In the 9near.org website, which is now blocked, the hacker threatened to release all the information to the public unless the breached state agency contacted him within a deadline.

Play, the threat group responsible for the ransomware attack, posted the second leak on their site, following up with their first data dump at the beginning of March, with Oakland’s data sizing up to 10 gigabytes.

A person with knowledge of the incident told TechCrunch that data from Proskauer’s merger and acquisitions business was left on an unsecured Microsoft Azure cloud server.

After the shutdown of BreachedForum, the emergence of ARES has been detected by researchers, which exhibits a behavior similar to a cartel and strives to form associations with other hackers and ransomware operators. Well-known threat actors are already leveraging the ARES platform to sell compromised data, suggesting that the group is gaining traction.

The Israel Postal Company detected and prevented a cyber attack from a “hostile party” targeting their computer servers. The company shut down part of its computer systems in response to the attack on Wednesday evening.

Sucuri uncovered details about a massive WordPress infection campaign, Balada Injector, that is active since 2017. The attackers are known to leverage all known and recently discovered theme and plugin vulnerabilities. The campaign has infected over one million WordPress websites over a duration of around five years.

The standard uses digital certificates to secure the Border Gateway Protocol (BGP) used for exchanging routing information and ensure that the traffic comes through the legitimate network operator controlling the IP addresses on the destination path.

Google’s TAG identified a new campaign by the North Korean ARCHIPELAGO threat cluster (aka APT43) targeting U.S. and South Korean governments, think tanks, military personnel, academics, policymakers, and researchers. Most notably, ARCHIPELAGO used fraudulent Google Chrome extensions in combination with phishing and malware to harvest sensitive data.

The attackers use a bot called uhQCCSpB that installs and launches a Monero miner on the infected machine. After killing all other miners on the device, the attacker uses two different strategies to maximize access to the compromised Linux machine.

While these for-profit companies offer to send and charge for cease and desist orders to the criminals behind the schemes, the FBI says these “services” are not legally enforceable.