- Cyber Safety
- Posts
- From Xanthorox to Interlock: The Threat Landscape’s Getting Personal
From Xanthorox to Interlock: The Threat Landscape’s Getting Personal
In partnership with
The Interlock ransomware has intensified its attacks on defense contractors and their supply chains, posing a significant threat to national security. This sophisticated cybercriminal group practices “big-game hunting” and double extortion, targeting high-value organizations and stealing sensitive data. Key highlights include:
• Recent victims: AMTEC and National Defense Corporation
• Data leaks involving classified DoD contracts
• Evasion tactics using legitimate tools like PowerShell
• Exploitation of systematic vulnerabilities in enterprise VPNs
As global tensions rise, experts urge defense contractors to enhance cybersecurity measures and comply with the Department of Defense’s Cybersecurity framework to safeguard against these concerning breaches.
Stay up-to-date with AI
The Rundown is the most trusted AI newsletter in the world, with 1,000,000+ readers and exclusive interviews with AI leaders like Mark Zuckerberg, Demis Hassibis, Mustafa Suleyman, and more.
Their expert research team spends all day learning what’s new in AI and talking with industry experts, then distills the most important developments into one free email every morning.
Plus, complete the quiz after signing up and they’ll recommend the best AI tools, guides, and courses – tailored to your needs.
Google has sounded the alarm that a notorious hacking group, UNC3944, also known as Scattered Spider, is now targeting U.S. retailers after previously disrupting operations in the UK. This group is known for their aggressive tactics, including:
• Ransomware and extortion operations
• Social engineering and third-party exploits
• Links to high-profile attacks on major companies
Analyst John Hultquist warns that U.S. retailers should bolster their defenses, as these hackers have a track record of focusing on one sector at a time. After several arrests in the UK, the group is back with renewed efforts, making it crucial for businesses to stay vigilant.
In a bold move to strengthen its European presence, cybersecurity leader Proofpoint is set to acquire German cloud security firm Hornetsecurity for over $1 billion. Here are some key highlights:
• Hornetsecurity boasts $160 million in annual recurring revenue
• Enjoys over 20% year-over-year growth
• Serves more than 125,000 customers, focusing on Microsoft 365 protection
This acquisition marks Proofpoint's largest yet, following its $12.3 billion purchase by Thoma Bravo in 2021. Hornetsecurity CEO Daniel Hofmann will remain at the helm, guiding the team into this exciting new chapter. The deal is expected to finalize in the latter half of the year!
A new malware threat, TransferLoader, is causing significant concern in cybersecurity circles, allowing attackers to execute arbitrary commands on compromised systems.
Key Highlights:
• Detected in February 2025, it employs advanced evasion techniques.
• Utilizes a multi-stage framework for payload delivery and remote command orchestration.
• Leverages decentralized IPFS for persistent command-and-control channels.
• Highly effective against systems, evidenced by its use in a recent attack on an American law firm.
With its modularity and sophisticated obfuscation methods, TransferLoader is reshaping the landscape of cyber threats, making detection increasingly challenging for security teams.
The new seQure Cybersecurity Platform, named Ground-Truth, has officially launched on Oracle Cloud Infrastructure, showcasing exciting advancements in cyber defense. Key features include:
• AI-Powered Threat Detection: Utilizing cutting-edge technology for efficient threat identification.
• Zero-Trust Monitoring: Designed to ensure the highest levels of security.
• Seamless Integration: Works smoothly with existing systems for superior data management.
This partnership not only enhances security operations but also allows customers to meet data residency requirements while benefiting from Oracle’s robust infrastructure. Ground-Truth aims to revolutionize how organizations combat cyber threats and safeguard sensitive information.
Introducing Xanthorox, the new BlackHat AI tool altering the cybercrime landscape! This sophisticated platform emerged in April 2025, specifically engineered to streamline phishing and malware attacks. Here are some highlights:
• Self-hosted and runs on private servers, making detection difficult.
• Features five specialized AI models for tasks like code generation and phishing message crafting.
• Offers real-time web scraping and deepfake capabilities.
• Increasingly sits at the intersection of cybercrime-as-a-service, elevating the threat level to organizations.
Xanthorox represents a significant leap in malicious AI tools, prompting the urgent need for enhanced cybersecurity measures. Stay vigilant!