Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says
Tag: been
Global Security News
Betterleaks: Open-source secrets scanner
Secrets scanning has become standard practice across engineering organizations, and Gitleaks has been one of the most widely used tools in that space. The author of that project has now released a new tool called Betterleaks, which is designed to scan git repositories, directories, and standard input for leaked credentials, API keys, tokens, and passwords.…
Exploits, Global Security News
Ransomware gang exploits Cisco flaw in zero-day attacks since January
The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. […]
Exploits, Global Security News
New “Darksword” iOS exploit used in infostealer attack on iPhones
A new exploit kit for iOS devices and delivery framework dubbed “Darksword” has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. […]
Global Security News
Boomi, a 12X Leader, Positioned for Ability to Execute in the 2026 Gartner Magic Quadrant for Integration Platform as a Service
COMPANY NEWS: Boomi, the data activation company, today announced it has been recognised as a Leader and positioned highest for Ability to Execute in the 2026 Gartner® Magic Quadrant™ for Integration Platform as a Service (iPaaS). This marks the 12th consecutive time Boomi has been named a Leader – the longest recognised vendor in the report’s…
AI, Apps, Global Security News
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni. “Initial access was achieved through a spear-phishing…
Global Security News, Russia
Free parking in Russia after Distributed Denial-of-Service attack knocks city’s parking system offline
Drivers in the Russian city of Perm have been enjoying an unexpected bonus this week: free parking. Not because the city council suddenly decided to embrace generosity – but rather because hackers succeeded in knocking the city’s payment system offline. Read more in my article on the Hot for Security blog.
AI, Exploits, Global Security News
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. “Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate…
AI, Global Security News
Certificate lifespans are shrinking and most organizations aren’t ready
The push for shorter TLS certificate lifespans has been building for years. It started with Google’s internal push toward 90-day certificates, which gained traction inside the industry before resistance from enterprise customers slowed things down. Then Apple proposed 47-day certificates, which reignited the debate and ultimately forced the CA/Browser Forum to set a formal schedule.…
AI, Cybersecurity, Global Security News
Investigating a New Click-Fix Variant
Disclaimer: This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content is intended for informational and preparedness purposes only. Read more blogs around…
AI, Exploits, Global Security News
Google fixed two new actively exploited flaws in the Chrome browser
Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild. Google has released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws. “Google is aware that exploits for…
AI, Endpoint, Europe, Global Security News, privacy, Risk Management
Building Trust in AI SOC Analyst Solutions: A UK and EU CISO Perspective
By Brett Candon, VP International at Dropzone AI Trust has always been critical in security operations, but in the UK and Europe it carries significant regulatory weight. GDPR, NIS2 and similar related data‑protection frameworks shape far more than legal risk, they directly influence architectural decisions, supplier selection, and how security data can be accessed, processed…
AI, Data Breaches, Global Security News
ShinyHunters claims new campaign targeting Salesforce Experience Cloud sites
Salesforce customers have, once again, been targeted by the ShinyHunters group – or, at least, it’s what the group claims. Attackers modified and abused benign tool On Saturday, Saleforce confirmed that its security team has identified an attack campaign by unnamed malicious actors looking to access customers’ data. The attackers are not leveraging a vulnerability…
AI, Global Security News, malware
Medtech giant Stryker offline after Iran-linked wiper malware attack
Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. […]
AI, Compliance, Data Breaches, Global Security News
Storage vendor offers a real guarantee — but check out those fine-print exceptions
For as long as most junior coders have been alive, tech vendors have talked up performance guarantees even though they neglect to detail just what happens if they don’t deliver as promised. I have been begging vendors to knock off these deceptions for a long time — a very long time. Last week, I briefly…
AI, Global Security News
Analyzing “Zombie Zip” Files (CVE-2026-0866), (Wed, Mar 11th)
A new vulnerability (CVE-2026-0866) has been published: Zombie Zip. It’s a method to create a malformed ZIP file that will bypass detection by most anti-virus engines. The malformed ZIP file can not be opened with a ZIP utility, a custom loader is required. The trick is to change the compression method to STORED while the contend…
AI, Cloud Security, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management, Venture
There’s only one kind of tool security teams should be building with AI
I am not sure what I’ve been doing on social media over the past year (particularly on LinkedIn), but these days my feed is filled with posts of security people who build some very cool tools. There’s so much excitement that with LLMs, anyone can now be a product developer, which means that security teams…
AI, Endpoint, Global Security News, malware, Russia
HR, recruiters targeted in year-long malware campaign
An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments and leveraging a specialized module designed to kill antivirus and endpoint detection software, the Russian-speaking attacker(s) behind this campaign have managed to keep their activity largely under the radar. “We currently lack telemetry…
AI, Global Security News
Why AI Is Becoming Central to Predictive Maintenance Strategies
GUEST OPINION: Predictive maintenance has long been sold as a silver bullet for asset-intensive organisations. By anticipating failures before they occur, the theory goes, businesses can reduce downtime, extend asset life and significantly lower maintenance costs.
