Japan
New Phobos and 8base ransomware decryptor recover files for free
The Japanese police have released a Phobos and 8-Base ransomware decryptor that lets victims recover their files for free, with GeekFeed confirming that it successfully decrypts files. Phobos is a ransomware-as-a-service operation that launched in December 2018, enabling other threat actors to join as affiliates and utilize their encryption tool in attacks. In exchange, any […]
CoGUI phishing platform sent 580 million emails to steal credentials
A new phishing kit named ‘CoGUI’ sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data. The messages impersonate major brands like Amazon, Rakuten, PayPal, Apple, tax agencies, and banks. The activity culminated in January 2025, where 170 campaigns sent 172,000,000 phishing messages to targets, […]
Active! Mail RCE flaw exploited in attacks on Japanese orgs
An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. Active! mail is a web-based email client developed initially by TransWARE and later acquired by Qualitia, both Japanese companies. While it’s not widely used worldwide like Gmail or Outlook, Active! is often used as a groupware component […]
Data breach at Japanese telecom giant NTT hits 18,000 companies
Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. The data breach was discovered in early February 2025, but the exact date when the hackers gained initial access to NTT’s systems hasn’t been determined. “NTT Communications Corporation discovered on February 5 […]
Subaru Starlink flaw let hackers hijack cars in US and Canada
Security researchers have discovered an arbitrary account takeover flaw in Subaru’s Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate. Bug bounty hunter Sam Curry revealed on Thursday that the vulnerability was discovered on November 20, 2024, with the help of researcher Shubham Shah. They found […]
Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025
The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. Throughout the event, they targeted automotive software and products, including electric vehicle (EV) chargers, car operating systems (i.e., Android Automotive OS, Automotive Grade Linux, and BlackBerry QNX), and in-vehicle infotainment (IVI) systems. According to the Pwn2Own Tokyo 2025 contest rules, all […]
Tesla EV charger hacked twice on second day of Pwn2Own Tokyo
Security researchers hacked Tesla’s Wall Connector electric vehicle charger twice on the second day of the Pwn2Own Automotive 2025 hacking contest. They also exploited 23 more zero-day vulnerabilities in WOLFBOX, ChargePoint Home Flex, Autel MaxiCharger, Phoenix Contact CHARX, and EMPORIA EV chargers, as well as in the Alpine iLX-507, Kenwood DMX958XR, Sony XAV-AX8500 In-Vehicle Infotainment […]
Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025
On the first day of Pwn2Own Automotive 2025, security researchers exploited 16 unique zero-days and collected $382,750 in cash awards. Fuzzware.io is leading the competition after hacking the Autel MaxiCharger and Phoenix Contact CHARX SEC-3150 electric vehicle chargers using a stack-based buffer overflow and an origin validation error bug. This earned them $50,000 and 10 Master […]
US govt says North Korea stole over $659 million in crypto last year
North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday. The announcement also warns that threat groups linked to the Democratic People’s Republic of Korea (DPRK) are still actively targeting blockchain technology industry […]
MirrorFace hackers targeting Japanese govt, politicians since 2019
The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a cyber-espionage campaign targeting the country to the Chinese state-backed “MirrorFace” hacking group. The campaign has been underway since 2019 and is still ongoing, while the Japanese investigators have observed distinct phases with differentiation of targets and attack methods. In […]