Yakuza Victim Data Leaked in Japanese Agency Attack
A local government resource for helping Japanese citizens cut ties with organized crime was successfully phished in a tech support scam, and could have dangerous consequences.
The Victims tag covers people and organizations harmed by cyberattacks, including breaches, scams, malware, identity theft, and data exposure.
Search across headline titles and summaries.
Background for this topic.
Victims are people, organizations, or public bodies that suffer harm from cyber-enabled activity, such as account compromise, fraud, unauthorized data access, malware, or service disruption. The term may describe both the directly compromised party and individuals whose information, devices, or accounts are affected through an incident involving another organization.
For security practitioners, victim impact guides triage and response: identify affected systems and data, contain access, preserve evidence, and restore trustworthy operations. Exposed personal or confidential information can create privacy and notification obligations, while compromised credentials or devices may enable further attacks against the victim or its contacts. Recording victim details in threat intelligence—such as the targeted sector, initial access method, and affected assets—can help identify campaigns and improve controls. Clear communication and support also matter, because victims need accurate guidance on credential resets, account monitoring, fraud reporting, and available remediation.
A local government resource for helping Japanese citizens cut ties with organized crime was successfully phished in a tech support scam, and could have dangerous consequences.
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell
Organized crime types tend not to be kind to those who go against them, so this is nasty A local Japanese government agency dedicated to preventing organized crime has apologized after experiencing an incident it fears may have led to a leak of personal information describing 2,500 people who reached out to it for consultation.…
Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers
Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale
Since surfacing in August, the likely LockBit variant has claimed more than two dozen victims and appears poised to strike many more.
Firewall Vendor Warns Attackers Using Valid Credentials They Previously StoleAttackers wielding an emerging strain of ransomware called Helldown have been gaining a foothold in victims' networks by exploiting a previously unknown flaw in their Zyxel firewalls, security researchers warn. Zyxel has warned attackers may be using valid credentials they previously stole.
Of the numerous victims, at least three refused to pay the demanded ransom, with the rest seemingly in talks with the cybercriminal group.
Telco Giant's Probe Finds 'No Evidence' of Customer or Sensitive Data BreachThe world's largest telecommunications carrier, T-Mobile U.S., said it was targeted as part of a wide-ranging cyberespionage operation the U.S. government attributes to China but has found no sign of data access or theft. Other known victims of the campaign include AT&T, Verizon and Lumen.