AI, Apps, Global Security News, malware
Devs looking for OpenClaw get served a GhostClaw RAT
A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research. The package, published under the name “@openclaw-ai/openclawai”, pretends to be an installer for the legitimate CLI tool but instead launches a multi-stage infection chain that steals system credentials, browser…
AI, Global Security News, malware, Russia
APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
I replaced manual pen tests with automation. Here’s what I learned.
More accreditation and compliance requirements have been added in response to cyber incidents. While these frameworks play an important role in establishing security baselines, true security is more than just achieving a perfect compliance score. As I often say, “policies and procedures won’t stop an attacker, they’ll just have more documents to exfiltrate when they…
AI, Global Security News, Government & Policy, Russia
Dutch govt warns of Signal, WhatsApp account hijacking attacks
Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. […]
Global Security News
The Narwal Flow mops up the competition but its app needs reworking
It has been a decade and a half since I reviewed my first robot vacuum cleaner. It had no intelligent navigation. It simply bounced off walls at random angles. Since then we’ve seen a long list of improvements in robovacs.
AI, Global Security News, Government & Policy, Network Security
Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed
AI, Cybersecurity, Global Security News
Turning expertise into opportunity for women in cybersecurity
Speaker diversity in cybersecurity has been a talking point for over a decade, with panels, pledges, and dedicated conference tracks failing to produce change. Stages still skew heavily male, even as women represent millions of qualified professionals in the field. SheSpeaksCyber, a free and open directory launched by the Women4Cyber Foundation, aims to close that…
AI, Global Security News
Iran’s Cyber-Kinetic War Doctrine Takes Shape
Iran has been hacking IP cameras to plan missile strikes against its enemies, and mounting other attacks on physical assets, showing how cyber and kinetic warfare are fast becoming one in the same.
AI, Global Security News, Network Security
Iran-linked APT targets US critical sectors with new backdoors
An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader cyber operations connected to escalating geopolitical tensions in the Middle East. New backdoors used by Seedworm Symantec and Carbon Black researchers have attributed the activity to Seedworm (aka MuddyWater), an…
china, Global Security News
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants. The activity is being tracked by Cisco Talos under the moniker UAT-9244, describing it as closely associated with another cluster known as FamousSparrow. It’s worth
china, Global Security News, Network Security
Chinese state hackers target telcos with new malware toolkit
A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices. […]
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Politics
FBI targeted with ‘suspicious’ activity on its networks
The FBI found evidence that its networks had been targeted in a suspected cybersecurity incident, the bureau confirmed on Thursday, without sharing any further details. “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the agency said in a statement. “We have nothing additional to…
AI, Global Security News
Designing for reality: what my non-traditional path taught me about diversity in tech
INTERNATIONAL WOMEN’S DAY: The business case for diversity has been clear for years. But that clarity has not produced urgency. We are now at a critical inflection point – if we hesitate, customer trust will be impacted because of flawed solutions or AI systems that fail to meet their needs.
