Cybersafe Cyber Security News

The U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of state-sponsored hackers linked to the RedLine infostealer malware and its alleged creator, Russian national Maxim Alexandrovich Rudometov. This bounty is part of the Rewards for Justice program, which was established under the 1984 Act to Combat International Terrorism. The initiative offers rewards to individuals who provide valuable information that helps identify or locate foreign government threat actors involved in cyberattacks against U.S. entities, especially those targeting critical infrastructure. The Department is specifically seeking tips about foreign government-linked The post U.S. Offers $10M Reward for Intel on RedLine Malware Hackers first appeared on Cybersafe News.

A new version of the Android malware Crocodilus has introduced a deceptive feature that adds fake contacts to victims’ devices, allowing attackers to spoof calls from trusted sources. Originally detected in March 2025 by Threat Fabric researchers, Crocodilus was first seen in limited campaigns in Turkey. It initially relied on basic social engineering tactics, such as fake error messages urging users to back up their cryptocurrency wallet keys. Now, the malware has gone global. Ongoing monitoring by Threat Fabric reveals that Crocodilus is actively targeting users across all continents. Its latest versions come with significant upgrades, particularly focused on evasion The post New Android Malware tricks users by faking Caller Identities first appeared on Cybersafe News.

A newly identified Russian cyber-espionage group, dubbed Laundry Bear, has been linked to the September 2024 security breach of the Dutch national police, according to a joint advisory from Dutch intelligence agencies. The breach, first disclosed by the Dutch police (Politie) last year, resulted in the theft of work-related contact details belonging to multiple officers. The stolen information included names, email addresses, phone numbers, and in some instances, private personal data. On Tuesday, the Dutch General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) attributed the attack to Laundry Bear, warning that the group might The post Russian Cyberspy Group ‘Laundry Bear’ tied to Dutch Police Breach first appeared on Cybersafe News.

Sophos researchers have uncovered a cyberattack in which a DragonForce ransomware operator exploited three chained vulnerabilities in the SimpleHelp remote management tool to compromise a managed service provider (MSP) and its customers. SimpleHelp is remote support and access software commonly used by IT teams to troubleshoot and maintain client systems. The attackers leveraged three recently disclosed vulnerabilities—CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726—to gain initial access and escalate privileges. CVE-2024-57727 (CVSS 7.5): An unauthenticated path traversal flaw that allows attackers to download arbitrary files, including serverconfig.xml, which contains encrypted admin and technician credentials and other sensitive data protected by a hardcoded key. CVE-2024-57728 The post DragonForce exploits SimpleHelp flaws to breach MSP first appeared on Cybersafe News.

A Chinese state-linked threat group, identified as UAT-6382, has exploited a previously patched vulnerability in Trimble Cityworks software to compromise local government networks in the United States, according to a report by Cisco Talos. The flaw, tracked as CVE-2025-0994 and carrying a CVSS v4 score of 8.6, is a deserialization vulnerability that can be exploited for remote code execution. Despite being patched, the vulnerability was added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalog in February 2025. Since January, UAT-6382 has been leveraging this flaw to breach municipal systems, deploying Chinese-language web shells and custom The post Chinese Hackers exploit Trimble Cityworks flaw to infiltrate U.S. Local Government Systems first appeared on Cybersafe News.

The U.S. Department of Justice (DoJ) announced the takedown of the DanaBot malware infrastructure and unsealed indictments against 16 individuals accused of fueling a global malware-as-a-service (MaaS) operation that caused over $50 million in damages. The sophisticated cyber scheme, allegedly operated by a Russia-based group, infected more than 300,000 devices worldwide. Aleksandr Stepanov, 39, and Artem Kalinkin, 34, both from Novosibirsk, Russia, were charged who remain at large. Stepanov faces multiple counts, including conspiracy, wire fraud, aggravated identity theft, and unauthorized computer access. Kalinkin is charged with conspiracy to commit computer fraud and unauthorized system impairment. Court documents reveal that The post U.S. Dismantles DanaBot Malware Network in major Global cybercrime bust first appeared on Cybersafe News.

A U.S. federal jury has ordered Israeli surveillance firm NSO Group to pay Meta-owned WhatsApp nearly $168 million in damages, concluding a high-profile legal battle over the use of Pegasus spyware to target over 1,400 users worldwide. The decision comes more than four months after U.S. District Judge Phyllis J. Hamilton ruled that NSO Group violated federal laws by exploiting WhatsApp’s servers to deploy Pegasus. The spyware was used to surveil journalists, human rights defenders, and political dissidents, according to a lawsuit WhatsApp filed in 2019. Court records revealed the global scale of the targeting, including 456 victims in Mexico, The post NSO Group fined $168M for illegally spying on WhatsApp Users first appeared on Cybersafe News.

The United States has indicted 36-year-old Rami Khaled Ahmed, a Yemeni national, for allegedly developing and operating the Black Kingdom ransomware, which targeted Microsoft Exchange servers in over 1,500 attacks worldwide. According to the U.S. Department of Justice (DoJ), between March 2021 and June 2023, Ahmed and unnamed co-conspirators infected systems belonging to numerous victims, including a medical billing firm in Encino, a ski resort in Oregon, a Pennsylvania school district, and a Wisconsin health clinic. Victims were instructed to pay $10,000 in Bitcoin and send proof of payment to a designated Black Kingdom email address. The malware exploited a The post U.S. indicts Black Kingdom Ransomware Operator for Microsoft Exchange Attacks first appeared on Cybersafe News.

The Irish Data Protection Commission (DPC) has imposed a hefty €530 million (approximately $601 million) fine on TikTok for unlawfully transferring the personal data of users in the European Economic Area (EEA) to China, breaching the European Union’s General Data Protection Regulation (GDPR). The total fine includes €485 million for violating Article 46(1) of the GDPR, which requires that personal data transferred outside the EU be afforded an equivalent level of protection. An additional €45 million was levied for breaching Article 13(1)(f), concerning transparency obligations. TikTok has been given six months to bring its data processing practices into full compliance. The post TikTok fined €530 M over unlawful data transfers to China first appeared on Cybersafe News.

Hertz Corporation has confirmed a data breach that compromised personal information of customers associated with its Hertz, Thrifty, and Dollar brands. The breach stemmed from zero-day vulnerabilities exploited in Cleo’s managed file transfer platforms during attacks in late 2024. In a notice issued on February 10, 2025, the car rental company stated that Hertz data was acquired by an unauthorized third party that exploited zero-day vulnerabilities in Cleo’s platform during incidents in October and December 2024. Hertz promptly launched an investigation to determine the scope of the breach and identify affected individuals. According to the company, the exposed data may The post Hertz Data Breach: Driver’s Licenses and Financial Details at Risk first appeared on Cybersafe News.