botnet
Threat Intelligence

DragonForce Actors Target SimpleHelp Vulnerabilities To Attack MSP, Customers

Posted on May 29, 2025

By Bradford Regeski, Cyber Threat Intelligence Analyst

Summary Sophos Managed Detection and Response (MDR) recently intervened in a targeted cyberattack against an unnamed Managed Service Provider (MSP), where threat actors leveraged vulnerabilities in the SimpleHelp remote monitoring and management (RMM) platform to deploy DragonForce ransomware across multiple endpoints. Attackers exploited vulnerabilities CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726, initially disclosed in January 2025, to achieve remote execution, arbitrary file…

Read More
Global communication network
Threat Intelligence

China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile Vulnerability

Posted on May 27, 2025

By Bradford Regeski, Cyber Threat Intelligence Analyst

Context EclecticIQ has identified active exploitation of two critical vulnerabilities (CVE-2025-4427 and CVE-2025-4428) in Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier, allowing for unauthenticated remote code execution. This activity, attributed with high confidence to the China-nexus espionage group UNC5221, began on May 15, 2025, and targets critical sectors globally, including healthcare, telecommunications, and government. The threat actors…

Read More
airport luggage
Threat Intelligence

A Cyber Threat Travelogue: Trustwave SpiderLabs Highlights Hospitality Sector Cybersecurity Challenges in 2025

Posted on May 22, 2025

By By Karl Sigler, Security Research Manager, SpiderLabs Threat Intelligence

As the summer travel season approaches, travelers worldwide are busy booking their holidays, entrusting the hospitality industry with some of their most sensitive personal and financial information. Unfortunately, this makes the sector a prime target for threat actors looking to exploit and steal this data. In the 2025 Trustwave Risk Radar Report: Hospitality Sector report,…

Read More
Ransomware in the Cloud
Threat Intelligence

M&S Hackers Allegedly Utilize Employee Logins from Third-Party Consulting Firm

Posted on May 21, 2025

By Bradford Regeski, Cyber Threat Intelligence Analyst

Context Public reporting has emerged that claims ransomware group Scattered Spider gained initial access to Marks & Spencer’s (M&S) systems by compromising the login credentials of two employees from their third-party partner, Tata Consultancy Services (TCS). Cyber News reports that a source reportedly told news agencies “that at least two Tata Consultancy Services employees’ M&S logins were used…

Read More
Special Interest & Resilience

Stolen Logins, Lost Trust: The Hidden Supply Chain Behind Account Takeovers in Retail & Hospitality

Posted on May 9, 2025

By Eric Clay - Chief Marketing Officer, Flare

You log in to your loyalty account to cash in a year’s worth of points—only to find them wiped clean. No redemptions in your history, no trace of your perks. This isn’t a UX glitch—it’s account takeover (ATO), and it’s not personal. The cybercrime ecosystem isn’t just a place where criminals discuss how to profit…

Read More