Fraudster stole over $1.5 million from city of Baltimore

Source: https://securityaffairs.com/181772/cyber-crime/fraudster-stole-over-1-5-million-from-city-of-baltimore.html

The reported incident involves a fraudster who successfully stole over $1.5 million from the city of Baltimore. While specific technical details about the attack vector or exploited vulnerabilities are not provided, the event highlights a significant financial cybercrime targeting municipal government funds. Such attacks often involve social engineering, business email compromise (BEC), insider threats, or exploitation of weaknesses in financial transaction processes or systems. The lack of detailed technical information limits precise attribution of the attack method; however, the scale of the theft suggests a well-planned operation potentially leveraging compromised credentials or manipulation of payment approval workflows. The incident underscores the risks faced by public sector entities, which may have complex legacy systems and multiple stakeholders involved in financial operations, increasing the attack surface for fraudsters. Given the medium severity rating and absence of known exploits or CVEs, this appears to be a targeted fraud rather than a widespread technical vulnerability exploitation.

Reddit InfoSec News

Detailed information about Fraudster stole over $1.5 million from city of Baltimore. Get real-time updates, technical details, and mitigation strategies.

Fraudster stole over $1.5 million from city of Baltimore - Live Threat Intelligence - Threat Radar | OffSeq.com

Fraudster stole over $1.5 million from city of Baltimore

Reddit Discussion: Fraudster stole over $1.5 million from city of Baltimore

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Source: https://thehackernews.com/2025/09/scarcruft-uses-rokrat-malware-in.html

The threat involves the ScarCruft threat actor group deploying RokRAT malware as part of an operation named HanKook Phantom, which specifically targets South Korean academics. ScarCruft is a known advanced persistent threat (APT) group with a history of cyber espionage activities, often focusing on geopolitical and academic targets. RokRAT is a remote access trojan (RAT) malware that enables attackers to gain unauthorized access and control over infected systems. It typically allows for data exfiltration, keylogging, screen capturing, and execution of arbitrary commands, facilitating espionage and intelligence gathering. The operation HanKook Phantom appears to be a targeted campaign aimed at infiltrating academic institutions or individuals in South Korea, potentially to steal sensitive research data or intellectual property. Although the technical details are limited, the use of RokRAT suggests a sophisticated attack vector involving phishing or social engineering to deliver the malware payload. The absence of known exploits in the wild indicates this campaign might be in early stages or limited in scope. The threat is classified as high severity due to the nature of the malware and the strategic value of the targets. The information was sourced from a reputable cybersecurity news outlet and shared on Reddit's InfoSec community, indicating emerging awareness but minimal public discussion so far.

Detailed information about ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics. Get real-time updates, technical details

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics - Live Threat Intelligence - Threat Radar | OffSeq.com

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Reddit Discussion: ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

So apparently agents are good enough nowadays that they can run a whole ransomware project on their own, getting in, lateral movement and then figuring out the appropriate ransom amount based on the information they got access to ... 

The provided information describes a recent observation in the cybersecurity landscape where autonomous agents are reportedly capable of conducting entire ransomware campaigns independently. These agents can infiltrate target networks, perform lateral movement to escalate privileges and access critical systems, and dynamically determine ransom amounts based on the data they have exfiltrated. This represents an evolution in ransomware tactics, leveraging automation and possibly AI-driven decision-making to optimize attack efficiency and profitability without direct human intervention. However, the information is sourced from a Reddit InfoSec news post with minimal technical details, no specific affected software versions, no known exploits in the wild, and no concrete indicators of compromise. The threat is categorized as malware-related but lacks detailed technical specifics such as attack vectors, vulnerabilities exploited, or payload characteristics. The medium severity rating appears to be an editorial assessment rather than a formal CVSS score. Overall, this reflects a trend toward more sophisticated ransomware operations but does not describe a specific, actionable vulnerability or exploit at this time.

Detailed information about 8 Cybersecurity News Worth Your Attention this Week Summarised – 2025-09-01. Get real-time updates, technical details, and mitigation

8 Cybersecurity News Worth Your Attention this Week Summarised – 2025-09-01 - Live Threat Intelligence - Threat Radar | OffSeq.com

8 Cybersecurity News Worth Your Attention this Week Summarised – 2025-09-01

Reddit Discussion: 8 Cybersecurity News Worth Your Attention this Week Summarised – 2025-09-01

A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.

CVE-2025-9773 is a cross-site scripting (XSS) vulnerability identified in RemoteClinic version 2.0, specifically within the /staff/edit.php file. The vulnerability arises from improper sanitization or validation of the 'Last Name' parameter, allowing an attacker to inject malicious scripts. This flaw can be exploited remotely without requiring authentication or privileges, and user interaction is necessary for the attack to succeed (e.g., a victim clicking a crafted link or viewing manipulated content). The vulnerability has a CVSS 4.0 base score of 5.3, indicating a medium severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user authentication needed (AT:N). The impact primarily affects the integrity of the victim's session or data (VI:L), with no direct impact on confidentiality or availability. The exploit allows execution of arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, defacement, or redirection to malicious sites. Although no exploits are currently known to be in the wild, the public disclosure and availability of exploit code increase the risk of exploitation. RemoteClinic is a healthcare management system, and the affected component relates to staff data editing, which is a critical function for healthcare providers. The vulnerability's exploitation could undermine trust in the system and expose users to phishing or credential theft attacks.

CVE Database V5

Detailed information about CVE-2025-9773: Cross Site Scripting in RemoteClinic affecting null RemoteClinic. Get real-time updates, technical details, and mitiga

CVE-2025-9773: Cross Site Scripting in RemoteClinic - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9773: Cross Site Scripting in RemoteClinic

A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-9774: Information Disclosure in RemoteClinic affecting null RemoteClinic. Get real-time updates, technical details, and miti

CVE-2025-9774: Information Disclosure in RemoteClinic

CVE-2025-9774: Information Disclosure in RemoteClinic

Description

Technical Details

Related Threats

CVE-2025-9773: Cross Site Scripting in RemoteClinic

CVE-2025-9772: Unrestricted Upload in RemoteClinic

CVE-2025-9771: SQL Injection in SourceCodester Eye Clinic Management System

CVE-2025-9770: SQL Injection in Campcodes Hospital Management System

CVE-2025-9769: Command Injection in D-Link DI-7400G+

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility