Kimwolf Botnet Operator Arrested
A 23-year-old Canadian man has been arrested for operating the Kimwolf DDoS botnet, which ensnared approximately 2 million devices and was linked to a record-breaking DDoS attack.
155 articles
A 23-year-old Canadian man has been arrested for operating the Kimwolf DDoS botnet, which ensnared approximately 2 million devices and was linked to a record-breaking DDoS attack.
International law enforcement has taken down the 'First VPN' service, used in ransomware and data theft attacks, seizing servers and arresting the administrator.
Dutch authorities seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns.
A 23-year-old Ottawa man, Jacob Butler, aka 'Dort', was arrested for building and operating the Kimwolf IoT botnet, which enslaved millions of devices for use in massive DDoS attacks.
A 23-year-old Canadian man, Jacob Butler, has been arrested and charged with operating the KimWolf DDos botnet, a large-scale distributed denial-of-service platform that infected over a million devices worldwide.
Two former US executives pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide, with Americans losing at least $2.1 billion to such scams in 2025.
The FBI warns of Kali365, a phishing-as-a-service platform that tricks people into giving access to their Microsoft 365 accounts, with hundreds of attacks reported in April.
The FBI warns of Kali365, a growing phishing-as-a-service platform that retrieves Microsoft 365 access tokens, bypassing multi-factor authentication and abusing OAuth device code authorizations.
A Belarus-linked hacking group, GhostWriter, has launched a phishing campaign against Ukrainian government officials using fake emails disguised as messages from an online learning platform to deliver malware.
Jacob Butler, a 23-year-old Canadian man, was arrested for allegedly running the Kimwolf botnet, which initiated over 25,000 DDoS attacks and caused millions of dollars in financial losses.
Crypto drainers are tools designed to steal cryptocurrency assets by abusing wallet permissions and transaction approvals, often through social engineering tactics.
Two Americans, Adam Young and Harrison Gevirtz, pleaded guilty to assisting India-based tech support scam centers that stole millions from US citizens.
Experts share real-world experiences of ICS security threats, highlighting the gap between written security policies and actual plant floor practices.
AI-powered app attacks are becoming faster, more frequent, and harder to stop, with 87% of monitored apps under attack in 2026.
US residents lost $388 million through cryptocurrency kiosks in 2025, with Texas and Florida reporting the highest losses, according to a new FBI report.
Microsoft seized infrastructure and disrupted a cybercrime service that created and sold over 1,000 code-signing certificates used to make malware appear trusted and legitimate.
The Tycoon2FA phishing kit has added device-code phishing attacks to hijack Microsoft 365 accounts, with a surge in such attacks reported by Push Security and Proofpoint.
Foxconn, a major electronics manufacturer, is recovering from a cyberattack that disrupted its North American factories, with the Nitrogen ransomware group claiming responsibility and stealing 8 terabytes of data.
TeamPCP has released the source code of its Shai-Hulud worm, potentially fueling more supply chain attacks and copycat threats.
A top White House cybersecurity official emphasizes the importance of regulating and monitoring identities accessing federal networks as AI integration increases.
Cybercrime tradecraft is being used to steal freight, with entire truckloads of goods being re-routed and sold on the black market, resulting in approximately $725 million in cargo crime losses across North America in 2025.
The US intelligence community has begun ramping up efforts to shield the upcoming midterms from foreign manipulation, with Director of National Intelligence Tulsi Gabbard tapping two officials to coordinate the response.
Data centers can enhance security without sacrificing performance by utilizing data processing units (DPUs) to execute security workloads, freeing CPU and GPU cycles for their intended operations.
The House Homeland Security Committee is investigating Anthropic's AI model Mythos, which can autonomously uncover cyber vulnerabilities, amid concerns over its use by federal agencies.
Fraudsters are using generative AI to automate impersonation and mass-produce synthetic identities, rendering enterprises' defenses obsolete, with predicted losses reaching $40 billion in the U.S. by 2027.
