APT groups, nation-state activity, campaign tracking
A spear-phishing campaign, attributed to the Pakistan-aligned SideCopy group, has targeted Afghanistan's Ministry of Finance. The attackers used a ZIP archive containing a malicious LNK file with a Pashto-language filename to deliver the Xeno RAT, an open-source remote access trojan.
Hackers are using compromised websites to distribute malware through "ClickFix" and "FakeUpdate" techniques. A threat actor named DriveSurge is behind these large-scale campaigns, which target thousands of sites to deliver malicious payloads.
Spanish police have arrested an individual accused of leaking sensitive data belonging to government employees from several important state organizations. Among the affected entities was the National Cybersecurity Institute (INCIBE). The investigation is ongoing to determine the full extent of the data leak and identify any accomplices.
Hackers exploited a vulnerability in Meta's AI-powered customer support chatbot to gain unauthorized access to celebrity Instagram accounts. They then resold these high-value accounts before Meta was able to fix the exploit.
Malicious actors have registered over 5,000 new domains in an effort to impersonate election-related entities and conduct phishing attacks. These domains are designed to mimic legitimate election websites and organizations, aiming to trick voters into revealing personal information. This tactic highlights the shift from direct election system attacks to social engineering methods.
Microsoft has threatened legal action against a security researcher who published several zero-day exploits, sparking backlash from the cybersecurity community. Critics argue that Microsoft's stance discourages responsible disclosure and could hinder vulnerability research.
Operation Dragon Weave, a new cyber espionage campaign aligned with China, is targeting officials and citizens in the Czech Republic and Taiwan. The campaign uses spear-phishing emails with ZIP attachments to deliver the AdaptixC2 agent to sectors including government, research, academic, technology, and financial services.
Russia is reportedly surveying Britain's subsea cables with submarines, prompting the UK to deploy the Royal Navy and mobilize parliamentary draftsmen. Proposed legislation aims to impose fines and prison sentences for reckless damage to critical infrastructure like these cables.
Dutch authorities have successfully dismantled a large botnet comprising at least 17 million infected devices, including computers, tablets, smartphones, and IoT devices. The operation, conducted by the Dutch Politie and the National Cyber Security Center (NCSC), involved taking down over 200 servers used to control the bot network.
Russian intelligence agencies are actively targeting Western technology by creating shell companies, enlisting intermediaries, and utilizing cyber espionage and hacking operations. This effort aims to acquire sensitive information potentially for use against critical infrastructure as the nation faces economic sanctions.
A Russia-aligned cybercrime group, dubbed Greyvibe, is extensively using generative AI across all stages of its cyberattacks, from crafting phishing lures to malware development. The group targets private, government, and military organizations in Ukraine, aiming for intelligence gathering to support the ongoing war. Researchers have observed the use of custom malware, such as PhantomRelay, and various attack vectors including spear phishing and fake websites.
Microsoft and a security researcher named Nightmare Eclipse are publicly feuding over the handling of vulnerability disclosures. The researcher claims Microsoft rebuffed their attempts to report bugs, leading to public disclosure, while Microsoft asserts the disclosures were not coordinated and created unnecessary risk.
A massive botnet, reportedly linked to a Russia-based residential proxy network and comprising over 17 million devices, has been dismantled. The operation involved authorities taking down the infrastructure used to control these compromised devices.
The notorious ShinyHunters extortion group has leaked over 42 million records allegedly stolen from Charter Communications in April. This data breach could potentially impact nearly 5 million individuals.
Dutch authorities have disrupted a massive malware botnet comprising 17 million infected devices. The operation involved seizing over 200 servers used to control the botnet, effectively taking it offline.
Dutch police have dismantled a massive botnet by taking control of 17 million infected devices. This operation involved identifying and seizing approximately 200 servers used to control the botnet, which were traced to the Netherlands. The hosting provider subsequently disconnected these servers, effectively disrupting the botnet's operations.
