A new report from Bitdefender reveals the Russian-linked hacking group Curly COMrades is targeting Eastern Europe with a…

A new report from Bitdefender reveals the Russian-linked hacking group Curly COMrades is targeting Eastern Europe with a new backdoor called MucorAgent. Learn how they’re using advanced tactics to steal data.

A new hacking group with ties to Russia has been identified by cybersecurity researchers at Bitdefender. The group, dubbed Curly COMrades, is actively targeting countries in Eastern Europe that are experiencing geopolitical tensions.

According to Bitdefender’s investigation, shared with Hackread.com ahead of its publication, the attacks began in mid-2024. The group’s targets include government bodies and an energy distribution company in Eastern Europe, specifically in Georgia and Moldova, where geopolitical tensions are high. The main goal of these hackers is to spy on their targets and steal sensitive information.

The Curly COMrades is using advanced techniques to stay hidden and maintain long-term access to their victims’ computer networks. One of their key tools is a new type of backdoor called MucorAgent. What makes this malware particularly clever is how it stays on a computer. The hackers found a way to hijack a built-in Windows component called NGEN, which normally helps applications run faster.

By exploiting a dormant scheduled task within NGEN, the hackers can secretly reactivate their malware at random times, such as when the computer is idle or a new program is installed. This unpredictable method makes it much harder for security teams to detect and remove the threat. Researchers noted that this technique, leveraging CLSID hijacking in conjunction with NGEN, is “unprecedented in our observations.”

The group also uses specialized proxy tools like Resocks and Stunnel, as well as other methods like Mimikatz and DCSync, to steal passwords and other credentials. This tactic helps them blend in with normal internet activity, bypassing many security systems.

So, what happens is that Curly COMrades gain access to a computer network, set up a secret pathway using tools like Resocks and Stunnel, and install MucorAgent malware. This malware tricks NGEN, hijacking a hidden task and reappearing even after removal. Hackers use compromised websites as decoys to send the stolen information back to their servers, making it difficult to trace.

Source: Bitdefender

In their technical report, Bitdefender explained that the group’s name, Curly COMrades, comes from the hackers’ heavy use of the “curl.exe” tool and their focus on hijacking COM objects. Researchers chose the name to avoid giving threat actors “cool” or “fancy” names, as is the current trend within the cybersecurity community, arguing that it can inadvertently glorify them. They believe that by choosing a less flattering name, they can “de-glamorize cybercrime, stripping away any perception of sophistication or mystique.”

Russian-Linked Curly COMrades Deploy MucorAgent Malware in Europe

St. Paul hit by Interlock ransomware attack, 43GB of sensitive data leaked, city refuses ransom, launches Operation Secure…

St. Paul hit by Interlock ransomware attack, 43GB of sensitive data leaked, city refuses ransom, launches Operation Secure St. Paul with FBI and National Guard.

A major cyberattack on the city of St. Paul, Minnesota, has been claimed by the Interlock ransomware group. The attack, which began on Friday, July 25, 2025, disrupted online payment systems and services at libraries and recreation centres for the city of over 311,000 people.

In response to the incident, Minnesota’s Governor Tim Walz activated the National Guard’s cyber protection unit to help with the recovery (PDF). The city’s mayor, Melvin Carter, acknowledged it was a ransomware attack and made it clear that St. Paul would not pay the ransom.

This stance is a public refusal to negotiate with the attackers. Reportedly, the attack was powerful enough that it even delayed the mayor’s State of the City address.

For your information, Interlock, a ransomware gang that began its operations in October 2024, claims to have stolen 43 GB of data from the city. To prove their claim, Interlock posted images of what it says are documents taken from St. Paul’s private servers. They accuse the city of being “careless and irresponsible” with its security, which has put residents’ data at risk.

“The government of the city of Saint Paul, Minnesota, including its representatives and employees, is extremely careless and irresponsible about the security of their city, because of this, a large part of the infrastructure was damaged, brought a lot of losses and damage! Including the worse position were residents whose data was compromised in the internet!” the group stated.