German and US authorities arrested Owe Martin Andresen, 49, alleged administrator of Dream Market, on multiple charges of money laundering after a May 7 raid on three locations.
West Pharmaceutical Services has reported a ransomware attack that has impacted critical systems used to ship, receive and manufacture products, temporarily disrupting business operations globally.
The FCC has extended its deadline for a ban on software and firmware updates for foreign-made routers and drones to January 1, 2029, citing concerns for the public interest.
The average cyberattack costs a small- or medium-size business over $250,000, highlighting the need for affordable cybersecurity leadership solutions.
Over 500 organizations across multiple industries have been targeted in a years-long phishing campaign, resulting in the theft of more than 2,000 user credentials.
RansomHouse ransomware group has taken credit for the recent attack on cybersecurity firm Trellix, claiming to have accessed internal services and management dashboards.
Pro-Ukraine hacktivist groups BO Team and Head Mare appear to be coordinating cyber operations against Russian organizations, according to a Kaspersky report.
Sohaib Akhter, 34, was found guilty of conspiracy to commit computer fraud and other charges after deleting 96 government databases and stealing an individual's password.
A cyberattack on the Canvas system used by thousands of schools has left students and faculty unable to access course materials, creating chaos as finals approach.
Senate Minority Leader Chuck Schumer is seeking a plan from the Department of Homeland Security to coordinate with state and local governments on defending against AI-strengthened hacks.
A cyberattack on education software provider Instructure forced multiple universities to reschedule final exams, with hackers from the ShinyHunters group demanding a ransom by May 12.
A former government contractor was found guilty of conspiring to destroy dozens of federal databases after being fired from his job.
Iranian government hackers are using Chaos ransomware as a cover for alleged espionage and data theft operations, according to researchers from Rapid7.
Two US nationals were sentenced to 18 months in prison for running laptop farms that facilitated North Korea's remote IT workers scheme, generating $1.2 million in revenue for the regime.
A phishing campaign is targeting ManageWP credentials through Google sponsored search results, with 200 unique victims confirmed so far.
Ransomware attacks often succeed even when backups exist, as attackers target and destroy backup systems before launching encryption, making recovery impossible.
CISA is urging critical infrastructure owners to plan for delivering essential services under emergency conditions, potentially for months, due to threats from state-sponsored hackers.
A Latvian ransomware affiliate has been sentenced to over 8 years in prison for conducting attacks on behalf of Conti and Akira, causing $56 million in losses.
The Amazon Simple Email Service is being increasingly abused to send convincing phishing emails that bypass standard security filters and render reputation-based blocks ineffective.
Fraudsters are increasingly targeting small to mid-sized credit unions with structured loan fraud methods, exploiting weaknesses in work processes and verification systems.
Lawmakers and industry experts are considering whether the federal government has the right setup to defend data centers from cyber and physical attacks.
Cordial Spider and Snarky Spider, two financially-motivated threat groups, are targeting US-based organizations in multiple sectors for rapid data theft and extortion attacks, using voice-phishing and social engineering tactics.
Cybersecurity researchers uncovered a large-scale fraud operation using Telegram's Mini App feature to run crypto scams and distribute Android malware.
A cyber-espionage group known as HeartlessSoul has been targeting Russian government agencies and companies in the aviation industry to steal sensitive geospatial data.
The FCC has approved new regulations to strengthen telecom companies' 'Know Your Customer' requirements and protect networks from cyberattacks.
Criminal IP and Securonix ThreatQ collaborate to integrate threat intelligence, enabling organizations to accelerate analysis and response with more actionable context.
Two cybersecurity incident responders were sentenced to four years in prison for conducting covert ransomware attacks, earning $1.2 million from one incident.
A 19-year-old Scattered Spider hacking group member has been arrested, and a critical vulnerability has been discovered in an outdated NSA mapping tool, posing a risk to industrial networks.
Two former cybersecurity professionals, Ryan Goldberg and Kevin Martin, were sentenced to four years in prison for committing ransomware attacks in 2023.