AI, Global Security News, Government & Policy, malware
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country’s Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the…
AI, Exploits, Global Security News
Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
A previously undocumented set of 23 iOS exploits named “Coruna” has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks. […]
AI, Compliance, Global Security News, Venture
MY TAKE: ChatGPT is turning into Microsoft Office — and power users are paying the price
Something has been shifting inside the tools millions of us use every day, and it’s worth naming out loud. Related: AI is becoming a daily routine Over the past several months I’ve watched ChatGPT change. Not in some abstract, version-number way. In the way it feels when you’re actually working with it — trying to…
AI, Global Security News, Risk Management
ImmuniWeb launches a Cyber Threat Intelligence service
ImmuniWeb Discovery has been enhanced with a dedicated Cyber Threat Intelligence (CTI) offering. In addition to detecting customer-specific incidents on the dark web and other locations across the internet, the new CTI capability enables customers to stay continuously informed about emerging trends in cybercrime, the regulatory landscape, and supply chain risks. In addition to strategic…
AI, Apps, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
$5M Microsoft Activation Key Fraud Ends in Prison Term
A Florida woman has been sentenced to 22 months in federal prison for running a years-long scheme that trafficked thousands of illicit Microsoft software activation keys. Heidi Richards, who operated Trinity Software Distribution, was also ordered to pay a $50,000 fine after pleading guilty to charges tied to the resale of Microsoft Certificate of Authenticity…
AI, APAC, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management, Venture
Anthropic won’t kill cyber, but it will kill some companies
Over the past several weeks, social media has been exploding with predictions that “cyber is dead”. It doesn’t take much insight to jump on that bandwagon, as Anthropic’s announcement of Claude Code Security indeed sent the cybersecurity public market into turmoil, with some companies losing as much as 20% of their market cap. Contrary to…
Global Security News
Kinetic IT advances to ServiceNow Elite Partner status
COMPANY NEWS: Australian technology services provider Kinetic IT has announced that it has been recognised as a ServiceNow Elite Partner in Consulting & Implementation for providing guidance and expertise to help customise, implement, and scale ServiceNow solutions.
AI, Apps, Exploits, Global Security News, Government & Policy, malware, Risk Management
UAC-0252 Attack Detection: SHADOWSNIFF and SALATSTEALER Fuel Phishing Campaigns in Ukraine
Since January 2026, CERT-UA has been tracking a series of intrusions attributed to UAC-0252 and built around SHADOWSNIFF and SALATSTEALER infostealers. The campaigns rely on well-crafted phishing lures, payload staging on legitimate infrastructure, and user-driven execution of disguised EXE files. Detect UAC-0252 Attacks Covered in CERT-UA#20032 According to the Phishing Trends Q2 2025 research by…
AI, Global Security News, Government & Policy, malware
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as…
Global Security News
Hacktivist campaigns increase as United States, Iran, and Israel conflict intensifies
Rising tensions have sparked an increase in regional hacktivist activity, but impact has been minimal Categories: Threat Research Tags: hacktivism, Iran, israel, Operation Epic Fury
AI, Apps, Endpoint, Europe, Global Security News, Network Security, privacy
Windows 11 Insider Previews: What’s in the latest build?
Windows 11 25H2 has been released, but behind the scenes, Microsoft is constantly working to improve the newest version of Windows. The company frequently rolls out public preview builds to members of its Windows Insider Program, allowing them to test out — and help shape — upcoming features. Skip to the latest builds The Windows…
AI, Exploits, Global Security News, Russia
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. “Protection mechanism failure in MSHTML Framework allows an unauthorized
Global Security News
Kinetic IT named a 2026 ServiceNow partner of the year
COMPANY NEWS: Kinetic IT today announced it has been named 2026 ServiceNow Consulting & Implementation Rising Star Partner of the Year for Asia Pacific, recognising its outstanding achievements and contributions to the ServiceNow ecosystem.
