Top news stories this week
- Prompt to Pwn. AI used by Russian hackers to compromise 600 Fortigate firewalls.
- Dial-Up danger. CarGurus, Wynn Resorts among targets as SLSH sharpens its social engineering playbook.
- Knock on effects. Marquis sues SonicWall following ransomware attack alleging security failings.
- Ransomware Kimspiracy. North Korea expands its cybercrime operations with Medusa ransomware partnership.
- Cough up. Russian man posing as FSB attempted to export Conti ransomware gang.
- Ready Cleaner One. Man wanting to control his robotic vacuum using gaming controller accidentally hacks into thousands of households.
1. AI-Assisted hackers compromise 600 FortiGate firewalls across 55 countries in five weeks
A Russian-speaking hacker used commercial generative AI tools to brute-force over 600 FortiGate firewalls across 55 countries in five weeks, targeting exposed management interfaces and weak credentials. Amazon’s security team discovered the operation after finding a server hosting malicious tools that used AI-assisted reconnaissance and credential decryption tools.
So what?
AI is lowering the barrier of entry for less experienced hackers to exploit weak configurations, organisations should conduct regular review of their internet facing infrastructure to minimize their attack surface.
[Researcher: Lawrence Copson]
2. SLSH recruits female voices to strengthen social engineering as breach count climbs
Scattered Lapsus$ Hunters (SLSH), the cybercrime group behind a string of recent high-profile attacks including breaches at CarGurus and Wynn Resorts, is actively recruiting female voices on Telegram, offering up to USD 1,000 per call, to improve their social engineering attempts on Helpdesk teams. The group’s sister collective ShinyHunters breached CarGurus and exposed over 12.4 million customer records. They also claimed responsibility for breaching Wynn Resorts' Oracle PeopleSoft environment using valid credentials.
So what?
Organisations cannot afford to focus solely on technical defences; the human element of any organisation remains its most exploitable vulnerability.
[Researcher: Lawrence Copson]
3. Firewall vendor SonicWall sued over Marquis ransomware attack
US-based fintech firm Marquis Software Solutions has sued SonicWall for negligence and misrepresentation after MySonicWall cloud backup data was compromised in early 2025. Marquis suffered from a ransomware attack in which attackers used the configuration data breached from SonicWall to gain access. Marquis, itself facing 36 consumer class action lawsuits originating from the ransomware incident which impacted 74 US banks.
So what?
Third party contracts usually have stringent indemnification clauses. This case, if successful, could lead to a change in company’s ability to assert their third party inflicted data breach damages.
[Researcher: Jenny Eysert]
4. North Korea expands its cybercrime operations with Medusa ransomware partnership
North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organisations in extortion attacks using the Medusa ransomware. North Korean hackers have previously partnered with various Ransomware‑as‑a‑Service (RaaS) groups for financial gain, but this marks the first time they’ve been linked to Medusa. While some cybercriminals avoid attacking healthcare organisations to protect their reputation, the Lazarus group has shown that no industry is off‑limits.
SO WHAT?
North Korea relies on a range of illicit schemes to generate revenue, targeting a broad array of victims. In addition to profiting from cryptocurrency theft and fraudulent remote‑IT‑worker operations, the regime also leverages RaaS extortion campaigns to bolster its finances.
[Researcher: Milda Petraityte]
5. Man attempts to extort infamous cyber extortion syndicate
A Russian man has been accused of posing as an officer of Russia’s Federal Security Service (FSB) to attempt to extort Conti, one’s the world’s most infamous ransomware operations at the time. The Moscow resident, who has since been arrested, contacted the gang in September 2022, claiming to have influence over law enforcement investigations, unless they paid up.
So What?
Russia-based ransomware gangs operate in a gray zone between tacit tolerance and even co-optation by intelligence agencies and occasional crackdowns and disruption.
[Researcher: Lester Lim]
6. Robotic vacuum owner accidentally hacks into thousands of households.
An AI developer seeking a way to control his robovac with a standard console gaming controller accidentally identified a critical backdoor in widely used robotic vacuums. The man used Claude Code to reverse engineer DJI’s protocols and created a backdoor granted him access to cameras, IP addresses, and stored floorplan maps for devices across the world.
SO WHAT?
While tech-enabled devices can feel like a great convenience, users are encouraged to be aware of the risks they present and stay up-to-date on vulnerabilities.
[Researcher: Steve Ross]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
