VulnHub

Real-time Cybersecurity News

New BlackFile extortion group linked to surge of vishing attacks

BleepingComputer
Actively Exploited

Overview

A new hacking group known as BlackFile has emerged, targeting retail and hospitality organizations since February 2026. This group is primarily focused on data theft and extortion, escalating the risk for businesses in these sectors. Researchers found that BlackFile's tactics include vishing attacks, where attackers use phone calls to manipulate victims into revealing sensitive information. The implications of this surge are significant, as it not only threatens the financial stability of affected companies but also jeopardizes customer data and trust. As organizations in retail and hospitality deal with these threats, they need to enhance their security measures and employee training to mitigate the risks associated with such attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Retail and hospitality organizations
  • Action Required: Organizations should enhance security measures and employee training to combat vishing attacks.
  • Timeline: Ongoing since February 2026

Original Article Summary

A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. [...]

Impact

Retail and hospitality organizations

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since February 2026

Remediation

Organizations should enhance security measures and employee training to combat vishing attacks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

12-year-old Pack2TheRoot bug lets Linux users gain root privileges

Security Affairs

A vulnerability known as 'Pack2TheRoot,' tracked as CVE-2026-41651, has been identified in Linux systems, allowing local users to gain root privileges without authorization. This flaw has existed for nearly 12 years and has been rated with a high severity score of 8.8. It enables unprivileged users to install or remove system packages, which could lead to complete control over the system. This issue affects any Linux distribution that utilizes PackageKit, making it a significant concern for users and administrators alike. Given the potential for exploitation, it is crucial for affected parties to take immediate action to secure their systems.

Apr 24, 2026

New ‘Pack2TheRoot’ flaw gives hackers root Linux access

BleepingComputer

A newly discovered vulnerability known as Pack2TheRoot poses a significant risk to Linux systems by allowing local users to gain root access through the PackageKit daemon. This flaw enables unauthorized users to install or remove system packages, potentially compromising the integrity of the system. The vulnerability could be exploited by anyone with local access to a vulnerable Linux machine, making it a concern for both individual users and organizations that rely on Linux environments. As the flaw can lead to full control over the system, it is crucial for affected users to take immediate action to mitigate risks and secure their systems. Researchers are urging users to monitor their systems closely until a patch is available.

Apr 24, 2026

US Busts Myanmar Ring Targeting US Citizens in Financial Fraud

darkreading

U.S. authorities have charged 29 individuals, including a Cambodian senator, for their involvement in a financial fraud scheme targeting American citizens. The operation was centered around a network of fake investment websites, leading to the seizure of over 500 web domains associated with these scams. This crackdown highlights the growing issue of international fraud affecting U.S. residents, particularly as scammers increasingly utilize online platforms to deceive victims. The involvement of a foreign official raises concerns about the extent of these operations and their potential links to organized crime. Law enforcement's swift action is intended to protect citizens from further financial loss and deter similar schemes in the future.

Apr 24, 2026

Cambodian senator, others hit with US sanctions over scam allegations

SCM feed for Latest

The U.S. Treasury Department has imposed sanctions on Cambodian Senator Kok An and 28 other individuals and organizations due to their alleged roles in facilitating scam operations. The sanctions aim to disrupt these activities, which often involve fraud and deception targeting individuals and businesses. This action is part of a broader effort to combat international scams and protect potential victims from financial loss. The implications of these sanctions extend beyond Cambodia, as they signal a commitment from the U.S. to tackle global cybercrime and hold accountable those who enable such operations. By targeting key figures in these scams, authorities hope to deter similar activities in the future.

Apr 24, 2026

Ransomware supply chain untangled by RAMP forum leak

SCM feed for Latest

The Russian dark web forum and ransomware network known as RAMP has experienced a significant data breach, revealing a trove of user records and activity logs. This leak exposed thousands of details about how the cybercrime community operates, potentially impacting many individuals and organizations involved in or targeted by ransomware activities. Security researchers have noted that the information could help law enforcement and cybersecurity experts better understand the tactics and networks used by cybercriminals. The breach raises concerns about the security of personal data and the ongoing threats posed by ransomware gangs. As these forums often serve as hubs for cybercriminal collaboration, this incident could have far-reaching implications for future ransomware attacks.

Apr 24, 2026

Checkmarx supply chain hack impacts Bitwarden CLI

SCM feed for Latest

Bitwarden CLI has been compromised as a result of a supply chain attack linked to TeamPCP, according to researchers from Socket and JFrog. This incident stems from a breach involving Checkmarx, a company that provides security solutions. The implications are significant, as users of Bitwarden CLI may have been exposed to malicious code or vulnerabilities that could compromise their sensitive data. The attack underscores the risks associated with supply chain vulnerabilities, where attackers exploit third-party software to gain access to broader systems. Organizations using Bitwarden should take this seriously and consider evaluating their security measures to prevent potential exploitation.

Apr 24, 2026