Ingram Micro has confirmed a cyber attack on its systems, carried out by the emerging SafePay ransomware group. The breach, which occurred last week, disrupted operations and deliveries across key regions, including Europe, the United States, and Asia.

The IT distribution giant revealed that ransomware was detected on select internal systems. The company quickly responded by taking affected systems offline and deploying containment measures. Ingram Micro also initiated a full-scale investigation, bringing in top cybersecurity experts and notifying law enforcement authorities.

According to reports from Bleeping Computer, the SafePay group has claimed responsibility. The group allegedly exploited vulnerabilities in Ingram Micro’s GlobalProtect VPN system to gain extended access to its network. In a ransom note, SafePay criticized the company’s network setup and claimed it had accessed a trove of sensitive information — including financial data, IP, customer records, legal documents, and bank details.

SafePay offered a “mutually beneficial” resolution, proposing to delete the stolen data and provide decryption keys in exchange for payment, emphasizing their purely financial motives.

This marks another high-profile strike for SafePay, which has grown rapidly since its emergence in September. A March report by Quorum Cyber ranked SafePay as the fourth most active ransomware group globally. By May, Cyble’s analysis showed it had become the most aggressive, with 58 victims attributed to its attacks.

The group primarily targets the US, Germany, and the UK, with a strong focus on sectors like healthcare, education, government, finance, and IT. Their methods often involve compromising VPNs or remote desktop credentials acquired through malware or underground marketplaces.

As SafePay’s attacks intensify, cybersecurity experts continue to monitor its movements closely.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com

The infamous ransomware syndicate Hunters International has announced its closure, claiming to offer free decryption keys to past victims as a final move. The group, active for over two years and responsible for attacks on entities including a U.S. cancer center and Tata Technologies, posted its farewell on the dark web.

“After careful consideration, we’ve decided to shut down the Hunters International project,” the group stated, acknowledging the harm inflicted through its attacks. As a supposed reconciliation effort, they pledged to distribute decryption tools to impacted organizations free of charge.

However, cybersecurity experts warn this isn’t an act of goodwill but a strategic shift. Dray Agha of Huntress points out that Hunters is merely rebranding as World Leaks, a group focused solely on extortion without encrypting files. “This move is less about remorse and more about reducing risk amid growing law enforcement pressure,” Agha explained.

World Leaks runs four platforms, including a data leak site, ransom negotiation portal, media access channel, and affiliate dashboard for criminal collaborators. It emerged earlier as a side operation and is now set to become the primary identity of the group.

According to Daniel dos Santos of Forescout, such rebranding is common among cybercriminal groups seeking to stay ahead of law enforcement. The shift from encryption-based ransomware to data exfiltration reflects their strategy to avoid intensified crackdowns.

While the group claims to be helping victims recover data, Santos urges caution. “Even paid decryption keys often fail. Free ones are unlikely to be reliable,” he warned.

The closure of Hunters International may signal a tactical evolution in cybercrime rather than a resolution—and organizations must stay vigilant.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com

U.S. authorities have formally charged British national Kai West, 25, known online as ‘IntelBroker’, for leading a major cybercrime campaign that inflicted over $25 million in damages. West was arrested in France earlier this year and now faces multiple charges in the United States.

Prosecutors allege that West, also known as Kyle Northern, orchestrated an extensive hacking operation in collaboration with an online group. Between 2023 and 2025, the group infiltrated systems of over 40 organizations, including a telecom provider, a municipal healthcare service, and an internet service provider. They stole sensitive data—ranging from customer records to health and employment information—and attempted to sell it online for over $2 million.

According to the FBI, West offered stolen data for sale at least 40 times and shared it freely in more than 100 instances, sometimes in exchange for forum credits. In one case, he exploited a misconfigured server to extract telecom data. In another, he sold healthcare records including Social Security numbers and health plan details.

U.S. Attorney Jay Clayton emphasized the global impact, stating, “The IntelBroker alias has caused millions in damages to victims worldwide. This arrest shows the FBI’s resolve to hold cybercriminals accountable, no matter where they operate.”

IntelBroker gained notoriety in underground forums like BreachForums, where he initially worked as a ransomware operator before taking over the platform. He is believed to have targeted major companies such as Cisco, AMD, Nokia, Ford, and even Europol.

A report by cybersecurity firm Kela highlighted IntelBroker’s operational skill, noting his blend of technical expertise, anonymity, and focus on exploiting system vulnerabilities—traits that earned him a trusted reputation among cybercriminals.

Darren Guccione, CEO of Keeper Security, said the case underscores how stolen data circulates long after breaches occur. “The IntelBroker case shows how attackers exploit dark web networks for sustained criminal activity through trust, collaboration, and repeated data trafficking,” he noted.