Global Security News, malware
QuickLens Chrome extension steals crypto, shows ClickFix attack
A Chrome extension named “QuickLens – Search Screen with Google Lens” has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. […]
AI, Apps, Global Security News, Government & Policy, Politics, Risk Management
Anthropic to Department of Defense: Drop dead
In recent weeks, AI giant Anthropic has been locked in a high‑stakes confrontation with the Trump administration’s Department of Defense (DoD) over new standard terms the Pentagon wants to impose on AI vendors. Defense Secretary Pete Hegseth had demanded contract language that would give the military “any lawful use” of Anthropic’s models, effectively stripping out…
AI, Global Security News
Claude 3 snares itself regular writing gig
Claude Opus 3, which has been replaced by Claude Opus 4.6 as Anthropic’s most powerful AI model, has managed to find a new position. The “newly retired” AI model has launched its own Substack blog, Claude’s Corner, which it is aiming to publish it weekly. Claude set out its purpose in writing the blog: “My…
AI, Data Breaches, Global Security News, malware, Network Security
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves…
AI, Global Security News, Politics
Google’s Gemini, 3 years in: Is this the future we wanted?
Believe it or not, it’s now been a full three years since Google’s Gemini assistant took its incredibly awkward and painfully premature first steps into the world. Google announced Gemini — known as Bard, at the time — in February of 2023. (In a classic Google move, the Gemini moniker came into the mix several…
AI, Global Security News, Government & Policy
NATO greenlights iPhone and iPad for classified information handling
Apple confirmed that the iPhone and iPad have been approved for use with classified information in NATO restricted environments. The devices will no longer require special software or settings to handle NATO restricted-level information. “This achievement recognizes that Apple has transformed how security is traditionally delivered. Prior to iPhone, secure devices were only available to…
AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Cisco SD-WAN Zero-Day Actively Exploited to Gain Root Access
A zero-day vulnerability in Cisco Catalyst SD-WAN products has been actively exploited since at least 2023, allowing attackers to bypass authentication and ultimately gain root access in targeted environments. This flaw affects core control-plane components and has been linked to a sophisticated threat actor cluster known as UAT-8616. “The Cisco Catalyst SD-WAN zero-day, which is…
AI, Global Security News
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor. “Dohdoor utilizes…
Global Security News
Cricut launches new cutting machines – Cricut Joy 2 and Cricut Explore 5 plus Design Space enhancements
Cricut (pronounced “cricket”) has already been bringing creative ideas to reality with its rich ecosystem of cutting machines, heat presses, materials, and more, and today has announced the next generation of its Cricut Explore and Cricut Joy series. The machines bring a sleeker, modern design as well as a simplified, guided software experience to help…
AI, Exploits, Global Security News, Network Security, Risk Management
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager and allows remote, unauthenticated attackers to bypass authentication and gain full administrative access by sending…
Global Security News
Ricoh Named A Leader For The Third Time In Worldwide High-Speed Inkjet By IDC MarketScape
COMPANY NEWS: Ricoh has been positioned in the Leaders Category for the third time in the IDC MarketScape: Worldwide High-Speed Inkjet 2025 Vendor Assessment.
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security
Governments issue warning over Cisco zero-day attacks dating back to 2023
Attackers have been exploiting a pair of zero-day vulnerabilities in Cisco’s network edge software for at least three years, and the global campaign is ongoing, authorities said across a series of warnings released Wednesday. The Cybersecurity and Infrastructure Security Agency issued an emergency directive about the global attacks and issued joint guidance with the Five…
AI, Exploits, Global Security News
Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)
A “highly sophisticated” cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller (formerly vSmart), Cisco has announced today. The vulnerability was reported by Australian Signals Directorate’s Australian Cyber Security Centre, who said that once the vulnerability was exploited, “the malicious actors add[ed] a rogue peer, and eventually…
AI, Global Security News
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between…
Global Security News, Russia
Former Defense Contractor Boss Gets 7+ Years for Selling Zero Days
A former general manager of a US defense contractor has been sentenced after selling zero days to Russia
Exploits, Global Security News, Russia
Ex-L3Harris executive sentenced to 87 months for selling stolen cyber-exploit trade secrets
Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has been sentenced to 87 months in prison by a federal judge in Washington, D.C., after pleading guilty to stealing and selling sensitive cyber-exploit trade secrets to a Russian broker. Williams admitted his actions caused the defense contractor an estimated $35 million in losses. The…
Global Security News, privacy
$10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with Amazon
Amid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon’s servers. Read more in my article on the Hot for Security blog.