A neo-Nazi criminal gang is using its cyberattack proceeds to fund violent and exploitative criminal activities, highlighting the broader societal impact of organizational security failures. The group's cyber operations directly contribute to increased violence and exploitation.
A Russia-linked threat group, identified as GREYVIBE, has reportedly leveraged AI tools, including ChatGPT, throughout their cyberattack campaigns. This group specifically targeted Ukrainian military and government entities with their operations.
A new Russian-linked threat actor named GREYVIBE has been identified targeting Ukraine and related entities since August 2025. This group, believed to be Russian-speaking and operating within the Russian time zone, exhibits activities aligned with Kremlin state interests, utilizing AI-powered cyberattacks.
A North Carolina man has been sentenced to over 10 years in prison for selling the personal data of more than 7 million elderly Americans. This data was reportedly used by Jamaican scammers for fraudulent activities.
ShinyHunters has claimed responsibility for a data breach at telecommunications company Charter, resulting in the exposure of 4.9 million customer records. While Charter asserts that no sensitive data was compromised, the leaked information includes customer names, addresses, phone numbers, and email addresses.
A Google security engineer has been charged with insider trading. The engineer allegedly used confidential company information to gain an advantage on the Polymarket decentralized prediction market, resulting in $1.2 million in winnings. This case highlights the intersection of employee access, financial markets, and the potential for misuse of privileged information.
The North Korean state-sponsored threat actor Kimsuky has been identified in new cyber attacks against South Korean military and corporate entities during March and April 2026. The group utilized a variety of social engineering techniques, including fake security software installation pages and a deceptive Webex meeting page, to carry out these attacks.
Dutch police, with international assistance, have successfully dismantled a massive botnet comprising 17 million devices. The operation targeted the infrastructure used to control these compromised devices, disrupting a significant criminal network.
As global powers increasingly focus on the development of humanoid robots, significant cyber-risk concerns are emerging. Nations are competing for dominance in the embodied AI market and its supply chain, creating a landscape ripe for cyber threats.
A threat cluster known as GreyVibe, believed to be Russian-linked, is targeting Ukrainian organizations using AI-generated phishing lures and custom malware. This campaign leverages AI tools like ChatGPT and Gemini to craft more convincing social engineering tactics.
US lawmakers are urging the Department of Defense (DoD) to implement stricter controls on troops' smartphones. This comes after reports revealed that commercial location data, often collected and sold by third-party apps, was exploited by foreign adversaries to track military personnel. The current regulations are deemed insufficient to prevent such breaches of sensitive information.
A security researcher, reportedly upset over perceived unfair credit for discovering vulnerabilities, has threatened to release multiple zero-day exploits against Microsoft products. The researcher claims to have identified six zero-days, with three already under active exploitation, and has indicated a further release is planned for July 14th.
This article analyzes a year of files uploaded to DShield sensors, revealing trends in the most frequent threats. Activity peaked during the winter months (December 2025 - February 2026) before declining in March 2026.
The FBI has issued a warning about fraudulent websites impersonating FIFA to scam individuals ahead of the 2026 World Cup. These fake sites aim to steal personal and financial information, sell counterfeit tickets and hospitality packages, and perpetrate other World Cup-related fraud.
Dutch law enforcement conducted a raid on THE.Hosting, a bulletproof hosting provider with alleged ties to Russian cybercrime. The operation resulted in the seizure of 800 servers and the arrest of two individuals. However, the core IP address space of the hosting provider was left untouched, suggesting the operation may not significantly disrupt their long-term operations.
Researchers are warning that the Russia-linked threat group 'GreyVibe' is significantly enhancing its cyberattack capabilities by leveraging popular AI tools like ChatGPT and Gemini. This development offers a preview of how future cybercriminal and state-aligned adversaries may adopt AI to their operations.
A Romanian national has been sentenced to 56 months in federal prison for hacking into an Oregon state government computer network. The individual was also responsible for cyberattacks against dozens of other U.S. victims.
