Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

safebreach

SafeBreach Coverage for US CERT AA25-141B (Sticky Werewolf)

May 22, 2025 By Tova Dvorin In SafeBreach
On May 21, 2025, the FBI and CISA released a joint Cybersecurity Advisory (CSA), designated AA25-141B, warning about the rise in attacks leveraging LummaC2, attributed to a threat group referred to internally as Sticky Werewolf, this cyber espionage campaign has used LummaC2 malware since at least April 2023 to target Russian and Belarusian government agencies, science centers, and aviation manufacturers.
Read Post
knowbe4

The Ransomware Threat: Still Alive and Kicking

May 22, 2025 By Javvad Malik In KnowBe4
Many organizations, after a period of relative quiet, might believe the ransomware bubble has burst. The headlines may have shifted, and other emerging cyber threats might seem to dominate the news cycle, but recent data from Marsh's 2024 UK cyber insurance claims report suggests otherwise. It paints a stark picture of an ongoing and evolving threat landscape. While claims decreased by 20% compared to 2023, they remained significantly higher than in previous years.
Read Post
Reviewing Penetration Test Pricing In 2025: A Practical Guide for UK and EU Buyers

Reviewing Penetration Test Pricing In 2025: A Practical Guide for UK and EU Buyers

May 22, 2025 By SecuritySenses In SecuritySenses
Penetration testing costs in the UK and EU can range from a few thousand pounds to well over £20,000. At a glance, many of these tests look the same. So why the price gap? In 2025, pricing models haven't changed much. Most tests are still priced per day, but the complexity of what's being tested has changed. The rise of custom internal tools (many "vibe coded" by non-IT or security teams), shadow IT, SaaS stacks, and cloud sprawl means that scoping a pen test properly takes more time and care.
Read Post
cato networks

Cato CTRL Threat Research: Suspected Russian Threat Actors Leverage Tigris, Oracle Cloud Infrastructure, and Scaleway to Target Privileged Users with Lumma Stealer

May 21, 2025 By Guile Domingo In Cato Networks
Imagine walking into a trusted bank, only to be handed counterfeit money by employees who don’t realize it’s fake. This is similar to a growing trend that’s emerging in the threat landscape. Threat actors are leveraging trusted cloud infrastructure platforms to host fake reCAPTCHA pages designed to deceive unsuspecting victims into executing malicious commands through the Windows Run dialog—specifically targeting high-access users within organizations to escalate privileges.
Read Post
bitsight

Lumma Stealer is Out... of business!

May 21, 2025 By Bitsight TRACE In BitSight
Since mid-2024, Bitsight has been collaborating with Microsoft’s Digital Crimes Unit and other partners to dismantle the operational capabilities of Lumma Stealer (LummaC2) — currently the most widely distributed information stealer. Early this week, a coordinated action was carried out to disrupt its operations and take down the supporting malware infrastructure.
Read Post
Trustwave

Trustwave SpiderLabs Report Highlights Ransomware and Dark Web Dangers for the Hospitality Sector

May 21, 2025 By Trustwave In Trustwave
The summer travel season is almost here, and travelers worldwide are in the process of booking their holidays, thus placing some of their most vital personal and financial information into the hands of the hospitality industry. A fact not lost to threat actors who thrive on gaining access and stealing this data.
Read Post
Cybersecurity Landscape in 2025: All You Need to Know as a Business Owner

Cybersecurity Landscape in 2025: All You Need to Know as a Business Owner

May 21, 2025 By SecuritySenses In SecuritySenses
When the Digital Revolution started, we knew big changes were bound to come, but who knew just how big? With the rapid development of cyberspace, our world has expanded immensely, and new possibilities have come knocking at our doors. Still, we often forget about the dark side of the Internet and all its dangers.
Read Post

Making Generative AI Transparent with Gabrielle Hibbert

May 20, 2025 By Rubrik In Rubrik
• • In this episode of Data Security Decoded, host Caleb Tolin sits down with Gabrielle Hibbert, a social policy expert and researcher, about her innovative work developing a nutrition labeling system for generative AI tools. This framework aims to bridge the gap between complex AI technology and consumer understanding, while addressing critical transparency and data privacy concerns. What You'll Learn.
View Video
tripwire

Government Organizations Lose Nearly a Month in Downtime for Every Ransomware Attack

May 20, 2025 By Katrina Thompson In Tripwire
Recent research by Comparitech reveals the shocking truth about ransomware attacks on government entities; they have a longer impact than anyone thought. Tracking over 1100 government-targeted ransomware attacks over a period of six years, researchers discovered that each day of downtime cost entities nearly $83,600, and that in each attack the downtime lasted for an average of 27.8 days.
Read Post
ssl2buy

What Is Scattered Spider? Inside the Rise of Identity-Based Attacks

May 20, 2025 By Ann-Anica Christian In SSL2BUY
If you’ve been following major cybersecurity incidents over the past couple of years, chances are you’ve come across the name Scattered Spider. From massive casino breaches to healthcare system outages, this threat actor has become a name that CISOs don’t take lightly. But what is Scattered Spider, really? And why is this group of cybercriminals getting so much attention? Scattered Spider is a financially motivated group that came into focus around 2022.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.