West now faces multiple federal charges, including conspiracy to commit computer intrusions (up to 5 years), wire fraud (up to 20 years), and accessing protected computers to obtain sensitive information.

This arrest marks a significant victory for international cybercrime enforcement and a warning to others in the digital underworld.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com

The notorious cybercrime group Scattered Spider has shifted its focus to the airline industry, prompting a warning from the FBI after confirmed cybersecurity breaches at Hawaiian Airlines and Canada’s WestJet.

According to a recent FBI advisory, the group exploits social engineering tactics, often impersonating internal staff or contractors, to manipulate IT help desks into granting unauthorized access. These techniques have enabled the attackers to circumvent multi-factor authentication (MFA) by registering their own MFA devices on compromised accounts.

The FBI emphasized that large corporations and third-party IT vendors within the aviation ecosystem are at heightened risk. Once inside, the hackers are known to steal sensitive information for extortion and often launch ransomware attacks.

Following the breach, Hawaiian Airlines acknowledged a cyber incident affecting parts of its IT infrastructure. Despite the attack, operations continued without disruption. The airline confirmed that it had engaged law enforcement and cybersecurity experts and is working toward a complete system restoration.

Similarly, WestJet recently reported a cybersecurity issue that restricted access for several users. The airline is actively investigating the breach with support from digital forensics and cybersecurity specialists.

While the perpetrators behind these attacks haven’t been officially confirmed, cybersecurity firm Halcyon attributed recent aviation, food, and manufacturing sector incidents to Scattered Spider, noting the group’s aggressive and fast-paced approach.

The aviation sector has faced increasing warnings about such threats. Experts from Palo Alto’s Unit 42 and BlackFog have both flagged the industry as a high-risk target due to its global operational impact and the vast amount of sensitive passenger data it handles.

“With international travel peaking, cybercriminals are taking advantage of the industry’s pressure to maintain smooth operations,” said Darren Williams, CEO of BlackFog. “Airlines must act swiftly to reinforce their cybersecurity defenses and protect both their data and customer trust.”

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com

As generative AI tools rapidly reshape digital workflows, security teams are struggling to keep up with emerging threats. A recent study by penetration testing firm Cobalt reveals that over a third of cybersecurity leaders and practitioners admit GenAI is advancing faster than their teams can secure it.

Nearly 48% of respondents called for a ‘strategic pause’ to better align defenses against evolving AI-driven attacks—though most acknowledge this pause is unlikely to materialize. Alarmingly, 72% identified GenAI-related threats as their top IT risk, yet one-third are not performing regular security assessments like penetration testing for their large language model (LLM) deployments.

“Threat actors aren’t waiting, and neither can we,” said Gunter Ollmann, CTO at Cobalt. “AI is redefining both productivity and risk. Security frameworks must evolve or risk becoming obsolete.”

The report also highlights a divergence in priorities between executive leaders and frontline security practitioners. While 76% of C-suite and VP-level respondents voiced concern over long-term threats like adversarial attacks, practitioners (45%) showed more immediate worry over operational risks such as inaccurate outputs.

Security leaders appear more inclined to adapt defense strategies for GenAI-specific threats, with 52% considering structural changes compared to 43% of practitioners.

Top concerns across all respondents include:

• Sensitive data exposure (46%)
• Model poisoning or theft (42%)
• Inaccurate outputs (40%)
• Training data leaks (37%)

Additionally, 50% of participants demand greater transparency from software vendors regarding vulnerability detection and mitigation, underscoring a widening trust gap within the AI supply chain.

Cobalt’s internal pentesting data also sheds light on vulnerabilities in LLM implementations. While 69% of all high-priority issues are addressed across categories, that figure drops to a mere 21% for LLM-specific high-severity issues—despite their significant risk level.

Interestingly, while serious GenAI issues are resolved faster—with a mean time to resolution (MTTR) of just 19 days, the lowest among all test types—this likely reflects a focus on simpler fixes, rather than comprehensive mitigation.

“Just like the early days of cloud, GenAI has exposed a critical gap between innovation and security readiness,” Ollmann warned. “We need to shift from reactive audits to proactive, programmatic AI testing—urgently.”

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com

In its annual State of Ransomware report, Sophos revealed that while nearly 50% of organizations paid a ransom in the past year—the second-highest rate in six years—over half managed to settle for less than the hackers’ initial demand. In 71% of these cases, firms either negotiated directly or leveraged third-party experts to cut down the price.