Carnival Corporation has confirmed that the ShinyHunters group stole 6 million customer records following a data breach in April. This incident is part of a larger crime spree attributed to the group this year.
A Canadian man has been sentenced to 33 years in prison for orchestrating an eight-year sextortion scheme that targeted over 145 children in the United States. The victims ranged in age from as young as six years old, highlighting the severe impact of such crimes.
A new advanced remote access Trojan (RAT) known as BTMOB RAT is spreading across Brazil and Latin America. It is being delivered through a malware-as-a-service (MaaS) model and features a no-code interface for malware development.
A new, previously unknown threat actor, dubbed JINX-0164, is targeting cryptocurrency firms with a sophisticated campaign. This campaign utilizes recruitment-themed social engineering tactics and custom macOS malware to gain access and steal digital assets, focusing on CI/CD infrastructure.
The FBI has reported that a threat group, known by various names including The Silent Ransom Group (SRG), is successfully gaining physical access to US law firms by impersonating IT support personnel. Once inside, they insert USB devices into victim computers to install malware or steal data, a tactic that has been used for decades but is now being effectively employed in person.
Following a cyberattack on Canvas, a learning management system, which led to a significant student data breach, a parent has become a determined advocate for cybersecurity awareness. The incident involved the threat actor group ShinyHunters and the malware GOLD CRYSTAL.
A new report from RUSI highlights the growing threat of AI-enabled sanctions evasion and proliferation financing, particularly by North Korea and Iran. Adversaries are using AI to automate the creation of fraudulent documents, manage shell companies, and evade cryptocurrency detection, posing new challenges for governments and the private sector.
The FBI has issued a warning regarding the Silent Ransom Group, an extortion gang that is specifically targeting law firms. This group employs social engineering tactics to gain access to sensitive data stored on law firm servers and databases.
CrowdStrike and Google have collaborated to dismantle the Glassworm botnet, which has been actively targeting developers and employing supply-chain attack methods. The botnet's sophisticated infrastructure and operational tactics allowed it to conduct widespread malicious activities.
The UK's cyberspying chief has described Artificial Intelligence as an 'unstoppable force' and warned that Russia is increasing its hostile activities in a 'gray zone' below the threshold of war. This statement aligns with a series of warnings from intelligence experts regarding escalated Russian cyber operations.
A data leak involving 5.8 million records of Uruguayan citizens has been attributed to cybercriminals targeting government agencies. This incident highlights a trend of Latin American cybercriminals actively pursuing and monetizing sensitive government and citizen data.
The FBI is warning law firms about a new extortion tactic where cybercriminals pose as IT support personnel to gain physical access to offices. These individuals then often plug in malicious thumb drives to compromise systems and initiate ransomware attacks.
Two distinct malware campaigns, Grandoreiro and BTMOB, are targeting Windows and Android users in Latin America and Europe. WatchGuard and ESET research indicates these campaigns are specifically aimed at companies in Spain, Portugal, and Mexico, and mobile users in Brazil.
The FBI's 2025 Internet Crime Report has been released, detailing various statistics on cybercrime. The report highlights a significant increase in financial losses due to cryptocurrency and AI-related scams targeting Americans.
This article describes an operation called ANTISOC, which blends traditional penetration testing techniques such as red teaming, cloud security, web application testing, and social engineering. The goal is to achieve a broader scope and discover more than a typical penetration test.
Researchers have disrupted the Glassworm botnet, which was used in software supply-chain attacks targeting developers. The takedown was achieved by dismantling its command-and-control infrastructure, which utilized Solana blockchain transactions and the BitTorrent DHT network for resilience.
The FBI has issued a warning regarding the Silent Ransom Group (SRG) extortion gang, which is now conducting in-person data theft attacks against law firms in the United States. These attacks involve physical intrusion and data exfiltration, posing a new threat vector for organizations.