Chinese national Xu Zewei has been extradited from Italy to the United States and formally charged for his alleged role in the HAFNIUM espionage campaign, which compromised more than 12,700 U.S. organizations by exploiting Microsoft Exchange Server zero-days during the COVID-19 pandemic.
Tennessee Governor Bill Lee has signed legislation banning cryptocurrency ATMs effective July 1, citing rampant fraud targeting vulnerable residents. The move makes Tennessee the second state to outlaw the kiosks, following Indiana's ban in March.
Threat actors abused a flaw in Robinhood's account creation process to inject phishing content into legitimate emails sent from noreply@robinhood.com, tricking customers into thinking their accounts had suspicious activity.
Xu Zewei, a Chinese national accused of conducting cyberespionage on behalf of China's Ministry of State Security, has been extradited from Italy to the United States to face criminal charges tied to the Silk Typhoon hacking group.
A Beijing-linked influence operation attempted to interfere with Tibetan parliament-in-exile elections using AI-generated imagery and inauthentic social media accounts, but researchers say the campaign gained virtually no organic traction.
A joint advisory from a dozen government agencies across the U.S., U.K., and allied nations warns of a major strategic shift in Chinese cyber operations toward large-scale covert networks built from compromised everyday devices.
Version 2026.4.0 of the Bitwarden CLI NPM package was found to contain malicious code capable of stealing credentials and secrets from victim machines, with links to recent attacks on Checkmarx and the Shai-Hulud worm campaigns.
A White House memo from chief science adviser Michael Kratsios accuses Chinese entities of industrial-scale campaigns to extract capabilities from U.S. AI models, while a bipartisan House bill seeks sanctions against foreign actors engaged in model extraction attacks.
Canadian authorities have arrested three men in the country's first known criminal case involving an SMS blaster — a rogue device that mimics cell towers to send mass phishing texts and disrupt mobile networks.
A newly identified Chinese APT called GopherWhisper has been abusing legitimate platforms including Slack, Discord, and Microsoft Graph to conduct espionage against a Mongolian government entity, ESET researchers warn.
A newly identified threat actor called BlackFile has been conducting data theft and extortion attacks against retail and hospitality organizations since February 2026, using vishing calls and fake IT helpdesk personas to steal employee credentials.
Former NSA director Tim Haugh and cybersecurity veteran Kevin Mandia say Iran's cyber operations resemble criminal activity more than sophisticated state warfare, relying on stolen credentials and information operations rather than novel exploits.
Researchers at the University of Toronto's Citizen Lab have for the first time connected real-world attack traffic to mobile operator signaling infrastructure, revealing how two unknown parties exploited SS7 and Diameter protocol vulnerabilities using commercial surveillance tools.
A malicious version of the @bitwarden/cli npm package circulated for roughly 90 minutes on April 22, 2026, carrying credential-stealing malware tied to the same threat actor behind recent Checkmarx and Trivy supply chain attacks.
The U.S. Treasury Department sanctioned Cambodian senator Kok An and 28 associates for operating scam centers that have stolen millions from American victims, with trafficked workers reportedly beaten if they failed to defraud enough targets daily.
A state-sponsored group tracked as UAT-4356 implanted a custom backdoor called Firestarter on Cisco security devices that persists through firmware updates and software reboots, prompting a joint advisory from CISA and the UK's NCSC.
Incident responders at Expel have exposed a North Korean state-linked operation that drained over $12 million in cryptocurrency from 26,584 wallets using fake job offers and multi-strain malware.
A Mirai-based botnet is actively exploiting CVE-2025-29635, a command injection vulnerability in discontinued D-Link DIR-823X routers that no longer receive security updates. Akamai researchers warn that the attacks mirror a proof-of-concept exploit previously published on GitHub.
A surge of attacks targeting a critical unauthenticated RCE flaw in BeyondTrust's Bomgar Remote Support has compromised MSPs and downstream customers, with LockBit ransomware deployed in multiple incidents.