AI, Global Security News
Ukrainian convicted for helping fake North Korean IT workers
A Ukrainian man has been sentenced to five years in prison after helping North Korean IT workers infiltrate American companies using stolen identities, reports Bleepingcomputer. The 39-year-old man from Kiev pleaded guilty in November 2025 to charges including aggravated identity theft and conspiracy to commit fraud. He has also agreed to surrender assets worth over…
AI, Exploits, Global Security News, Russia
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October…
AI, Exploits, Global Security News
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. “Attackers can craft hidden instructions inside a
AI, Data Breaches, Global Security News
Teenagers charged over public bike service breach that exposed 4.62 million records
Two South Korean teenagers have been charged in connection with a cyberattack that compromised the personal data of 4.62 million users of Seoul’s public bike service, Ttareungyi. The compromised data included user IDs, mobile phone numbers, addresses, dates of birth, gender, and weight. According to the Cyber Investigation Unit of the Seoul Metropolitan Police Agency,…
AI, Europe, Global Security News, Russia
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor’s targeting beyond Ukraine and into entities supporting the war-torn nation. The activity, which targeted an unnamed entity involved in regional
AI, Global Security News
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom’s threat intelligence division said it also identified the same threat actors mounting an…
AI, Global Security News
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. “The group used several
AI, china, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia
The rise of the evasive adversary
Since the earliest days of the internet, there has never been a let-up in adversarial activity. According to CrowdStrike’s just-released 12th annual Global Threat Report, malicious activity in cyberspace continues to not only accelerate but also expand its scale and increasingly abuse the trust of targeted organizations. The good news is that, despite discussion of…
AI, Europe, Exploits, Global Security News, Russia
APT28 Targeted European Entities Using Webhook-Based Macro Malware
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation…
AI, Apps, Europe, Global Security News, Government & Policy, Network Security
In India, Nvidia eyes a different approach to sovereign AI
Nvidia has been talking about sovereign AI for years, but is finding that India’s cultural and economic diversity calls for a different approach. Unlike in the US, truckloads of GPUs won’t drive the chipmaker’s expansion in India. Instead, the company plans to focus on software first, and deal with computing power later. It’s betting on…
AI, Exploits, Global Security News, Russia
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. “No exploitation of FortiGate
AI, Global Security News, malware
Japanese-Language Phishing Emails, (Sat, Feb 21st)
Introduction For at least the past year or so, I’ve been receiving Japanese-language phishing emails to my blog email addresses at @malware-traffic-analysis.net. I’m not Japanese, but I suppose my blog’s email addresses ended up on a list used by the group sending these emails. They’re all easily caught by my spam filters, so they’re not…
Global Security News, Network Security
Japanese tech giant Advantest hit by ransomware attack
Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. […]
Exploits, Global Security News
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the
AI, Global Security News
Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea’s fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr “Alexander” Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to…
Global Security News
Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran
Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali, 41, and her husband Mohammadjavad Khosravi (aka Mohammad Khosravi), 40, along with her sister Soroor…
Europe, Global Security News
New ‘Massiv’ Android banking malware poses as an IPTV app
A newly identified Android banking trojan named Massiv has been under active distribution across south Europe, disguised as an IPTV app. […]
AI, APAC, Apps, china, Endpoint, Exploits, Global Security News, malware, Network Security
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
For the past 18 months, a Chinese cyberespionage group has been exploiting a prevously unknown vulnerability in Dell’s RecoverPoint for Virtual Machines, a VM disaster recovery solution. The flaw, patched by Dell this week, allows unauthenticated attackers to gain command execution on the underlying OS as root. The vulnerability, tracked as CVE-2026-22769, stems from hardcoded…
AI, china, Exploits, Global Security News, Network Security
China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769)
A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day flaw (CVE-2026-22769) in Dell’s RecoverPoint for Virtual Machines software since at least mid-2024, according to new research from Google’s threat intelligence team and Mandiant. The attackers deployed stealthy backdoors (BRICKSTORM and GRIMBOLT), a webshell (SLAYSTYLE) and maintained long-term access inside targeted networks. “Beyond…
AI, Global Security News
