Chinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat Intelligence Group (GTIG) analyzed a dozen active PhaaS offerings operating in Chinese-language underground communities and found mature services, with several likely linked to broader criminal activity in the region. Nearly all legitimate organizations mimicked by these phishing…
Tag: cybercriminal
AI, Exploits, Global Security News, Government & Policy, malware
UAC-0057 Attack Detection: OYSTERFRESH, OYSTERSHUCK, and OYSTERBLUES Fuel Phishing Campaigns Against Ukrainian State Organizations
Phishing remains one of the most effective tools in the cybercriminal arsenal, especially when threat actors abuse trusted identities, compromised legitimate accounts, and familiar online services to increase victim interaction. Europol notes that phishing techniques remain a main distribution vector for data-stealing malware, while CERT-UA’s latest advisory shows that the same social engineering logic continues…
Global Security News
Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
Here’s a tip for you all. Unless you want to draw attention to yourself as a cybercriminal, don’t flaunt your diamond-encrusted “HACK THE PLANET” necklace on Snapchat, or pose as a Sopranos crime boss while the FBI is reportedly closing in. Read more in my article on the Hot for Security blog.
Global Security News
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The fact that VECT’s locker permanently destroys large files rather than…
AI, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, privacy
The Best VPNs for Small Businesses on a Budget in 2026
One wrong click. One rogue Wi-Fi connection. One stolen credential. That’s all it takes for a cybercriminal to breach your small business. And while you may not have an enterprise-sized budget, you still have plenty to lose: sensitive data, client trust, even your reputation. That’s where a virtual private network (VPN) comes in. A VPN…
AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
UAC-0247 Attack Detection: AGINGFLY Malware Targets Hospitals, Local Governments, and FPV Operators in Ukraine
Phishing remains one of the most effective tactics in the cybercriminal playbook, particularly when attackers exploit urgent humanitarian themes, trusted online resources, and legitimate system tools to increase victim engagement. Europol also notes that phishing continues to serve as a primary delivery vector for data-stealing malware. This pattern is clearly reflected in the latest activity…
china, Exploits, Global Security News
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. […]
AI, Apps, Cybersecurity, Global Security News, Government & Policy, malware, Network Security, Russia
UAC-0255 Attack Detection: Threat Actors Impersonate CERT-UA to Infect Ukrainian Public and Private Sector Organizations With AGEWHEEZE RAT
Phishing remains one of the most effective tools in the cybercriminal arsenal, especially when threat actors abuse the credibility of trusted institutions and familiar digital services to increase victim interaction. In late March 2026, CERT-UA revealed a phishing campaign tracked as UAC-0255 in which attackers impersonated the agency and attempted to infect organizations across Ukraine’s…
AI, Exploits, Global Security News, malware, Network Security, Russia
Russian access broker sentenced to over 6 years in prison for ransomware schemes
A federal court in Indiana sentenced a Russian cybercriminal to 81 months in prison on charges related to his role as an initial access broker for ransomware groups. Aleksei Volkov, 26, of St. Petersburg, Russia, pleaded guilty in November 2025 to six federal charges stemming from his work with the Yanluowang ransomware group and other…
Global Security News, Russia
Russian Initial Access Broker Handed 81-Month Sentence
Russian cybercriminal Aleksei Volkov has received close to seven years behind bars for role in Yanluowang ransomware
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
Microsoft has warned enterprises that cybercriminal group Storm-2561 is hijacking search engine results to serve trojanized VPN clients, stealing corporate credentials, and then covering its tracks before victims suspect anything is wrong. The group pushes spoofed websites to the top of results for queries such as “Pulse VPN download” or “Pulse Secure client,” redirecting users…
Global Security News
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Iranian APTs have long pretended to be cybercriminal groups. Now they’re working with actual cybercriminal groups.
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management, Russia
AWS Threat Intel Finds 600+ FortiGate Devices Hit
A financially motivated cybercriminal has used commercial generative AI tools to compromise more than 600 FortiGate devices across 55 countries — without exploiting specific software vulnerabilities. This “… campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale,” said CJ…
AI, china, Exploits, Global Security News, Network Security, Russia
AI-powered campaign compromises 600 FortiGate systems worldwide
A Russian-speaking cybercriminal used commercial generative AI tools to hack over 600 FortiGate devices across 55 countries. Amazon Threat Intelligence reports that a Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise more than 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, highlights how…
Global Security News
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal
AI, Compliance, Global Security News, Government & Policy, privacy
I hacked the government, and your headphones are next
In episode 451 of “Smashing Security,” we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more – and then helpfully posted screenshots (and even someone’s blood type) on an account called “I hacked the government.” Plus we discuss how researchers uncovered a creepy flaw that lets attackers hijack wireless headphones, listen…
AI, Compliance, Cybersecurity, Global Security News, malware, privacy, Risk Management
A hacker doxxes himself, and social engineering-as-a-service
A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer… and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier than 2025. Plus,…