MacOS-Focused Ransomware Attempts Leverage LockBit Brand
An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit
Coverage of named threat actors and intrusion sets examines reported incidents, infrastructure, disruption, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Coverage under this tag concerns a named threat actor or intrusion set: an individual, group, or organized operation assessed to be responsible for malicious cyber activity. Reports may describe incidents, malware, attack infrastructure, disruption efforts, or analyst assessments. Attribution is often provisional, so actor names and reported links should be treated as intelligence judgments rather than established identity, nationality, sponsorship, or motive.
For defenders, such reporting can help connect incidents and prioritize monitoring, but indicators and techniques may be reused or become obsolete. Validate reported infrastructure, hashes, and behaviors against local telemetry; use confirmed weaknesses to guide vulnerability remediation and access controls. If activity is suspected, preserve relevant logs and evidence, contain affected accounts or systems, and coordinate investigation without relying on an actor label alone.
An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit
Mandiant Says High-Severity Flaw Could Give Attackers Remote Unauthenticated AccessResearchers at Mandiant say a new threat cluster first observed June 27 has been exploiting a Fortinet zero day the network edge device manufacturer publicly disclosed Wednesday. Researchers said they can't assess the threat actor's motivation or location.
Unauthenticated threat actors can remotely cause a denial-of-service (DoS) cyberattack within the Remote Access VPN software in Cisco's ASA and Firepower software.
The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices
Popular titles on both Google Play and Apple's App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.
Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. [...]
A threat actor claimed to get hold of an exposed GitLab configuration file containing Zendesk API access tokens
We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware.
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. [...]