-
3 days ago | 
thecyberexpress.com | Paul Shread
Japan’s Financial Services Agency (FSA) warned last week of the growing threat of hacked trading accounts that has resulted in nearly US $700 million in unauthorized trades since March. The FSA documented a sharp increase in the number of such fraudulent trades, from 33 in February to 685 in March and 736 through the first 16 days of April. Accounts in at least six securities firms have been targeted in the attacks.
-
1 week ago | 
thecyberexpress.com | Paul Shread
The Common Vulnerabilities and Exposures (CVE) Program is one of the most central programs in cybersecurity, so news that MITRE’s contract to run the program was expiring sent shock waves through the cybersecurity community. But fears for the future of the globally recognized program underpinning vulnerability management were assuaged when CISA announced today that it was extending the MITRE CVE contract. The extension apparently is for 11 months, sources told The Cyber Express.
-
1 week ago | 
thecyberexpress.com | Paul Shread
Code-generating large language models (LLMs) have introduced a new security issue into software development: Code package hallucinations. Package hallucinations occur when an LLM generates code that references a package that doesn’t actually exist, creating an opportunity for threat actors to exploit that GenAI hallucination by creating a malicious repository with the same name as the hallucinated package.
-
2 weeks ago | 
thecyberexpress.com | Paul Shread
The U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC) has notified Congress of “a major information security incident” involving threat actor access to about 150,000 department emails.
-
2 weeks ago | 
thecyberexpress.com | Paul Shread
Microsoft Patch Tuesday for April 2025 included fixes for 135 vulnerabilities in all, including one actively exploited zero-day and an additional 11 high-risk vulnerabilities. In all, Patch Tuesday April 2025 included 126 Microsoft vulnerabilities and nine Chrome/Microsoft Edge vulnerabilities.
-
3 weeks ago | 
thecyberexpress.com | Paul Shread
The DragonForce ransomware group claims to be taking over the infrastructure of RansomHub, the biggest ransomware group in the last year, Cyble threat intelligence researchers reported in an advisory to clients today. Cyble said the moniker behind the operators of DragonForce announced a new “project” on RAMP forum and subsequently posted the same information on their onion-based data leak site (DLS).
-
3 weeks ago | 
thecyberexpress.com | Paul Shread
The U.S. Cybersecurity and Information Security Agency (CISA) has issued an advisory detailing a new malware variant detected in attacks on an Ivanti vulnerability. The CISA advisory says the agency recovered three files from a critical infrastructure environment’s Ivanti Connect Secure device after threat actors exploited Ivanti vulnerability CVE-2025-0282 for initial access.
-
3 weeks ago | 
thecyberexpress.com | Paul Shread
Cyble researchers have discovered a new Android banking trojan that uses overlay attacks and other techniques to target more than 750 applications, including banking, finance, cryptocurrency, payment, social media, and e-commerce applications. Dubbed “TsarBot” because of the threat actor’s suspected Russian origin, the malware uses overlay attacks to steal credentials and can also record and control the screen.
-
1 month ago | 
thecyberexpress.com | Paul Shread
Cyble threat intelligence researchers have uncovered a GitHub repository masquerading as a hiring coding challenge that tricks developers into downloading a backdoor to steal sensitive data. The campaign uses a number of unusual techniques, such as using a social media profile for command and control (C&C) activities instead of C&C servers.
-
1 month ago | 
thecyberexpress.com | Paul Shread
With thousands of threat groups trying to make a name for themselves and new ones cropping up every day, it can take some work to come up with a name for a new threat group. Which may help explain all the misspellings and odd threat group names out there. Looking just at threat groups active in 2025 that have been investigated by Cyble dark web researchers, here are some of the more interesting and humorous names of hackers and threat groups that are currently active.
