Proofpoint says TA4922, a suspected China aligned cybercrime group, is targeting UK and European organisations with tax, payroll and benefits themed malware campaigns.
Tag: suspected
Global Security News, Risk Management
Police arrest man following hack of Ajax football club
Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hundreds of thousands of supporters was put at risk. Read more in my article on the Hot for Security blog.
AI, Global Security News
Police arrest suspect in Ajax football club hack that exposed 300,000 fan records
The Dutch National Police arrested a man suspected of hacking into the computer systems of AFC Ajax, a football club from Amsterdam. “On the morning of Tuesday, May 26, detectives arrested a 35-year-old man from the municipality of Buren for computer intrusion at the Amsterdam football club Ajax. The man is suspected of intentionally and…
Global Security News
Dutch police arrests suspect linked to Ajax football club hack
The Dutch National Police arrested a 35-year-old man suspected of hacking the professional football club Ajax Amsterdam (AFC Ajax) earlier this year. […]
AI, Global Security News
Game over for 74 suspected scammers after Dutch cops plastered their faces on billboards
The Dutch police’s Game Over?! campaign, which publicly displays images of suspected fraudsters to encourage self-surrenders and gather public tips, is proving successful, with the identities of 74 of the 100 suspects shown already identified. A digital display promoting the Dutch police’s Game Over?! campaign (Source: Politie) Launched in March 2026, the campaign displays blurred…
AI, Global Security News, Government & Policy
Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign
A campaign linked to a suspected Malaysian government operation has been using hidden command and control infrastructure for…
china, Global Security News
China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer
A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit
AI, Exploits, Global Security News
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of all formatting, and destinations of all links included in the message become visible to the…
Global Security News, Network Security
Police Shut Relaunched Crimenetwork Dark Web Marketplace
Spanish police have arrested the suspected administrator of German dark web marketplace Crimenetwork
Exploits, Global Security News, Network Security
Palo Alto Networks firewall zero-day exploited for nearly a month
Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. […]
AI, Data Breaches, Global Security News, Government & Policy, Network Security
15-year-old detained over massive data breach at French government agency
French authorities have detained a 15-year-old suspected of involvement in a data breach at France Titres, the government agency responsible for issuing official documents. “Between 12 and 18 million data records were reportedly being offered for sale on cybercriminal forums by a hacker known as “breach3d,“ the Paris Prosecutor’s Office said in a press release.…
AI, Global Security News
15-year-old detained over French govt agency data breach
French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country’s agency for issuing and managing administrative documents. […]
Global Security News
Private Chats, Photos of Celebs Exposed in Suspected Stalkerware Leak
Private chats and photos of celebrities and influencers were exposed after a suspected stalkerware setup left a database open, revealing sensitive messages and files.
Europe, Global Security News, Network Security
Police arrest 10 suspected members of Black Axe cybercrime gang
A coordinated police operation in Switzerland has targeted suspected members of the Black Axe criminal network. On 28 April 2026, authorities carried out house searches across several Swiss cantons, leading to 10 arrests, including the Black Axe ‘Regional Head’ for Southern Europe. Most of those arrested are reported to be of Nigerian origin. The suspects…
AI, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Russia
Signal Phishing Campaign Targets German Officials in Suspected Russian Operation
Suspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies on deception rather than technical exploits. Recent investigations by German authorities point to a large-scale phishing campaign conducted via…
Data Breaches, Global Security News
French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches
A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 – including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees – has been arrested at his home in western France. Read more in my article on the Hot for Security…
Cybersecurity, Global Security News, malware
New Cisco firewall malware can only be killed by pulling the plug
Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco Firepower and Secure Firewall devices; however, CISA has only observed a successful implant of the malware in the…
AI, Data Breaches, Global Security News
Hacker with a special interest in breaching sports institutions ends behind bars
French police have arrested a suspected hacker linked to a series of data breaches affecting organizations in the country. Citing authorities, Le Parisien reported that the suspect, a 20-year-old man using the alias ‘HexDex,’ was taken into custody on April 22, 2026, in the Vendée region, western France. The suspect admitted to using the alias…
AI, Cybersecurity, Global Security News, Government & Policy, malware
Why the Axios attack proves AI is mandatory for supply chain security
Two weeks ago, a suspected North Korean threat actor slipped malicious code into a package within Axios, a widely used JavaScript library. The immediate concern was the blast radius: roughly 100 million weekly downloads spanning enterprises, startups, and government systems. But beyond the sheer scale, the attack’s speed was just as worrisome – a stark…
AI, Global Security News, Government & Policy
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX. Two of the targets included prominent Egyptian journalists and government critics, Mostafa
AI, Apps, Cybersecurity, Global Security News, Government & Policy, malware
Hack-for-hire spyware campaign targets journalists in Middle East, North Africa
An apparent hack-for-hire campaign from a group with suspected Indian government connections targeted Middle Eastern and North African journalists and activists using spyware, three collaborating organizations said in reports published Wednesday. The attacks shared infrastructure that pointed to the advanced persistent threat group known as Bitter, which most frequently targets government, military, diplomatic and critical…
AI, Global Security News
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3, March 13, and March 23, 2026, per Check Point. “The campaign is…
AI, Apps, china, Exploits, Global Security News, Government & Policy, malware, Network Security
TrueConf zero-day vulnerability exploited to target government networks
Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in Southeast Asia, Check Point researchers discovered. Malicious client update attack chain (Source: Check Point) Trusted update mechanism turned into attack vector TrueConf is a videoconferencing platform designed to run on private local networks (LANs)…
AI, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management
Insider Threats Rise with North Korean AI Hiring Fraud Schemes
A suspected North Korean operative attempted to infiltrate a cybersecurity firm using a stolen identity and an AI-generated resume, underscoring how hiring pipelines are becoming an attack vector. The failed attempt reveals how threat actors are blending identity theft, automation, and anonymized infrastructure to bypass traditional recruiting safeguards. “In June 2025, we used a combination…
Global Security News
North Korean Hacker Lands Remote IT Job, Caught After VPN Slip
New research from LevelBlue reveals how a suspected North Korean operative landed a remote IT role to fund national weapons programmes.
