jon greig

New Jersey county says malware attack took down phone lines, IT systems Passaic County, home to nearly 600,000 people in Northern New Jersey, published a statement on Wednesday evening warning residents that it is aware of a “malware attack” affecting county IT systems an...

Passaic County, home to nearly 600,000 people in Northern New Jersey, published a statement on Wednesday evening warning residents that it is aware of a “malware attack” affecting county IT systems and phone lines

therecord.media/new-jersey-c...

Phobos ransomware leader facing 20 years in prison after pleading guilty to hacking charges Ptitsyn and several others began using the Phobos ransomware in November 2020, attacking more than 1,000 organizations around the world. He was arrested in South Korea and extradited in November 2024.

One of the leading administrators of the Phobos ransomware operation pleaded guilty today and now faces 20 years in prison

therecord.media/phobos-ranso...

Google says 90 zero-days exploited in 2025 as commercial vendor activity grows Google Threat Intelligence Group said it tracked 90 zero-day vulnerabilities that were exploited by a variety of actors last year, surpassing the 78 that were used by threat actors in 2024.

Google tracked 90 exploited zero-days last year but warned that for the first time, commercial surveillance vendors were the main culprit behind most of the attributed bugs

Gov'ts targeted routers and firewalls, vendors targeted mobile devices and browsers

therecord.media/google-says-...

Sprawling FBI, European operation takes down Leakbase cybercriminal forum The FBI and European law enforcement agencies carried out a global crackdown on a cybercrime forum where criminals bought and sold stolen credentials and exploits of software vulnerabilities.

The FBI and European law enforcement agencies carried out a global crackdown on cybercrime forum Leakbase, a subscription-based marketplace that has operated since 2021

therecord.media/leakbase-cyb...

From @martinmatishak.bsky.social

University of Hawaiʻi Cancer Center confirms data leak following ransomware attack Part of the breach was traced back to a Multiethnic Cohort (MEC) Study established in 1993, which used driver’s license numbers and voter registration records to recruit participants.

The information of 1.15 million people may be at risk after an August 2025 ransomware attack on The University of Hawaiʻi Cancer Center

therecord.media/university-o...

UAE claims it stopped ‘terrorist’ ransomware attack The country’s Cyber Security Council published a statement on Saturday that said they “successfully thwarted organized cyberattacks of a terrorist nature that targeted the country’s digital infrastruc...

UAE claims it stopped ‘terrorist’ ransomware attack

Via @jgreig.bsky.social & @therecordmedia.bsky.social

Across party lines and industry, the verdict is the same: CISA is in trouble One year into the second Trump administration, CISA faces a 33% loss in personnel and shuttered divisions. Experts warn of "decimated" capabilities and a leadership vacuum as the agency struggles to m...

I spoke to a ton of people for this comprehensive story about CISA one year into the Trump administration, and all sorts were VERY unsparing in their criticism. cyberscoop.com/cisa-personn...

Ex-L3Harris boss was just sentenced to 7 years for stealing and selling hacking tools to a Russian broker. Story to come. Defense achieved their goal of getting a sentence on the low end of the guidelines.

US sanctions Russian exploit broker for buying cyber tools stolen from defense contractor The Treasury Department sanctioned a Russian national and his company for allegedly acquiring eight proprietary cyber tools that were stolen from the defense contractor L3 Harris and sold to "unauthor...

The Treasury Dept sanctioned the Russian company that bought 8 exploits passed to them by a former employee of US defense contractor L3 Harris

therecord.media/sanctions-ru...

North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East Cybersecurity researchers said they saw Medusa attacks launched by members of Lazarus — a well-known North Korean hacking operation housed within the country’s military — against a company in the Midd...

Hackers tied to one of North Korea’s most sophisticated state-backed groups have been seen deploying Medusa ransomware in financially-motivated attacks on at least two institutions

therecord.media/north-korean...

Polish police detain alleged cybercriminal with Phobos ransomware ties A 47-year-old man was arrested by Polish police for his alleged involvement with the Phobos ransomware operation.

Wow 😮!

Polish police detain alleged cybercriminal with Phobos ransomware ties

via @jgreig.bsky.social & @therecordmedia.bsky.social

Ransomware gang threatens Cheyenne and Arapaho Tribes after shutting down schools The government of the Cheyenne and Arapaho Tribes in Oklahoma is being extorted by cybercriminals after a ransomware attack shut down its schools and critical systems in January.

Ransomware gang threatens Cheyenne and Arapaho Tribes after shutting down schools

via @jgreig.bsky.social & @therecordmedia.bsky.social

cc: @andyjabbour.bsky.social

Energy Department patched flaws enabling email impersonation in critical minerals system The vulnerabilities could have let malicious users masquerade as agency officials, potentially misleading researchers, contractors and others.

Small exclusive: Dept of Energy recently patched flaws in a critical minerals portal that let outside users register w/ email addresses that appeared to belong to the department, presenting phishing + impersonation opportunities for cyberspies ->
www.nextgov.com/cybersecurit...

Air Côte d'Ivoire confirms cyberattack following ransomware claims Air Côte d'Ivoire did not respond to requests for comment but released a statement on Friday confirming reports that hackers had breached its systems on February 8. Last week, the INC ransomware gang ...

The main airline serving the West African nation of Côte d'Ivoire was hit with a cyberattack earlier this month that forced it to institute business continuity plans

The INC ransomware gang claimed it stole 200GB from the company

therecord.media/air-cote-div...

Joanne Bland, lifelong Civil Rights activist and founder of Selma's Foot Soldiers Park, dies Bland grew up in Selma and became involved in the Civil Rights Movement as a child foot soldier in the 1960s, participating in the historic Selma voting rights marches, including Bloody Sunday.