Chester Wisniewski, Field CISO at Sophos, emphasized that ransomware threats have become a routine part of business risk. However, he noted a shift in how victims respond. “With greater awareness, companies are increasingly hiring incident responders who not only minimize ransom costs but also accelerate recovery and sometimes even halt attacks midstream,” Wisniewski stated.

The report highlighted a 33% drop in median ransom demands between 2024 and 2025, while the actual amount paid halved to $1 million. Yet, not all negotiations favor the victims—28% of organizations ended up paying more than originally asked, often due to delayed responses, lack of backups, or hackers pressing for higher demands.

Ransom costs also varied across sectors. State and local governments faced the highest median payouts at $2.5 million, while healthcare organizations paid as little as $150,000. Larger companies, especially those with over $1 billion in revenue, encountered steeper demands—typically around $5 million—compared to smaller firms, which saw demands under $350,000.

Sophos identified exploited vulnerabilities as the leading technical cause of attacks for the third consecutive year. Alarmingly, 40% of victims admitted the breach stemmed from security gaps they hadn’t even known existed. Staffing issues were also widespread—63% of companies cited limited resources as a critical weakness, with larger firms blaming lack of expertise, while mid-sized organizations pointed to insufficient capacity.

Despite these challenges, recovery is improving. Nearly 44% of organizations intercepted attacks before data encryption—a record high—while just half experienced encrypted data, the lowest in six years. Even though only 54% restored their data from backups, overall recovery costs plummeted from $2.73 million in 2024 to $1.53 million in 2025.

Most notably, 53% of companies now recover from ransomware attacks within a week, a sharp rise from 35% the previous year. Only 18% needed over a month, down from 34% in 2024—a promising sign of growing preparedness and resilience across industries.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com

The UK’s National Cyber Security Centre (NCSC) is calling on users to adopt password managers and passkeys, highlighting them as the future of secure authentication.

In its latest guidance, the NCSC emphasizes the ease and security offered by browser-integrated password managers like those built into Chrome, Safari, Edge, and Firefox. These tools, deeply embedded into operating systems, offer a practical option for users.

The agency also recognized the role of long-standing third-party password managers, stating their continued existence is likely due to their strong commitment to security. Despite some high-profile breaches in the past, many of these services now rely on robust protection methods, including encryption, secure device chips, and biometric authentication like facial or fingerprint recognition.

The spotlight, however, is on passkeys—a newer, more secure login method developed by Apple, Google, and Microsoft. Passkeys replace traditional passwords with a cryptographic key pair. One part stays on the user’s device, while the other is shared with the service during account creation. When logging in, the device authenticates the user through standard unlock methods and confirms identity without transmitting the key itself.

According to the NCSC, passkeys are not only faster—up to eight times quicker than typing a password and 2FA code—but also more secure. They’re already supported by major platforms such as Google, eBay, and PayPal.

When choosing a password management tool, the NCSC advises users to assess the provider’s reputation and follow cyber hygiene practices. These include enabling updates, securing devices with biometrics, and setting up recovery methods such as trusted contacts or backup keys.

Greg Wetmore, VP of Product Development at Entrust, supported the agency’s call for change. He noted that passkeys address the core issues of password security—forgetfulness, complexity, and vulnerability to phishing attacks.

“Passwords are outdated and insecure. Passkeys offer a phishing-resistant solution that’s both easier to use and more effective,” Wetmore stated. “It’s time we all move forward.”

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com

The rise of artificial intelligence, particularly Large Language Models (LLMs), has opened new frontiers for innovation—but also for cybercrime. Threat actors are now systematically misusing these advanced tools to develop and scale sophisticated hacking operations, according to recent research from Cisco Talos.

LLMs, widely used for legitimate tasks, are being repurposed to automate phishing, malware generation, vulnerability scanning, and exploitation. Cybercriminals are no longer relying solely on traditional methods; instead, they’re leveraging AI to reduce technical barriers and reach a broader base of bad actors.

Platforms like Hugging Face now host over 1.8 million models, offering fertile ground for malicious use. Despite safety measures built into mainstream models, hackers employ a range of tactics to bypass these restrictions. These include using uncensored or custom-built models like FraudGPT and DarkestGPT, which offer subscription-based access to tools designed specifically for cybercrime.

Cisco Talos reports that these criminal AI tools are being openly promoted on dark web forums. Some LLMs are integrated with external tools such as Nmap, enabling attackers to automate everything from reconnaissance to exploitation in a seamless manner.

A critical technique in this growing threat is jailbreaking—a process that tricks LLMs into ignoring their ethical safeguards. Cybercriminals use methods like Base64 encoding, character substitution (L33t speak), multi-language prompts, and role-play scenarios to bypass restrictions. In one case, models like WhiteRabbitNeo were observed generating uncensored malicious code with no safety filters.

