospitality, Food & Beverage, Finance, IT, Federal, Business Services, and Logistics Services.β¦
Threat Actor: Unknown Victim: Mexican Government
Information:
Unauthorized domain administrator access to a prominent entity within the Mexican government.
Access extends to more than 1000 employee accounts, including domain administrator and enterprise-level credentials.
The compromised system contains approximately 10 terabytes of data.
The threat actor is willing to sell this illicit access for $3500.β¦
Threat Actor: ShinyHunters Victim: AT&T
Information:
AT&T confirmed a data breach that affected 73 million customers.
The data breach occurred in March 2024.
The leaked data was obtained by ShinyHunters in 2021.
ShinyHunters is a well-known hacking group that has targeted major organizations.β¦
Threat Actor: Unknown Victim: Windows users
Information:
The threat actor is offering a Windows 1-day Local Privilege Escalation (LPE) exploit for sale.
The exploit is identified as CVE-2024-26169 and is categorized as a Windows Error Reporting Service Elevation of Privilege Vulnerability.
The vulnerability allows attackers to gain SYSTEM privileges.β¦
Threat Actor: Unknown Victim: Enel DistribuciΓ³n PerΓΊ
Information:
The threat actor claims responsibility for leaking a database from Enel DistribuciΓ³n PerΓΊ.
The attack allegedly occurred in March 2024.
The leaked data includes sensitive household information.
The compromised data consists of 399,974 records.β¦
Threat Actor: Unknown
Victim: St Jude Laboratories
Information:
Threat actor claims responsibility for leaking patient data from St Jude Laboratories
Compromised data includes full name, address, phone number (home/work), DOB, full SSN, and other confidential information
Size of the compromised data is approximately 60+ GB
Data consists of PDFs
A threat actor has claimed responsibility for leaking patient data purportedly sourced from St Jude Laboratories.β¦
Threat Actor: βUnknown threat actorβ Victim: N/A
Information:
The threat actor is offering the Malware Service of ACR Stealer for sale.
The ACR Stealer is developed in C++ and supports Windows 7-10 + servers.
It utilizes its own spacer servers and offers the option for personal installation.β¦
Threat Actor: Pharanos Cyber Army (PCA) Victim: Ukrainian Government-Controlled Systems
Information:
PCA claims to have successfully breached a system operated by private companies and ISPs within Ukraine.
The Ukrainian government is allegedly engaging in surveillance of its citizens.
The Ukrainian government may be utilizing the collected data to target and eliminate individuals, falsely implicating Russia or its allies.β¦
Threat Actor: Just Evil
Victim: UK Defense Personnel employed by BAE Systems
Information:
β 
Just Evil hacking collective claims to have access to sensitive data from UK defense service personnel.
β The group allegedly obtained personal information such as resumes, certifications, and job roles.β¦
Summary : UnitedHealth Group has admitted that patient data was taken in a mega attack, leading to a significant breach of sensitive personal, financial, and health information.
Key Point :
The U.S. Department of State is offering a reward of up to $10 million for information on the ransomware group behind the attack.β¦
Threat Actor: β Cyber_589
Victim: β Karabuk University
Information:
β 
The threat actor, Cyber_589, claims to have breached the student and teacher information system login panel of Karabuk University.
β 
The leaked database allegedly contains sensitive information such as identification details, names, surnames, emails, department affiliations, Turkish citizen identity numbers (TC), addresses, dates of birth (DoB), parental names and TCs, phone numbers, nationalities, and additional data.β¦
Threat Actor:
Victim:
Information: β The threat actor is offering unauthorized access to a prominent American architecture & design company. β The company has a revenue of $90+ million and employs over 400 people. β The company utilizes Sentinel EDR and offers access to Citrix, Fortinet VPN, RDP, and Anydesk connections.β¦
Threat Actor:
Victim:
Information: β The threat actor is offering the source code of AvEleminator software for sale. β AvEleminator is a tool designed for malicious purposes, aiming to neutralize antivirus, endpoint protection platforms, and endpoint detection and response security software. β The tool operates using certified signed drivers to bypass or disable security measures.β¦
Threat Actor: β Unknowns group β CyberDragon group β Cyber Army of Russia group
Victim: β Government of Slovenia β NLB (largest commercial bank in Slovenia) β Chamber of Commerce and Industry
Information: β The Unknowns group is believed to be behind the series of disruptive DDoS attacks targeting key state websites in Slovenia.β¦
Summary: Apps found on Google Play are turning devices into proxy network nodes without usersβ knowledge, posing a security risk.
Key Point:
Apps with hidden proxy network functionality are being removed from Google Play.
The LumiApps SDK is used to enroll devices in a residential proxy network.β¦
Summary : Municipalities in Texas and Georgia are facing disruptions in services due to ransomware attacks.
Key Point :
Gilmer County in Georgia is experiencing a ransomware attack affecting services for its residents.
Fulton County in Georgia is still restoring critical services after a ransomware attack in January.β¦
Threat Actor: β Snatch group
Victim: β Miki Travel
Information: β Miki Travel is a globally renowned travel company offering various travel services. β Miki Travel has previously suffered a ransomware attack from another threat actor. β The company promptly disclosed the previous attack to their customers.β¦
Recently, AgentTesla operators have strengthened their malspam campaigns in Italy, confirming the trend observed in recent months towards a greater use of PDF attachments. These documents contain links that, once used, initiate the download of files with malicious JavaScript code.
The email in question urgently urges the recipient to view the attached document in the communication.β¦