HHS Stresses Importance of Having an Effective Cybersecurity Incident Response Plan The HIPAA Journal
cyberintel.kalymoon.com · 540 articles · updated every 4 hours · grows forever
HHS Stresses Importance of Having an Effective Cybersecurity Incident Response Plan The HIPAA Journal
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Google has released an emergency update to Chrome patching two actively exploited high-severity zero-days discovered by it…
Medtech Giant Stryker Offline After Iran-Linked Wiper Malware Attack Fortune 500 medical technology company Stryker — manufacturer of surgical and neurotechnology equipment with over 53,000 employees …
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours Google’s Cloud Threat Horizons Report for H1 2026 details how a threat actor tracked as UNC6426 weaponized credentials …
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets Researchers at Socket have uncovered five malicious Rust packages published to crates.io — chrono_anchor, dnp3t…
APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military ESET researchers have published a deep-dive on Russia’s APT28 (Fancy Bear/Sednit), revealing that the GRU-linked group has been …
Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure Palo Alto Networks Unit 42 has published a detailed investigation into a previously undocumented Chinese threat…
Phobos Ransomware Leader Facing 20 Years in Prison After Pleading Guilty to Hacking Charges Evgenii Ptitsyn, the 43-year-old Russian national identified as the key developer and administrator behind t…
Iranian Drone Strikes Hit Amazon Data Centers in Gulf, Disrupting Cloud Services Iranian drone strikes directly hit two Amazon Web Services data centers in the UAE this week and caused damage to a thi…
Iranian Drone Strikes Hit Amazon Data Centers in Gulf, Disrupting Cloud Services Iranian drone strikes directly hit two Amazon Web Services data centers in the UAE this week and caused damage to a thi…
CISA Replaces Acting Director After a Bumbling Year on the Job The Trump administration has ousted Madhu Gottumukkala as acting director of the Cybersecurity and Infrastructure Security Agency, replac…
Key Takeaways An audio version of this report can be found on Spotify, Apple, YouTube, Audible, & Amazon. This intrusion began in mid-February 2024 after a threat actor exploited a vulnerability (CVE-…
Key Takeaways The DFIR Report Services Contact us today for pricing or a demo! The intrusion began in early March 2025 with a single successful Remote Desktop Protocol (RDP) logon to an internet-expos…
Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in May…
Key Takeaways Private Threat Briefs: 20+ private DFIR reports annually. Contact us today for pricing or a demo! Table of Contents: Case Summary Analysts Initial Access Execution Persistence Privilege …
Key Takeaways Private Threat Briefs: 20+ private DFIR reports annually. Contact us today for pricing or a demo! Table of Contents: Case Summary Analysts Initial Access Execution Persistence Privilege …
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware, a shift …
Key Takeaways Case Summary This intrusion began in November 2024 with a password spray attack targeting an internet-facing RDP server. Over the course of several hours, the threat actor attempted logi…
Key Takeaways The DFIR Report Services Table of Contents: Case Summary In late June 2024, an unpatched Confluence server was compromised via CVE-2023-22527, a template injection vulnerability, first f…
Key Takeaways An open directory associated with a ransomware affiliate, likely linked to the Fog ransomware group, was discovered in December 2024. It contained tools and scripts for reconnaissance, e…
Key Takeaways Case Summary This case from May 2024 started with a malicious download from a website mimicking the teleconferencing application Zoom. When visiting the website and downloading a file th…
Explore a selection of the latest DFIR employment opportunities in this week’s Forensic Focus jobs round-up.
Deleted chats aren’t always the end of the story—GMDSOFT’s latest Tech Letter shows how MD-RED uncovers typed, unsent, and overlooked keyboard app data to help investigators recover critical evidence.
New tools from Semantics 21 help digital investigators surface intelligence faster, assess deepfakes, and generate structured scene descriptions — all offline and alongside existing forensic workflows…