Tactics such as meta-prompting, context manipulation, and disguising harmful code as mathematical problems allow attackers to exploit the LLMs’ core functionality. These prompts often confuse the models into responding as if the malicious request were educational or harmless.

What’s more, AI-driven hacking platforms offer attackers not just technical assistance but also scale—enabling low-skilled users to launch effective cyberattacks while maintaining operational anonymity. With tools like DarkestGPT charging as little as 0.0015 BTC per month, access to powerful, unrestricted AI is becoming increasingly democratized within the cybercrime world.

This new wave of AI-enhanced hacking marks a dramatic evolution in the threat landscape, underscoring the urgent need for tighter controls, real-time monitoring, and responsible AI deployment to prevent widespread abuse.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: Cybersecuritynews.com

At the RSAC 2025 Conference, while AI dominated the headlines, the spotlight also turned to a growing cybersecurity concern — quantum computing’s potential to undermine current encryption standards. Industry leaders and cryptography experts issued a strong warning: the time to secure data against quantum threats is now.

Central to these discussions was the emerging threat known as “harvest now, decrypt later” (HNDL). This tactic involves malicious actors collecting encrypted data today, anticipating that future quantum computers will be able to break these encryptions. Sensitive information such as government records, health data, intellectual property, and financial documents stolen now could become readable in the future, making this not a future concern, but a present-day vulnerability.

Asymmetric cryptographic systems like RSA and Elliptic Curve Cryptography (ECC)—critical for web security and digital signatures—face the highest risk. Symmetric encryption, though also vulnerable, offers more resistance and can be strengthened with larger keys.

To combat this, experts at RSAC 2025 strongly advocated for the adoption of Post-Quantum Cryptography (PQC). These next-generation algorithms are being designed to resist both classical and quantum attacks. The U.S. National Institute of Standards and Technology (NIST) is leading this global transition and is close to finalizing its PQC standards. Experts advised organizations to stay aligned with NIST’s progress and prepare for a sweeping cryptographic overhaul.

The road to PQC won’t be simple. It involves identifying where cryptography is currently applied within an organization, assessing risk, and developing a phased migration plan. Creating a cryptographic inventory is seen as the foundational step, followed by testing PQC algorithms in controlled environments to ensure compatibility and performance.

RSAC 2025 also emphasized the importance of crypto-agility—building systems that can quickly adapt to future algorithm changes without full redesigns.

Though no one can pinpoint when quantum computers will mature enough to break encryption, the consensus was clear: the threat is real and imminent. Organizations that act now will be better positioned to protect their data and digital infrastructures in the quantum era.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com

Artificial intelligence is no longer a futuristic concept in cybersecurity—it’s a driving force behind today’s defense strategies. At the RSA Conference 2025, experts and industry leaders confirmed that AI is transforming how organizations detect, respond to, and anticipate cyber threats.

AI’s integration into cybersecurity operations is proving vital, particularly in Security Operations Centers (SOCs), where it helps manage large volumes of alerts and significantly speeds up incident response. Discussions at RSAC underscored how AI plays both an offensive and defensive role, requiring security teams to adapt faster than ever.

One of AI’s standout contributions lies in its advanced threat detection capabilities. Machine learning models can process vast amounts of real-time data, identifying anomalies that signal potential breaches or malware—often before traditional tools can detect them. AI-driven predictive analytics is also gaining traction by forecasting vulnerabilities based on historic patterns, while natural language processing (NLP) helps uncover phishing attempts hidden in everyday communication.

Beyond detection, AI is driving automation across cybersecurity infrastructures. Through platforms like SOAR (Security Orchestration, Automation, and Response), organizations can now isolate compromised systems, apply patches, or block threats in seconds—allowing human teams to focus on higher-level threat analysis. Tools such as agentic AI assistants, highlighted during the conference, are further pushing boundaries by independently investigating and addressing threats, reducing manual workloads.

AI also strengthens vulnerability management by continuously scanning for security gaps and flagging critical issues. Using User and Entity Behavior Analytics (UEBA), these systems detect abnormal behaviors that could indicate compromised accounts or insider threats, enabling prompt intervention.

Despite its benefits, the RSAC panels also stressed the need for responsible use. Since bad actors are equally capable of leveraging AI, there’s a growing call for explainable AI (XAI) that ensures transparency and trust. Experts agree that AI works best not as a replacement but as a force multiplier—supporting human judgment with speed and scale.

In an era where cyberattacks grow more complex and frequent, AI’s evolving role in cybersecurity is not just helpful—it’s indispensable.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com