Screenshot from the Interlock ransomware’s dark web leak site (Image credit: Hackread.com)

The city has not yet verified the data theft claim, and officials have not disclosed the specific data stolen or how the hackers breached the network. However, the mayor’s office has stated that it has maintained access to all its data and systems. The city is calling its recovery effort Operation Secure St. Paul.

As a critical first step, officials are initiating a global password reset for all of the city’s approximately 3,500 employees to secure individual user accounts and city-issued devices. The FBI is leading the investigation, working alongside the National Guard’s IT division to help restore critical city systems once the password reset is complete.

At the same time, Hackread.com can confirm that the ransomware group has leaked over 42 GB of data belonging to the city of St. Paul for free download. The data is split into two folders, **"pkusers"** (40.8 GB) and **"Smithama"** (2.1 GB). The **"pkusers"** folder alone contains 316 subfolders.

The leaked St. Paul city data contains thousands of sensitive files, including over 3,000 HR and employee-related records such as job descriptions, performance reviews, and internal evaluations. Nearly 4,800 documents relate to work plans, memos, draft proposals, and internal studies. More than 2,000 files appear to be financial or administrative, including invoices, budgets, and payment records.

The leak also holds at least 280 files containing identification and personal data such as passport scans and driving licenses, along with hundreds of email archives and internal correspondence. Together, the material offers a detailed and highly sensitive look into the city’s internal operations.

Image credit: Hackread.com

The St. Paul incident is not an isolated event. According to Rebecca Moody, Head of Data Research at Comparitech, its researchers have documented 46 confirmed ransomware attacks on US government entities so far in 2025. This shows a worrying trend of hackers targeting public organisations to cause mass disruption.

“Now, the City of St. Paul needs to respond to confirm what data has potentially been impacted and who has been affected. In the meantime, we highly recommend residents and employees remain on high alert for any potential phishing campaigns (e.g. emails, texts, or calls reporting to be from St. Paul) and monitor their accounts for any suspicious activity,” Moody concluded.

Interlock Ransomware Group Leaks 43GB of Data in City of St. Paul Cyberattack

A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise…

A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise entire networks and what CISA is urging organisations to do now.

A critical security flaw in Microsoft Exchange servers has left thousands of servers exposed to a major security risk. The unpatched vulnerability, which affects hybrid cloud setups, could allow a hacker to gain complete control over an organisation’s entire network.

The flaw, officially known as CVE-2025-53786, impacts Exchange Server 2016, 2019, and the Subscription Edition. While no attacks have been officially confirmed, security experts believe that exploit code is likely to be developed, making these servers an attractive target for cybercriminals. The vulnerability lets hackers who already have some access to an on-site Exchange server expand their privileges into the connected Microsoft cloud environment, making it hard for organisations to spot the breach.

****Government Agencies Take Action****

In response to this threat, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive. This order required all federal agencies with affected systems to fix the problem by Monday, August 11, at 9:00 AM ET.

CISA Acting Director Madhu Gottumukkala emphasised that while the directive is mandatory for federal agencies, the risks apply to all organisations using this environment. He strongly urged everyone to take the same protective measures.

> ⚠️MS Exchange server hybrid deployment elevation of privilege vulnerability CVE-2025-53786 could allow a threat actor with admin access to an Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. See guidance 👉 https://t.co/NzTYDGqMMq pic.twitter.com/2Cc6mJBRqs
> 
> — CISA Cyber (@CISACyber) August 7, 2025

****A Global Problem****

Scans from the security platform Shadowserver show that despite the urgency, over 29,000 servers remained unpatched as of August 10, just before CISA’s deadline. The US has the largest number of vulnerable servers, with more than 7,200 exposed.

Germany is close behind with over 6,700, followed by Russia with over 2,500. Shadowserver first detected this issue on August 7, noting “Over 28K IPs unpatched” and listing the US, Germany, and Russia as the top affected countries.

Source: Shadowserver

Microsoft had already provided a **hotfix** and guidance for this issue as part of its Secure Future Initiative. Organisations are being advised to apply the latest updates and, for older systems, to disconnect them from the internet entirely. The failure to do so could give attackers an easy way from on-premises systems to the cloud, potentially compromising an organisation’s entire data and services.

