VulnHub

Real-time Cybersecurity News

Zephyr Energy loses £700,000 in payment fraud attack

SCM feed for Latest

Overview

Zephyr Energy recently disclosed a significant financial loss of £700,000 due to a business email compromise (BEC) attack. Cybercriminals likely gained access to the company's email or accounting systems, allowing them to alter payment details without detection. This incident points to the growing threat of BEC attacks, where attackers manipulate communication to deceive organizations into making fraudulent payments. The financial implications for Zephyr Energy are substantial, and it raises concerns about the security measures in place to protect sensitive information. Companies need to be vigilant about email security to prevent similar attacks in the future.

Key Takeaways

  • Timeline: Disclosed on [date]

Original Article Summary

The incident, disclosed in a regulatory filing, involved a business email compromise attack where cybercriminals likely infiltrated email or accounting systems to alter payment details.

Impact

Not specified

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Disclosed on [date]

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

GlassWorm evolves with Zig dropper to infect multiple developer tools

Security Affairs

The GlassWorm campaign has evolved significantly since its inception in 2025, now utilizing a Zig-based dropper embedded in a fake Integrated Development Environment (IDE) extension. This method targets developer tools, allowing attackers to compromise systems through malicious software packages. Initially starting with harmful npm packages, the campaign has escalated to large-scale supply chain attacks affecting platforms like GitHub, npm, and Visual Studio Code. Additionally, the attackers have deployed Remote Access Trojans (RATs) via counterfeit browser extensions. This evolution raises concerns for developers and organizations, as it highlights the growing sophistication of supply chain threats in the software development ecosystem.

Apr 11, 2026

FBI Recovers Deleted Signal Messages Through iPhone Notifications

Hackread – Cybersecurity News, Data Breaches, AI and More

Recent court proceedings have revealed that messages sent via the Signal app can still be accessed by the FBI through iPhone notification data, even after users have deleted them. This discovery raises significant concerns about privacy and the effectiveness of end-to-end encryption, as it suggests that deleted messages may not be entirely erased from device records. The implications of this finding are serious for Signal users, particularly those who rely on the app for confidential communications. The case highlights the potential vulnerabilities in how smartphones handle notifications and data retention, prompting users to reconsider the security of their communications. It also raises questions about the extent to which law enforcement can retrieve deleted digital information, which could affect how individuals perceive their privacy in the digital age.

Apr 11, 2026

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

Security Affairs

A serious vulnerability in the open-source Python notebook tool Marimo, identified as CVE-2026-39987, has been exploited within just 10 hours of its disclosure on April 8, 2026. This flaw has a CVSS score of 9.3, indicating its severity and potential impact. Researchers from the Sysdig Threat Research Team reported that attackers began exploiting this vulnerability almost immediately, raising alarms about the security of systems using Marimo. This incident underscores the urgency for users and organizations relying on this tool to take immediate action to protect their systems from potential breaches. Quick exploitation of such vulnerabilities demonstrates the need for timely patching and awareness in the cybersecurity community.

Apr 11, 2026

ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot

Hackread – Cybersecurity News, Data Breaches, AI and More

ShinyHunters, a known hacking group, claims to have gained access to data from Rockstar Games' Snowflake platform due to a breach involving Anodot, a data analytics company. They have threatened to leak this data on April 14 unless their ransom demands are met. This incident raises concerns about the security of sensitive information related to Rockstar, a major player in the gaming industry. If the breach is legitimate, it could expose user data and proprietary information, impacting both the company and its customers. The situation is still developing, and Rockstar Games has not yet confirmed the breach or provided details on any potential data compromise.

Apr 11, 2026

US Treasury to offer free cybersecurity intelligence to crypto firms

SCM feed for Latest

The U.S. Treasury Department's Office of Cybersecurity and Critical Infrastructure Protection has announced a new initiative aimed at sharing cyber threat intelligence with cryptocurrency firms. This program is designed to help these companies better identify, prevent, and respond to cyber threats, especially as attacks on the crypto sector grow more frequent and sophisticated. The initiative comes in response to increasing concerns over security vulnerabilities in the cryptocurrency market, which has become a prime target for cybercriminals. By providing free intelligence resources, the Treasury hopes to strengthen the security posture of these firms and protect consumers. This move reflects a broader recognition of the need for enhanced security measures in the rapidly evolving digital currency landscape.

Apr 10, 2026

Hims Breach Exposes the Most Sensitive Kinds of PHI

darkreading

Hims, a telehealth company, has suffered a data breach that exposes sensitive personal health information (PHI) of its users. The breach could reveal details about users' conditions, such as baldness, obesity, or erectile dysfunction. The attackers may misuse this data for identity theft, targeted phishing scams, or other malicious activities. This incident raises serious concerns about the protection of personal health data in the telehealth sector, highlighting the ongoing challenges companies face in safeguarding sensitive information. Users of Hims should be vigilant about potential phishing attempts and monitor their accounts for unusual activity.

Apr 10, 2026