AI, Cybersecurity, Exploits, Global Security News
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that’s consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet.…
AI, Exploits, Global Security News, Government & Policy, Russia
Second iOS exploit kit emerges from suspected Russian hackers using possible U.S. government-developed tools
Researchers have discovered a second instance of suspected Russian hackers repurposing iOS exploits believed to originally be made on behalf of the U.S. government, pointing to what they say are several foreboding trends. iVerify, Lookout and Google collaborated on the research published Wednesday, a follow-up to earlier revelations about a similar exploit kit, Coruna. While…
AI, Global Security News, Government & Policy
SideWinder Espionage Campaign Expands Across Southeast Asia
The suspected India-linked threat group targets governments, telecom, and critical infrastructure using spear-phishing, old vulnerabilities, and rapidly rotating infrastructure to maintain persistent access.
AI, china, Global Security News, Network Security
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA stands for state-backed motivation. “The activity demonstrated strategic operational…
AI, Cybersecurity, Global Security News, malware
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163. “Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used…
AI, Global Security News
€1 million online fraud scheme uncovered, three suspects arrested
A criminal group suspected of running an online fraud scheme in Germany, which defrauded victims of around €1 million, has been dismantled through judicial cooperation coordinated by Eurojust. On 10 March, German and French authorities arrested three suspects in a joint operation. The main suspect, located in France, appeared before a judge after an arrest…
AI, Global Security News
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces,…
AI, china, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Politics
FBI wiretap system tapped by hackers
The US Federal Bureau of Investigation (FBI) has identified a suspected incident on a network used to manage wiretaps and foreign intelligence surveillance warrants, CNN reported. The FBI acknowledged the incident in a statement to CNN, saying, “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to…
AI, china, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Politics
FBI wiretap system tapped by hackers
The US Federal Bureau of Investigation (FBI) has identified a suspected incident on a network used to manage wiretaps and foreign intelligence surveillance warrants, CNN reported. The FBI acknowledged the incident in a statement to CNN, saying, “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Politics
FBI targeted with ‘suspicious’ activity on its networks
The FBI found evidence that its networks had been targeted in a suspected cybersecurity incident, the bureau confirmed on Thursday, without sharing any further details. “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the agency said in a statement. “We have nothing additional to…
AI, Global Security News, Government & Policy, malware
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country’s Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the…
AI, APAC, china, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware
Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries
Google and partners disrupted UNC2814, a suspected China-linked group that hacked 53 organizations across 42 countries. Google, with industry partners, disrupted the infrastructure of UNC2814, a suspected China-linked cyber espionage group that breached at least 53 organizations in 42 countries. The group has been active since at least 2017, and was spotted targeting governments and…
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security
New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads
A newly uncovered infostealer, suspected to be built with the help of a large language model, is targeting victims with Python and C++ variants, each tailored for a different stage of data theft. Kaspersky researchers discovered a stealer dubbed “Arkanix,” which is capable of harvesting credentials, browser data, cryptocurrency, and banking assets from infected machines.…
AI, china, Exploits, Global Security News, Network Security
China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769)
A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day flaw (CVE-2026-22769) in Dell’s RecoverPoint for Virtual Machines software since at least mid-2024, according to new research from Google’s threat intelligence team and Mandiant. The attackers deployed stealthy backdoors (BRICKSTORM and GRIMBOLT), a webshell (SLAYSTYLE) and maintained long-term access inside targeted networks. “Beyond…
AI, china, Exploits, Global Security News, malware, Risk Management
China-linked APT weaponized Dell RecoverPoint zero-day since 2024
A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. “Mandiant and Google Threat Intelligence Group (GTIG) have identified…
Exploits, Global Security News
Chinese hackers exploiting Dell zero-day flaw since mid-2024
A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. […]
AI, Global Security News
Poland arrests suspect linked to Phobos ransomware operation
Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. […]
Global Security News, Security
Police arrest seller of JokerOTP MFA passcode capturing tool
The Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can intercept one-time passwords (OTP) for hijacking accounts. […]