US ransomware negotiators get 4 years in prison over BlackCat attacks

Two former incident response employees were sentenced to four years in prison each for participating in BlackCat ransomware attacks against five U.S. companies in 2023. The case stands out because it turns the usual insider risk story on its head: people trusted to help victims instead used that access and expertise to aid extortion, which is likely to sharpen scrutiny around third-party responders and privileged access during incident handling.

Vimeo Confirms User and Customer Data Breach

Vimeo said attackers stole user and customer data through a compromise involving a third-party vendor, and the ShinyHunters group is threatening to leak the files unless a ransom is paid. The main takeaway is the continued concentration of breach risk in vendor ecosystems, especially where customer data and support workflows intersect outside the primary environment.

CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March

CISA disclosed that a U.S. agency was compromised through a Cisco firewall vulnerability and that attackers maintained access with malware called FIRESTARTER, which let them return months later without re-exploiting the original flaw. This is a useful reminder that patching the entry point doesn’t always remove persistence, particularly on edge devices where follow-on implants can survive well past initial remediation.

Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain

Researchers say attackers are continuing to seed Open VSX with seemingly harmless VS Code extensions that spread self-propagating GlassWorm malware. The broader issue here is developer-environment trust: extensions, package feeds, and adjacent tooling are still attractive supply chain targets because they blend into normal workflows and can scale quietly across engineering teams.

Two new extortion crews are speedrunning the Scattered Spider playbook

CrowdStrike says two The Com-linked groups are already using voice phishing and fake SSO pages to compromise SaaS environments and steal data for extortion, echoing tactics associated with Scattered Spider. The operational lesson is that identity-centric intrusion methods are diffusing fast, which means help-desk procedures, MFA reset controls, and SaaS admin workflows remain high-value defensive choke points.

The post InfoSec News Nuggets 05/01/2026 appeared first on AboutDFIR – The Definitive Compendium Project.

Source link

What's Hot

2024-08-22: CVE-2024-38063 Severe Risk Windows Vulnerability

ZDI-26-168: GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability

Verizon’s 2024 DBIR Report – Mapping CIS Controls to Incident Classification Patterns | Blog

Verizon’s 2024 DBIR Report – Mapping CIS Controls to Incident Classification Patterns | Blog

Instructure confirms data breach, ShinyHunters claims attack

Verizon’s 2024 DBIR Report – Mapping Mitre Att&CK tactics and techniques to Incident Classification Patterns | Blog

Catchy & Intriguing

The Grandparent Scam: How AI Voice Technology Makes This Old Con Deadlier Than Ever

Global Takedown of Massive IoT Botnets Halts Record-Breaking Cyberattacks

Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

Most Popular

Catchy & Intriguing

The Grandparent Scam: How AI Voice Technology Makes This Old Con Deadlier Than Ever

Global Takedown of Massive IoT Botnets Halts Record-Breaking Cyberattacks

Our Picks

2024-08-22: CVE-2024-38063 Severe Risk Windows Vulnerability

ZDI-26-168: GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability

Verizon’s 2024 DBIR Report – Mapping CIS Controls to Incident Classification Patterns | Blog

Subscribe to Updates

What's Hot

InfoSec News Nuggets 05/01/2026

Related Posts

Subscribe to Updates