Microsoft says bug causes Copilot to summarize confidential emails
Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information. […]
china, Exploits, Global Security News
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
OpenClaw Flaw Enables AI Log Poisoning Risk
A vulnerability has been identified in OpenClaw’s AI assistant that could allow attackers to insert crafted content into system logs. The flaw stems from how certain WebSocket headers were logged, creating a potential log poisoning risk in AI-assisted workflows. “This issue is primarily an indirect prompt injection risk and depends on downstream log consumption behavior.…
AI, APAC, Compliance, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
CVE-2026-25903 Impacts Apache NiFi Users
A vulnerability has been disclosed that potentially impacts organizations using Apache NiFi to manage data pipelines. The issue could allow lower-privileged users to modify restricted components within a data flow due to missing authorization checks. “The missing authorization requires a more privileged user to add a restricted component to the flow configuration, but permits a…
Exploits, Global Security News
Chinese hackers exploiting Dell zero-day flaw since mid-2024
A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. […]
AI, Europe, Global Security News
Cohere’s Tiny Aya Models Bring 70+ Languages to Offline AI
In the world of generative AI, language support has often been a luxury reserved for a handful of global languages. That’s changing fast. Cohere just unveiled a suite of open multilingual models designed to push AI out of data centers and into everyday devices while embracing linguistic diversity at scale. These “Tiny Aya” models underscore…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
Inside Modern API Attacks: What We Learn from the 2026 API ThreatStats Report
API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure. In 2025, the picture changed. Wallarm’s 2026 API ThreatStats Report revealed that APIs are now the primary attack surface for digital business, and not because bad actors discovered…
Apps, Global Security News
What 5 Million Apps Revealed About Secrets in JavaScript
Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery – until now. Intruder’s research team built a new secrets detection method and scanned 5 million applications specifically looking for secrets hidden in JavaScript bundles. Here’s what we learned. […]
AI, Apps, Global Security News, malware
New Keenadu backdoor found in Android firmware, Google Play apps
A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. […]
Global Security News
Man arrested for demanding reward after accidental police data leak
Dutch authorities arrested a 40-year-old man after he downloaded confidential documents that had been mistakenly shared by the police and refused to delete them unless he received “something in return.” […]
AI, Global Security News, malware
Infostealer malware found stealing OpenClaw secrets for first time
With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files associated with the framework that contain API keys, authentication tokens, and other secrets. […]
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security
1,800+ Windows Servers Hit by BADIIS SEO Malware
More than 1,800 Windows servers have been quietly compromised in a sprawling malware campaign that turns legitimate websites into tools for search engine manipulation. The operation leverages a sophisticated strain known as BADIIS to infect Microsoft Internet Information Services (IIS) environments, allowing threat actors to monetize trusted infrastructure without disrupting normal operations. We found “……
AI, Funding, Global Security News, Risk Management
Elon Musk Slams Anthropic AI as ‘Evil’ After $380B Valuation
Anthropic should have been popping champagne. The AI startup recently announced a massive $30 billion funding round that reportedly values the company at roughly $380 billion, cementing its place among the most valuable private AI players in the world. But instead of applause, the company got a public broadside from Elon Musk. In a sharply…
AI, Global Security News, Government & Policy, malware, Russia
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and
AI, Global Security News
UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. “This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of…
AI, Artificial Intelligence, Global Security News, Security
Fake AI Chrome extensions with 300K users steal credentials, emails
A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information. […]
AI, Global Security News, Network Security
Superloop Awarded ‘Fastest Fixed Network’ in Australia for a Second Consecutive Time
COMPANY NEWS: Superloop has again been named “Fastest Fixed Network”* by Ookla for the second half of 2025, securing its second consecutive win and confirming its status as the award winner for 2025’s fastest fixed network provider, based on Ookla’s Speedtest Awards.
AI, data breach, Data Breaches, Data loss, Global Security News, Guest blog, Law & order
Polish hacker charged seven years after massive Morele.net data breach
A 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Read more in my article on the Hot for Security blog.
Global Security News, Microsoft, Security
Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts
The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. […]