****Expert Insight****

**Martin Jartelius**, the CTO at Outpost24, commented on the situation, acknowledging that the large number of unpatched servers is “concerning, but not surprising.” He explained that many organisations were already running older, unmaintained systems. While some organisations with hybrid setups might believe they aren’t at risk, Jartelius warns that leaving a known flaw unpatched is an “open invitation to attackers.” He advises all organisations to continuously assess and fix these issues to strengthen their security.

Over 29,000 Unpatched Microsoft Exchange Servers Leaving Networks at Risk

A security vulnerability in a major carmaker’s online portal exposed customer data and could have let hackers remotely…

A security vulnerability in a major carmaker’s online portal exposed customer data and could have let hackers remotely unlock vehicles. Read about the “security nightmare” and get tips to protect your car from tracking.

A new security vulnerability in a major car manufacturer’s online system has been discovered, exposing customer data and potentially allowing remote access to vehicles. The flaw was found by security researcher Eaton Zveare, who reported his findings to the company, leading to a fix in February 2025. Zveare has not publicly named the automaker, but stated it’s a well-known brand with over 1,000 dealerships in the **United States**.

For your information, Zveare is known for identifying critical vulnerabilities in IoT devices. For example, their **June 2022 findings** revealed a vulnerability in a smart jacuzzi app that could be exploited by a remote attacker to extract unsuspecting user data.

The vulnerability was found in an online portal used by the carmaker’s dealerships. Zveare discovered a way to bypass the login security by modifying the portal’s code, which allowed him to create a new “national administrator” account. This gave him “unfettered access” to the private information of thousands of customers, including personal data, financial details, and vehicle information.

Using a vehicle’s unique identification number (**VIN**), which can be seen on the windshield, a hacker could look up the owner’s name. Even more alarming, the flaw allowed a hacker to remotely control certain car functions, such as unlocking the doors, simply by knowing a customer’s name or a VIN. While Zveare did not test if it was possible to drive the cars away, the vulnerability could easily be exploited by thieves.

The dealership portal also exposed more than just customer information. With his new admin access, Zveare could view financial data from all the dealerships and even track the real-time location of rental or courtesy cars. He noted that the security flaws were a “security nightmare waiting to happen” due to the ability to impersonate other users and access different systems.

Cybersecurity firm Malwarebytes weighed in on the issue, **saying** that this is the kind of vulnerability that makes it easier for people to track and stalk others. Zveare, who presented his **findings** at the Defcon security conference, says the bugs took the company about a week to fix after he disclosed them.

He **told** TechCrunch that the main issue came down to simple authentication flaws, saying, “If you’re going to get those wrong, then everything just falls down.”

For people concerned about their car’s security, here are a few simple tips to help prevent unwanted tracking:

*   Use your phone’s navigation app (like Google Maps) instead of the one built into your car.

*   Don’t save regular destinations in the car’s navigation system.

*   Keep your car’s software updated to ensure you have the latest security protections.

*   Check your car’s remote access apps to make sure no unknown devices have been linked to your account.

Carmaker Portal Flaw Could Let Hackers Unlock Cars, Steal Data

Three Ghanaian men have been extradited to the US over $100 million fraud involving romance scams and business…

Three Ghanaian men have been extradited to the US over $100 million fraud involving romance scams and business email compromise targeting individuals and companies.

The FBI and the Department of Justice (DoJ) have **announced** the extradition of three Ghanaian nationals accused of being part of a large-scale criminal operation. The individuals, namely Isaac Oduro Boateng, Inusah Ahmed, and Derrick Van Yeboah, arrived in the US on August 7, 2025, and are facing charges for their roles in a scheme that stole more than $100 million from dozens of victims. A fourth suspect, Patrick Kwame Asare, has not yet been apprehended.

The indictment (PDF) alleges that these men were high-ranking members of a criminal organisation based in Ghana that ran two primary types of fraud: romance scams and business email compromises.

In **romance scams**, the criminals created fake online identities to trick vulnerable people, often older men and women, into believing they were in a loving relationship. Once they gained the victims’ trust, they would convince them to send money or help launder funds from other victims.

