Skip to content
Security

Silent Ransom Group uses fake IT support calls to raid law firm data

tldr / infosec 20h ago 8

Cybersecurity firm Mandiant reports that the Silent Ransom Group is conducting aggressive social engineering campaigns against U.S. law firms and professional services organizations. Attackers send benign invoice-themed phishing emails as a prelude to voice calls impersonating IT staff, tricking employees into installing remote access tools during fake support sessions. Once inside, they rapidly exfiltrate sensitive legal and financial documents and issue ransom demands within 30 minutes, threatening to contact clients directly if unpaid. Both Mandiant and the FBI urge organizations to verify IT support requests, limit remote access tools, enforce MFA, and train staff to recognize voice phishing.

Read full article →

More Security

Anthropic embeds engineers in NSA to deploy Mythos for offensive cyber operations

tldr / ai 20h ago 9

Anthropic embedded engineers in the NSA to deploy its unreleased Mythos AI for offensive cyber operations, even as it sues the Pentagon over military AI restrictions.

GitHub scrubs 70+ Microsoft repos as Miasma worm breaks CI/CD pipelines

theregister / security 6h ago 9

GitHub disabled 70+ Microsoft repos in under two minutes after the Miasma worm infected projects via compromised commits, breaking CI/CD pipelines and triggering RCE in developer tools.

Ubiquiti Patches Critical UniFi OS Flaws Enabling Unauthenticated Root RCE

tldr / infosec 20h ago 9

Ubiquiti patched three critical UniFi OS flaws that chain into unauthenticated root RCE with CVSS 10.0 scores, requiring immediate patching and full credential rotation.