United States
U.S. law firms
Google and the FBI have warned U.S. law firms about a ransomware gang that has escalated its tactics by, in some cases, sending fake IT workers directly to victims’ offices.
On June 5, Google’s Mandiant and Google Threat Intelligence Group published a report detailing attacks by the Silent Ransom Group between January and May that targeted dozens of organizations. According to the report, the group used physical, in-person access to facilitate attacks, including planting insiders, bribing employees and gaining entry to office buildings to support cyber operations.
Just last month, the FBI warned that the Silent Ransom Group was targeting law firms through phishing and social engineering campaigns while impersonating IT support staff. In some incidents, attackers reportedly sent fake IT personnel to victims’ offices, where they connected to employee devices and used USB drives or remote access tools to steal contracts, Social Security numbers, financial records and tax information.
SourceHow it could affect your business
Impersonating IT or technical support staff has become an increasingly common tactic used by cybercriminals to gain access to sensitive systems and data. Under the guise of resolving a security or technical issue, attackers build trust and persuade targets to join screen-sharing sessions. They then attempt to bypass security controls by convincing victims to install remote access software or use screen-sharing features built into applications such as Zoom and Microsoft Teams. Users should always verify the identity and legitimacy of anyone requesting access to their devices or sensitive information before taking any action.
North America
Microsoft’s developer ecosystem
A fast-moving supply-chain attack linked to the “Miasma” worm struck Microsoft’s developer ecosystem on June 5, spreading through code repositories associated with Azure cloud tools.
GitHub disabled 73 repositories across four Microsoft GitHub organizations after a malicious commit was pushed to the Azure/durabletask repository using a previously compromised contributor account. The attack inserted configuration files designed to execute a credential-stealing payload when developers opened the repository using tools such as Claude Code, Gemini CLI, Cursor or Visual Studio Code. The campaign specifically targeted the trust relationships and automation capabilities that are increasingly embedded in modern software development workflows.
The incident appears to be the latest evolution of the Miasma campaign, a supply-chain operation based on self-replicating malware linked to the TeamPCP threat actor.
SourceHow it could affect your business
Supply-chain attacks continue to rise as threat actors increasingly target trusted software repositories, development tools and third-party components to reach a wider pool of victims. Since a single compromise can cascade across multiple organizations, these attacks can have far-reaching repercussions throughout the software ecosystem. Organizations should strengthen code review processes, enforce strict access controls for repositories, continuously monitor CI/CD pipelines for suspicious activity and regularly audit third-party dependencies to reduce the risk of compromise.
North America
Dashlane
Credential security platform Dashlane disclosed that attackers have obtained at least a dozen encrypted vaults used by customers to store passwords and other sensitive credentials.
According to the company, attackers successfully brute-forced its two-factor authentication system, gaining access to approximately 20 customer accounts. By bypassing the authentication mechanism, the threat actors were able to download copies of certain customers’ encrypted vaults. Dashlane said it has notified the affected customers whose encrypted vaults were accessed and downloaded by the attackers.
Dashlane later confirmed that its investigation into the incident is complete and determined that the attackers targeted API endpoints used for device registration. According to the company, the threat actors used a brute-force attack to send a large volume of automated requests to those endpoints, enabling them to gain access to a limited number of customer accounts.
SourceHow it could affect your business
A brute-force attack, also known as credential stuffing, occurs when threat actors use large numbers of username and password combinations to gain unauthorized access to accounts. Incidents like this highlight the importance of multifactor authentication, which adds an additional layer of security even if credentials are compromised. Organizations should also encourage the use of strong, unique passwords and monitor for unusual login activity to prevent unauthorized access.
United States
Colina Financial Advisors Limited
The Incransom ransomware group listed Colina Financial Advisors Limited (CFAL) as a victim on its data leak site on June 3.
Colina Financial Advisors Limited, based in the Bahamas, is an independent wealth management and investment advisory firm and the investment arm of Colina Holdings Ltd. The attack is believed to have occurred on June 1 and reportedly involved the exfiltration of approximately 500 GB of highly confidential data. The exposed information is said to include client personally identifiable information, financial profiles and asset data, proprietary business intelligence, system data, estate and legal planning documents and regulatory compliance records.
The exposure of sensitive client financial profiles and estate planning documents creates a significant risk of targeted fraud, social engineering and other malicious activity aimed at the firm’s clients.
SourceHow it could affect your business
If your information is compromised in incidents like this, it is important to remain vigilant against potential phishing attempts, identity theft and unauthorized financial activity. Individuals should closely monitor their financial accounts for suspicious transactions, review account statements regularly and consider placing a fraud alert on their credit reports to detect and prevent misuse of their personal information.
United States
Eversource Energy
Residents in Connecticut, Massachusetts and New Hampshire had their personal information exposed following phishing and social engineering attacks targeting Eversource Energy.
Eversource Energy, formerly known as Northeast Utilities, said phishing and social engineering attacks led to the compromise of two employee accounts in April. Through these accounts, threat actors gained access to the personal information of more than 3,000 customers. The company said it has notified utility regulators in all three states, as well as state and federal law enforcement agencies, but has not disclosed additional details about the incident.
The information exposed in the breach varies by customer and may include names, mailing and service addresses, account information, phone numbers, email addresses, Social Security numbers, driver’s license numbers and financial account information.
SourceHow it could affect your business
This incident demonstrates how a single successful phishing attack can expose sensitive customer information and create downstream risks for both organizations and individuals. Businesses should strengthen user awareness training, implement multifactor authentication and continuously monitor for suspicious account activity. Customers affected by such breaches should remain cautious of unsolicited communications and verify requests for personal or financial information before responding.
