The attack campaign was recently discovered by incident response firm SpearTip, who said the attacks began on January 6, 2025, targeting the Azure Active Directory Graph API.

Last week, the previously unknown pro-Ukraine hacker group Yellow Drift claimed responsibility for the attack on Roseltorg, stating they had deleted 550 terabytes of data, including emails and backups.

A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account and replaced the legitimate Kong Ingress Controller v.3.4.0 image with a malicious version.

A group of hackers with unknown ties has claimed responsibility for breaching a Russian government agency, Rosreestr, which is responsible for managing property and land records.

?Ukrainian hacktivists, part of the Ukrainian Cyber Alliance group, announced on Tuesday they had breached Russian internet service provider Nodex's network and wiped hacked systems after stealing sensitive documents.

Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.

The Security Service of Ukraine (SSU) has established that a hacker group affiliated with the main intelligence directorate of the general staff of the Russian armed forces (GRU) was involved in the cyberattack.

Threat actors obtained access credentials for election-related websites and leaked them on a Russian hacker forum less than a week before the first presidential election round.

A large U.S. organization with a significant presence in China was the subject of a targeted attack earlier this year, during which the attackers obtained a persistent presence on its network, seemingly for the purpose of intelligence gathering.

Malicious code was injected into versions 1.95.6 and 1.95.7 of the library, which is downloaded over 350,000 times weekly from the npm registry. This code was designed to exfiltrate private keys, leading to cryptocurrency theft.