Joanne Bland, one of the youngest people to march on “Bloody Sunday,” has died. She was 72.

"By the time I was 11-years-old, I had been arrested at least 13 documented times”

FBI: More than 700 ATM jackpotting incidents with losses over $20 million occurred in 2025 In a flash alert on Thursday, the FBI said it has tracked more than 1,900 ATM jackpotting incidents since 2020 and over 700 in 2025 that involved more than $20 million in losses.

In a flash alert on Thursday, the FBI said it has tracked more than 1,900 ATM jackpotting incidents since 2020 and over 700 in 2025 that involved more than $20 million in losses

Most incidents involve the Ploutus malware

therecord.media/fbi-atm-jack...

Researchers warn Volt Typhoon still embedded in US utilities and some breaches may never be found Dragos's Rob Lee said Volt Typhoon is "still very active, and they're still absolutely mapping out and getting into embedding in U.S. infrastructure, as well as across our allies.”

Dragos CEO said its likely we will never find some Volt Typhoon critical infrastructure compromises in the US

therecord.media/researchers-...

Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack BridgePay Network Solutions initially warned customers on Friday that it was dealing with system-wide outages and later said that it was working with the FBI and U.S. Secret Service forensic team to r...

Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack

via @jgreig.bsky.social & @therecordmedia.bsky.social

Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-com...

Google warned that Gemini is among the popular AI tools nation-state hackers are using to research targets, craft attack plans and refine bug exploitation

therecord.media/nation-state...

North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam The scam involved a ClickFix attack where hackers install malware on a device by having the victim try to resolve fictitious technical issues.

North Korean hackers targeted an official at a cryptocurrency company with several unique pieces of malware deployed alongside multiple scams, including a fake Zoom meeting and a ClickFix scheme, according to a new report from Mandiant incident responders

therecord.media/north-korean...

Chinese crypto scammer sentenced in absentia to 20 years after fleeing US The Department of Justice said it will “work with our law enforcement partners around the world to ensure that Li is returned to the United States to serve his full sentence."

A key U.S. money launderer for Chinese scam compounds in Cambodia was sentenced to 20 years in prison. He pleaded guilty in 2024 but cut off his ankle monitor and somehow disappeared in December, according to Trump's DOJ

therecord.media/chinese-cryp...

Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide Unit 42 tracked the compromise of at least 70 institutions across the 37 countries — with the hackers maintaining access to some victims for months. In one country, the hackers gained access to the pa...

News: A cyberespionage group based in Asia breached the systems of 37 governments and conducted reconnaissance in 155 countries, according to a report from @paloaltonetworks.com

This thing is MASSIVE .

By @jgreig.bsky.social & me on @therecordmedia.bsky.social

therecord.media/research-cyb...

Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide Unit 42 tracked the compromise of at least 70 institutions across the 37 countries — with the hackers maintaining access to some victims for months. In one country, the hackers gained access to the pa...

Unit 42 said it saw an APT breach critical gov't agencies in 37 countries in 2025

The company said its an espionage campaign but the “methods, targets and scale of operations are alarming."

Glad to be back from pat leave to work with @martinmatishak.bsky.social

therecord.media/research-cyb...

Substack warns customers of data breach following hacker’s dark web claims Customers of the newsletter platform Substack were notified on Wednesday of a breach, following a hacker's claims on the dark web of a trove of stolen data.

Substack warns customers of data breach following hacker’s dark web claims

via @jgreig.bsky.social & @therecordmedia.bsky.social

Substack warns customers of data breach following hacker’s dark web claims Customers of the newsletter platform Substack were notified on Wednesday of a breach, following a hacker's claims on the dark web of a trove of stolen data.

Substack got hacked but they are being tightlipped about how the breach occurred or if they were ever offered a ransom. Its unclear how many people were impacted

therecord.media/substack-dat...

Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide Unit 42 tracked the compromise of at least 70 institutions across the 37 countries — with the hackers maintaining access to some victims for months. In one country, the hackers gained access to the pa...

Unit 42 said it saw an APT breach critical gov't agencies in 37 countries in 2025

The company said its an espionage campaign but the “methods, targets and scale of operations are alarming."

Glad to be back from pat leave to work with @martinmatishak.bsky.social

therecord.media/research-cyb...

Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes The U.S. military digitally disrupted Iranian air missile defense systems during its operation last year against the country’s nuclear program, some of the most sophisticated action Cyber Command has ...

Exclusive: The U.S. military last year digitally disrupted Iranian air missile defense systems as part of a coordinated operation to destroy the country’s nuclear program, another sign of America’s growing comfort with employing cyber weapons in warfare.

therecord.media/iran-nuclear...

Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes The U.S. military digitally disrupted Iranian air missile defense systems during its operation last year against the country’s nuclear program, some of the most sophisticated action Cyber Command has ...

The U.S. military last year digitally disrupted Iranian air missile defense systems as part of a coordinated operation to destroy the country’s nuclear program, according to several U.S. officials, showing U.S. growing comfort using cyber weapons in warfare.

🔥 scoop from @martinmatishak.bsky.social

Sedgwick confirms cyber incident affecting its major federal contractor subsidiary The claims administration company Sedgwick confirmed that a subsidiary that contracts with a handful of sensitive federal agencies is dealing with a cybersecurity incident.

Sedgwick confirms cyber incident affecting its major federal contractor subsidiary

via @jgreig.bsky.social & @therecordmedia.bsky.social

Russian hackers target European hospitality industry with ‘blue screen of death’ malware The scheme starts with a fake reservation cancellation that impersonates a popular booking site, and eventually prompts victims with an error message and “Blue Screen of Death” page.

Suspected Russian cybercriminals are using a fake “Blue Screen of Death” page to target European hotels and hospitality companies with malware.

✍️ @jgreig.bsky.social