The group also used business email compromises (**BEC**). This type of fraud involves tricking companies into wiring money to fraudulent accounts. The scammers would likely pretend to be a trusted business partner or a company executive to convince employees to make the payments. The stolen money was then laundered and sent to West Africa.

US Attorney Jay Clayton stated, the accused allegedly “led and participated in an international fraud ring that engaged in a massive conspiracy to defraud vulnerable people and steal from businesses.”

The extradition of the three suspects is a remarkable effort involving international cooperation. According to the DoJ, Ghana’s government and its law enforcement agencies, including the Economic and Organised Crime Office and the Ghana Police Service, provided significant assistance.

The FBI’s Assistant Director Christopher G. Raia highlighted the severity of the crimes, stating, “Deceiving businesses using email compromise campaigns and tricking innocent elderly victims through fraudulent companionship in order to exploit their trust and finances is not merely appalling but illegal.”

The four men are now facing multiple charges, including wire fraud, wire fraud conspiracy, money laundering conspiracy, and receiving stolen money. The charges are merely accusations, and the defendants are presumed innocent until proven guilty in court.

This is the second extradition of scammers involved in large-scale schemes targeting Americans. On August 5, the FBI **announced** the arrest of a Nigerian national and his extradition to the United States to face charges of hacking, identity theft, and fraud. He and his co-conspirators are accused of using spearphishing to steal customer data, as well as filing fraudulent tax returns and disaster relief claims worth millions of dollars.

Ghanaian Nationals Extradited to US Over $100M, BEC, Romance Scams

Hackers release 9GB of stolen files from the computer of an alleged North Korean hacker, revealing tools, logs,…

Hackers release 9GB of stolen files from the computer of an alleged North Korean hacker, revealing tools, logs, sensitive data and much more. The data is now available for download via DDoSecrets.

It is not often that the inner workings of a cyber-espionage operator are exposed, but that is exactly what happened when two hackers decided to publish a trove of stolen files during one of the world’s biggest hacking conferences.

The material did not surface on a cybercrime forum or through a misconfigured database. Instead, it was shared through **Phrack**, the legendary hacker publication, during its 40th anniversary issue at DEF CON in Las Vegas.

The people behind the **leak**, who go by the names Saber and cyb0rg, say they gained access to a virtual workstation and a virtual private server used by someone they call “KIM.” This individual was believed by the leakers to be linked to **Kimsuky**, a group long associated with North Korean state-backed cyber activity. Yet even with that claim, questions remain, and some security experts think it is just as possible that the operator could be based in China.

What they took and later shared offers a rare look into the operational tools and records of an advanced threat actor. The first batch of data included attack logs showing attempts to compromise South Korea’s government and its Defense Counterintelligence Command through the VPS. The second release was even more revealing, containing internal documentation, source code, stolen credentials, and command scripts from the operator’s workstation.

Independent analysts like Distributed Denial of Secrets (DDoSecrets), who reviewed the files and **indexed** the entire 8.90 GB archive on its website for free download, found that the materials appeared authentic and consistent with a real-world espionage toolkit.

Screenshot of the archive available on DDoSecrets (Image credit: Hackread.com)

However, figuring out who actually ran these systems can still be difficult. Hackers sometimes leave trails that point to the wrong country, and skilled operators can mimic another nation’s methods closely enough to mislead investigators.

For now, the leak sits as both a technical goldmine for researchers and a mystery for intelligence analysts. Phrack has said it plans to release additional download links on its site, which means more details could surface.

Nevertheless, this is not the first time that such sensitive data has gotten into the hands of a third party. Back in 2020, IBM’s X‑Force team stumbled across over **40 gigabytes of video recordings** showing Iranian cyber‑espionage operators teaching others how to hijack email accounts.

The footage, which included real-time steps, like linking Gmail accounts to Zimbra software to download inboxes, was exposed by mistake when the hackers uploaded it to an unsecured cloud server.

