Officials for Western Alliance Bank have recently begun contacting nearly 22,000 customers after discovering that sensitive information had been exfiltrated from their systems during a cybersecurity incident in October 2024. The breach affected a third-party vendor’s file transfer software and allowed threat actors from the Clop ransomware group to access a significant amount of personal and financial information. Western Alliance Bank was added to Clop’s leak site back in January, and the stolen data has since been published.
Eldorado ransomware successfully rebranded as BlackLock
Researchers have been tracking the activities of the relatively new ransomware group, BlackLock, and believe that the group is a rebrand of the infamous Eldorado ransomware-as-a-service. The group operates in much the same ways, with fast encryption and the same ransom note being left behind, but is unpredictable with their attack targets, making them difficult to counter. Eldorado likely rebranded due to their increased monitoring by law enforcement, but that hasn’t slowed their operation, as BlackLock has been responsible for 48 ransomware attacks since the start of 2025.
Cyberattack exposes data for largest sperm bank in the US
Nearly a year after identifying an unauthorized intrusion into their systems, officials for the largest sperm bank in the US, California Cryobank (CCB), have revealed that they fell victim to a data breach. The following investigation revealed that CCB had discovered unauthorized activity in April of 2024 and that the unknown hacker had access for several days, with plenty of uninterrupted time to find and exfiltrate sensitive information. It is still unconfirmed as to how many individuals may have been affected, though CCB operates in all 50 US states, as well as 30 other countries.
Black Basta group employs brute-forcing tool to gain network access
Researchers have identified a brute-forcing framework tool that has been used to compromise networking devices and enable initial network access for ransomware attacks by the Black Basta group. The tool, known as BRUTED, has been used since 2023 and was designed to perform credential-stuffing attacks on networking devices like firewalls and VPNs, making it significantly easier for a subsequent ransomware attack and potential data exfiltration.
Unpatched zero-day vulnerability actively exploited for 8 years
A well-known zero-day exploit has been actively used by state-sponsored threat groups for almost a decade with Microsoft refusing to implement any patch to resolve the issue. The exploit, known as ZDI-CAN-25373 by the Trend Micro Zero Day Initiative, can allow an attacker to execute various malicious commands on a victim’s device, and download additional malware payloads. Most victims of this exploitation have been government agencies and multi-national organizations that operate in either financial, energy or other industries.
