Автор: Kristina Beek, Associate Editor, Dark Reading

It’s unclear what kind of cyberattack occurred, but UNFI proactively took certain systems offline, which has disrupted the company’s operations.

The AI company’s investigative team found that many accounts were using the program to engage in malicious activity around the world, such as employment schemes, social engineering, and cyber espionage.

CardinalOps’ report shows that organizations are struggling to keep up with the evolution of the latest threats while a significant number of detection rules remain non-functional.

Though the operation was partially disrupted earlier this year, the botnet remains active and continues to target connected Android devices.

The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same.

Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022.

A little more than three-quarters of these exposed devices are located in Europe, followed by Asia, with 17%.

But that didn’t stop the clothing retailer from issuing preliminary results for the first quarter of 2025.

LummaC2 formerly accounted for almost 92% of Russian Market’s credential theft log alerts. Now, the Acreed infostealer has replaced its market share.

LummaC2 formerly accounted for almost 92% of Russian Market’s credential theft log alerts. Now, the Acreed infostealer has replaced its market share.