Hackers Leak 9GB of Data from Alleged North Korean Hacker’s Computer

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea…

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea with advanced tools. Discover how this new malware marks a shift from espionage to financially motivated cyberattacks.

A well-known North Korean hacking group, ScarCruft, is changing its methods, adding a new type of attack to its usual playbook of spying. Cybersecurity experts from the South Korean firm S2W recently released a report revealing that ScarCruft is now using a new ransomware called VCD.

This is a critical shift, as the group has traditionally focused on stealing information from high-profile people and government agencies in countries like South Korea, Japan, and Russia.

The group’s recent campaign, carried out by a subgroup called ChinopuNK, occurred in July and used phishing emails to target people in South Korea. These emails contained a tricky file disguised as an update for postal codes.

Once opened, this file infected the victim’s computer with more than nine different kinds of malware, including a new variant of a known malware called ChillyChino, and a backdoor that was written in the Rust programming language. Among these were information-stealing programs like LightPeek and FadeStealer, as well as a backdoor called NubSpy that let the hackers secretly control the computer.

ScarCruft Subgroup Classification (Source: S2W)

This backdoor is especially clever because it uses a real-time messaging service called PubNub to hide its malicious traffic within normal network activity. This campaign is also notable because it included the new VCD ransomware, which locks up a person’s files and demands a ransom. The ransom note is even available in both English and Korean.

Attack Flow (Source: S2W)

According to S2W’s Threat Analysis and Intelligence Center (TALON), this new approach suggests that ScarCruft might be adding financially motivated goals to its spying activities. The group is part of a larger network of North Korean hackers who are known to generate money for the country’s government, which is facing many economic sanctions.

A United Nations report from last year (PDF) even stated that North Korean hackers, including groups like Lazarus and Kimsuky, had stolen around $3 billion over six years.

Mayank Kumar, founding AI engineer at the firm DeepTempo, commented on this evolution, highlighting how these attacks are becoming more complex. Sharing his comment with Hackread.com, Kumar said that ScarCruft’s use of ransomware alongside its usual spying tools shows a new trend where nation-backed hacking and criminal tactics are merging.

“Advanced persistent threat groups must expand their toolsets and blur the line between espionage and cybercrime. Defenders must prepare for campaigns where ransomware is one element in a multi-stage operation. Adaptive, deep learning–driven anomaly detection across network traffic, system events, and security logs, paired with strong segmentation, rapid containment, and visibility into both human and automated adversary activity, is essential to counter such blended threats,” Kumar suggested.

North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

London, United Kingdom, 11th August 2025, CyberNewsWire

**London, United Kingdom, August 11th, 2025, CyberNewsWire**

**New** **Heimdal** **study reveals how tool sprawl creates blind spots, with over half of providers experiencing daily or weekly burnout** 

Survey of 80 North American MSPs shows fragmented security stacks drive fatigue, missed threats, and business inefficiency 

Security tools meant to protect managed service providers are instead overwhelming them. 

A new study from Heimdal and FutureSafe reveals that 89% of MSPs struggle with tool integration while 56% experience alert fatigue daily or weekly. 

The research exposes a dangerous paradox. MSPs experiencing high alert fatigue are significantly more likely to miss real threats.

The very tools deployed to enhance security are creating blind spots through exhaustion. 

**The Scale of the Problem** 

The average MSP now runs five security tools, with 20% juggling seven to ten and 12% managing more than ten. 

Only 11% report seamless integration. The remaining 89% must flip between separate dashboards and waste time on manual workflows. 

One in four security alerts prove meaningless, with some MSPs reporting that 70% of their alerts are false alarms. 

Among MSPs managing 1,000+ clients, 100% report daily fatigue. 

> “MSPs are drowning in complexity, not from threats, but from the tools meant to stop them,” said Jesper Frederiksen, CEO at Heimdal. “Every new point solution adds another agent, console, and alert stream. That noise exhausts people and quietly degrades protection.” 

**Beyond Security Operations** 

Agent fatigue extends beyond alert management. Disconnected platforms slow billing processes, complicate client onboarding, and create compliance reporting headaches. 

