Cyber Security Headlines Velociraptor pushes LockBit, Spain dismantles crime group, SonicWall SSL VPN breach
Oct 13, 2025
Discover how attackers exploited an old Velociraptor tool for ransomware access and the dismantling of a cybercrime group in Spain. Learn about the widespread compromise risk affecting SonicWall SSL VPNs. Delve into the impact of a significant cyberattack on Sugar Land's municipal services. Plus, hear about payroll hijacking tactics targeting HR platforms and a smishing scam masquerading as New York tax communications. Stay informed and prepared with the latest in cybersecurity news!
AI Snips
Chapters
Transcript
Episode notes
Velociraptor Misuse Enables Ransomware Access
- Velociraptor, an open-source DFIR tool, was abused by attackers who delivered an outdated 0.7 version with a privilege escalation bug.
- Cisco Talos links the misuse to Storm2603 using SharePoint ToolShell exploits to achieve endpoint takeover.
Spanish Takedown Of AI-Backed Crime Group
- Spanish Guardia Civil dismantled the GXC team and arrested its 25-year leader who sold AI-powered phishing kits and malware.
- The group targeted banking, e-commerce and even offered AI invoice tools for wire fraud and BEC.
SonicWall SSL VPN Credential Compromise
- Huntress warns widespread SonicWall SSL VPN compromises used valid credentials, not brute force, affecting 100+ accounts since October 4th.
- Attackers used access for quick disconnects or post-exploitation scanning of networks and Windows accounts.