ransomware | Breaking Cybersecurity News | The Hacker News

A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025. "The campaign is targeted towards employees of KazMunaiGas or KMG where the threat entity delivered a fake document related to the KMG IT department, mimicking official internal communication and leveraging themes such as policy updates, internal certification procedures, and salary adjustments," security researcher Subhajeet Singha said . The infection chain begins with a phishing email containing a ZIP attachment, which includes a Windows shortcut (LNK) downloader, a decoy document related to KazMunaiGas, and a README.txt file with instructions written in both Russian and Kazakh to run a program named "KazMunayGaz_Viewer." The email, per the cybersecurity compa...

A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. "SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC," according to a description of the flaw in the NIST National Vulnerability Database (NVD). "This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. Successful exploration of the defect could result in a full system compromise of the SAP environment, subverting the confidentiality, integrity, and availability of the system. In short, it can permit attackers to modify the SAP database, create superuser accounts with SAP_ALL privileges, download password hashes, and alter business processes. SecurityBri...

Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencing ™ can eliminate entire categories of risk. From disabling Office macros to blocking outbound server traffic, these simple but strategic moves create a hardened environment that attackers can't easily penetrate. Whether you're securing endpoints or overseeing policy rollouts, adopting a security-by-default mindset can reduce complexity, shrink your attack surface, and help you stay ahead of evolving threats. Cybersecurity has changed dramatically since the days of the "Love Bug" virus in 2001. What was once an annoyance is now a profit-driven criminal enterprise worth billions. This shift demands proactive defense strategies that don't just respond to threats—they prevent t...

Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately secured by a platform capable of not just keeping pace, but staying ahead of an ever-evolving threat landscape. SentinelOne's steadfast commitment to delivering AI-powered cybersecurity enables global customers and partners to achieve resiliency and reduce risk with real-time, autonomous protection across the entire enterprise — all from a single agent and console with a robust, rigorously tested platform that keeps the customer in control. Cybersecurity today isn't just about detection—it's about operational continuity under pressure. For example, endpoint solutions must account for encrypted traffic inspection, policy enforcement during identity compromise, and fast containment across distributed environments. ...

Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting SSL VPN and RDP devices between June and July 2025. The activity originated from a Ukraine-based autonomous system FDN3 ( AS211736 ), per French cybersecurity company Intrinsec. "We believe with a high level of confidence that FDN3 is part of a wider abusive infrastructure composed of two other Ukrainian networks, VAIZ-AS ( AS61432 ) and ERISHENNYA-ASN ( AS210950 ), and a Seychelles-based autonomous system named TK-NET ( AS210848 )," according to a report published last week. "Those were all allocated in August 2021 and often exchange IPv4 prefixes with one another to evade blocklisting and continue hosting abusive activities." AS61432 currently announces a single prefix 185.156.72[.]0/24, while AS210950 has announced two prefixes 45.143.201[.]0/24 and 185.193.89[.]0/24. The two autonomous systems were allocated in May an...