> “Agent fatigue isn’t just a tech issue. It’s a business risk,” said Jason Whitehurst, CEO at FutureSafe. “MSPs are juggling tool after tool, but they don’t work together.” 

**The Solution Hiding in Plain Sight** 

Despite widespread recognition of the problem, only 20% of MSPs have consolidated their security solutions. Those who have reported fewer alerts, faster response times, and happier staff. 

**Key Survey Findings** 

*   56% experience alert fatigue daily or weekly, 75% at least monthly 
*   Only 11% enjoy seamless tool connectivity 
*   MSPs using 7+ tools report nearly double the fatigue levels 
*   High false positive rates triple the chance of missing genuine incidents 
*   The 20% who consolidate report better outcomes across all metrics 

**Research Methodology** 

The State of MSP Agent Fatigue 2025 surveyed 80 North American MSPs in H1 2025, combining quantitative analysis with thematic coding of over 300 free-text responses. 

Users can download the complete report free at: heimdalsecurity.com/msp-agent-fatigue-report  

**About Heimdal** 

Established in Copenhagen in 2014, Heimdal empowers security teams and MSPs through unified cybersecurity solutions spanning endpoint to network security, including vulnerability management, threat prevention, and ransomware mitigation. 

**About FutureSafe** 

FutureSafe is the exclusive provider of Heimdal in the United States, helping MSPs cut through tool sprawl and deliver consolidated cybersecurity.

**Contact**

**Head of Content & PR**  
**Danny Mitchell**  
**Heimdal Security**  
**\[email protected\]**

Report Reveals Tool Overload Driving Fatigue and Missed Threats in MSPs

Cary, United States, 11th August 2025, CyberNewsWire

**Cary, United States, August 11th, 2025, CyberNewsWire**

**Hands-on cybersecurity and IT training leader recognized for innovation in practical, work-ready education**

INE has been selected for Training Industry’s 2025 Top 20 Online Learning Library Companies list, recognizing the company’s leadership in cybersecurity training, cybersecurity certifications, and IT training that emphasizes hands-on, practical learning experiences.

Training Industry evaluated companies based on course quality and scope, market presence and innovation, client relationships, and business growth. INE’s selection underscores the company’s commitment to cybersecurity education that bridges the gap between theoretical knowledge and real-world application.

> “This year’s Top 20 Online Learning Library companies stood out for their expansive content libraries and the depth of features built into their platforms,” said Jalen Banks, market research analyst at Training Industry, Inc. “These providers offer timely, on-demand content supported by reinforcement tools and assessments. Their advanced technology and data capabilities enable dynamic, adaptive learning experiences that foster learner engagement, build critical skills, and ultimately drive meaningful outcomes for the organizations they serve.”

> “This recognition validates our longstanding commitment to delivering training that truly prepares professionals for the challenges they face in their roles,” said Dara Warn, CEO of INE. “We focus on creating learning experiences that go beyond traditional coursework to provide practical skills that professionals can immediately apply in their organizations. When teams complete our programs, they’re equipped to strengthen their organization’s security posture and address complex infrastructure challenges with confidence.”

INE distinguishes itself through its emphasis on the practical application of cybersecurity and IT training for organizations and individuals. The training platform features more than 700 expert-led courses, 50+ learning paths, and thousands of hands-on labs that replicate actual network environments and security scenarios. Professionals and teams engage with industry-standard tools and tackle the same challenges they encounter in enterprise environments, whether pursuing cybersecurity certifications, network security certifications, or advancing their expertise through comprehensive network certification prep.

**Building on Recent Industry Recognition**

This Training Industry honor follows a series of notable recognitions for INE in recent months. This year, G2 awarded the company more than three dozen badges, including Grid Leader designations for Cybersecurity Professional Development, Online Course Providers, and Technical Skills Development.

INE also earned placement on Training Industry’s 2023 Top 20 Online Learning Libraries list, as well as on Training Industry’s 2023 Watch Lists for Experiential Learning Capabilities and IT and Technical Training, which recognized organizations’ visibility, innovation, and impact in the IT and technical training market. Combined with multiple Global Infosec Awards, SC Media Excellence Awards, and consistent recognition as a G2 Top Training Provider, these honors reflect INE’s sustained excellence in the technical training sector.

