VulnHub

Real-time Cybersecurity News

BlackFile actively extorting data-theft victims in retail and hospitality sector

CyberScoop
Actively Exploited

Overview

A group of attackers known as BlackFile is actively extorting companies in the retail and hospitality sectors by threatening to release stolen data. Researchers believe these attackers are linked to another group called The Com. In a disturbing tactic, they have reportedly swatted company executives, which involves falsely reporting emergencies to law enforcement to create fear and pressure victims into complying with ransom demands. This aggressive strategy not only harms the targeted businesses but also raises concerns about the safety and privacy of their executives and employees. Companies in these sectors need to be vigilant about their cybersecurity measures and consider the potential risks of data breaches and extortion attempts.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Retail and hospitality sectors, company executives
  • Action Required: Companies should enhance their cybersecurity protocols, conduct employee training on social engineering attacks, and consider legal measures against extortion attempts.
  • Timeline: Ongoing since recent months

Original Article Summary

Some attackers, which researchers link to The Com, have swatted company executives to increase leverage and pressure victims to pay their ransom demands. The post BlackFile actively extorting data-theft victims in retail and hospitality sector appeared first on CyberScoop.

Impact

Retail and hospitality sectors, company executives

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since recent months

Remediation

Companies should enhance their cybersecurity protocols, conduct employee training on social engineering attacks, and consider legal measures against extortion attempts.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Firefox and Tor Browser vulnerability allowed hidden identifiers

SCM feed for Latest

A vulnerability in Firefox and the Tor Browser has been discovered, linked to how IndexedDB, a database used by these browsers to store data, operates. This flaw can potentially expose hidden identifiers, which can compromise user privacy and anonymity. Both browsers are widely used, especially by individuals seeking enhanced privacy online, making this issue particularly concerning. Users of these browsers should be aware of the risks associated with this vulnerability, as it may allow malicious actors to track their online activities. It is crucial for users to stay updated with the latest browser patches to mitigate these risks.

Apr 27, 2026

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

The Hacker News

Checkmarx has confirmed that data from its GitHub repository was posted on the dark web following a supply chain attack on March 23, 2026. The company is currently investigating the breach and believes that the attackers gained access to its repository during this incident. This exposure could have significant implications for Checkmarx and its clients, as sensitive information may have been compromised. The incident highlights the ongoing risks associated with supply chain vulnerabilities, emphasizing the need for companies to enhance their security measures. As the investigation continues, Checkmarx is likely to provide further updates on the extent of the data breach and potential impacts on affected users.

Apr 27, 2026

Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected

Infosecurity Magazine

Itron, a technology supplier for utility companies, has reported a cyber incident but believes that its operations remain unaffected. The company has not provided detailed information about the nature of the attack or whether any sensitive data was compromised. Despite the incident, Itron reassured stakeholders that it does not expect any significant impact on its business. This revelation raises concerns about the cybersecurity measures in place within critical infrastructure sectors, as attacks on utility suppliers can have broader implications for service delivery and public safety. Stakeholders in the utilities sector should remain vigilant and conduct thorough assessments of their cybersecurity protocols.

Apr 27, 2026

Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software

Security Affairs

A Chinese national executed a spear-phishing campaign targeting NASA employees by impersonating a U.S. researcher. This deception led to the unauthorized sharing of sensitive information related to defense software and export controls. The NASA Office of Inspector General is investigating the incident, which raises concerns about national security and the vulnerability of governmental agencies to social engineering attacks. Such incidents can have serious implications, as they may compromise sensitive technologies and data. The case underscores the need for enhanced cybersecurity measures and employee training to prevent future breaches.

Apr 27, 2026

LINKEDIN BROWSERGATE

Security Affairs

A recent investigation by Fairlinked, an organization representing LinkedIn users, alleges that LinkedIn is engaged in unauthorized user tracking through browser fingerprinting. This practice reportedly involves collecting device data and details from browser extensions, which are then sent to third parties in an encrypted format. The investigation claims this situation represents one of the largest data breaches and corporate espionage incidents in digital history. Users of LinkedIn may be unknowingly affected as their data could be used for tracking purposes without their consent. This raises significant privacy concerns and questions about how user data is managed by large platforms like LinkedIn.

Apr 27, 2026

Widely Used Browser Extensions Selling User Data

Infosecurity Magazine

Recent findings reveal that numerous browser extensions are selling user data, as disclosed in their privacy policies. These extensions, which are widely used, have been caught sharing sensitive information with third parties, raising significant concerns about user privacy and data security. The issue affects a broad range of users who rely on these extensions for various functionalities, including ad-blocking and productivity enhancements. The implications are serious, as users may unknowingly expose their personal data, browsing habits, and even login credentials. This situation calls for heightened scrutiny from both users and regulatory bodies to ensure that privacy standards are upheld and to protect individuals from potential misuse of their data.

Apr 27, 2026