**Addressing Industry Needs Through Practical Education**

Since its founding in 2003, INE has partnered with Fortune 500 companies to address a critical challenge in the industry: the gap between traditional training methodologies and job-ready competencies. Organizations across industries rely on INE to develop their cybersecurity and networking teams, while individual professionals leverage INE as a training partner to advance their careers. INE’s approach connects theoretical concepts with practical application, providing learners with context for when and how to apply their knowledge effectively in real-world business environments.

> “Our methodology centers on experiential learning because we believe that hands-on practice is essential for developing true expertise,” Warn explained. “Our lab environments place learners in realistic scenarios where they must identify, analyze, and remediate security issues. This approach develops the kind of practical competency that translates directly to workplace effectiveness and organizational resilience.”

INE’s comprehensive IT training programs serve both organizations seeking to develop their teams and individual professionals advancing their careers. Companies use INE’s enterprise solutions to upskill existing teams, mitigate cybersecurity risk, and build more resilient IT operations. Recent program additions include the Mobile Application Penetration Testing certification (eMAPT) and the Certified Threat Hunting Professional certification (eCTHP), both designed around authentic scenarios that reflect current industry challenges and organizational needs.

**About INE**

INE is an award-winning, premier provider of online networking and cybersecurity education, including cybersecurity training and certification. INE is trusted by Fortune 500 companies and IT professionals around the globe. Leveraging a state-of-the-art hands-on lab platform, advanced technologies, a global video distribution network, and instruction from world-class experts, INE sets the standard for high-impact, career-advancing technical education.

**Contact**

**Director of Global Strategic Communications and Events**  
**Kathryn Brown**  
**INE Security**  
**\[email protected\]**

INE Named to Training Industry’s 2025 Top 20 Online Learning Library List

A cyberattack on Bouygues Telecom exposed data for 6.4 million customers. Find out what information was compromised and…

A cyberattack on Bouygues Telecom exposed data for 6.4 million customers. Find out what information was compromised and what you need to do to protect yourself from scams, as the company warns customers to be on high alert.

French telecommunications giant Bouygues Telecom has confirmed a cyberattack that resulted in the personal information of 6.4 million customers being exposed. The company, which serves nearly 27 million mobile users across France, discovered the security breach on August 4th.

****What Was Compromised?****

An investigation by the company revealed that hackers gained access to a variety of customer details. This includes contact information, contract details, and, for many, their International Bank Account Number (IBAN). An IBAN is a unique number that identifies a bank account and is used to process transactions like direct deposits or transfers.

Bouygues has confirmed that more sensitive data, like passwords and credit card numbers, were not affected in this breach. Both individual and business customers were impacted by the attack. The company promptly reported the incident to French authorities and is alerting all affected customers via email or text message.

Hackers planning to leak Bouygues Telecom data soon (Image credit: Hackread.com)

****What Should Customers Do?****

In response to the breach, Bouygues is urging its customers to be extremely cautious of potential scams. Customers should watch for any suspicious emails or phone calls from people pretending to be from Bouygues or another company, as scammers might use the stolen data to try and trick them into revealing more information, such as credit card numbers or passwords.

Bouygues also advised customers whose IBANs were exposed to monitor their bank accounts closely and contact their bank if they notice any unusual activity. The company has filed a complaint with judicial authorities, noting that the perpetrator could face up to five years in prison and a €150,000 fine.

The attack on Bouygues is part of a broader trend of major telecommunication firms being targeted globally. As reported by Hackread.com, in May 2025, South Korean firm SK Telecom revealed a malware intrusion that had gone undetected for nearly two years, leaking vast amounts of customer data.

Furthermore, an advisory from the FBI and Canada’s Cyber Centre in June 2025 warned of an ongoing cyber espionage campaign by a China-linked group called Salt Typhoon, which is actively targeting telecom networks worldwide to steal sensitive data. These incidents highlight why telecommunications companies, due to the valuable data they hold, are frequent targets for both cybercriminals and state-sponsored groups.

Source

HackRead