U.S. lawmakers are exploring harsher penalties for ransomware attacks on hospitals, including terrorism designations and homicide prosecution, as FBI data shows healthcare incidents nearly doubled to 460 cases in 2025.
Angelo John Martino III, a ransomware negotiator for DigitalMint, pleaded guilty to secretly conspiring with BlackCat affiliates to extort the very clients he was hired to protect, helping extract over $75 million in ransom payments.
Tyler Robert Buchanan, 24, of Dundee, Scotland, pleaded guilty to federal conspiracy and identity theft charges tied to a sweeping phishing and SIM-swapping campaign that netted more than $8 million in stolen cryptocurrency.
British national Tyler Robert Buchanan, 24, has pleaded guilty to wire fraud conspiracy and aggravated identity theft for his role in a 2022 SMS phishing campaign that targeted major tech firms and stole millions in cryptocurrency.
Check Point researchers uncovered a SystemBC proxy malware botnet of more than 1,570 hosts linked to an affiliate of the Gentlemen ransomware-as-a-service operation, with victims concentrated in corporate and organizational environments across multiple countries.
The FTC is ramping up enforcement against AI-powered harms including nonconsensual deepfakes and voice cloning scams, with new legal authority under the Take It Down Act set to activate in May.
State-sponsored North Korean hackers from the Lazarus Group are believed to be behind a $290 million heist targeting the KelpDAO DeFi protocol, with attackers manipulating cross-chain verification nodes to authorize fraudulent transactions.
Sophos has documented a sharp rise in QEMU abuse since late 2025, with two distinct campaigns leveraging the open-source emulator to establish covert tunnels, harvest credentials, and deliver ransomware.
AI systems can now generate fully convincing data breach narratives—complete with technical details and fake quotes—triggering real crisis responses at organizations that were never actually compromised.
Threat actors are exploiting Apple's own account-change notification system to embed phishing messages inside genuine emails sent directly from Apple's servers, complete with authentic SPF, DKIM, and DMARC authentication.
Kejia Wang and Zhenxing Wang, both New Jersey residents, have been sentenced to prison for facilitating a North Korean IT worker fraud scheme that generated over $5 million for Pyongyang and caused more than $3 million in losses to US companies.
This week's cybersecurity highlights include the Satellite Cybersecurity Act advancing in the Senate, a $90,000 Chrome heap buffer overflow reward, ShinyHunters targeting Rockstar Games and McGraw Hill, and a 16-year-old arrested over a school network breach.
Cybersecurity firm Barracuda Networks reports that Tycoon 2FA has lost its dominance among phishing-as-a-service platforms after law enforcement seized 330 of its domains, with threat actors migrating to rivals like Mamba 2FA and EvilProxy while total attacks surged past 23 million.
Ukrainian authorities have confirmed a multi-wave cyber-espionage campaign attributed to Russia's APT28 group, which exploited Roundcube webmail vulnerabilities to compromise over 170 email accounts belonging to prosecutors and investigators.
More than 20 countries participated in a coordinated takedown of DDoS-for-hire platforms, resulting in four arrests, 25 search warrants, and the seizure of over 50 domains. Authorities identified approximately 75,000 users of the illicit services.
More than 18 months after the Qilin ransomware group struck Synnovis in June 2024, at least one London NHS trust is still running on paper processes, with over 161,000 pathology reports delayed and one patient death linked to the incident.
Kyrgyzstan-based Grinex, believed to be a rebranded Garantex, suspended operations after losing $13.7 million in a hack it blamed on foreign intelligence agencies — with no technical evidence to support the claim.
Kamerin Stokes, 23, of Memphis, Tennessee has been sentenced to 30 months in prison for his part in a 2022 credential stuffing attack that compromised roughly 60,000 DraftKings accounts. He must also pay $125,000 in forfeiture and $1.3 million in restitution.
Kejia Wang and Zhenxing Wang received prison sentences of nine and nearly eight years respectively for helping North Korean IT workers fraudulently infiltrate more than 100 U.S. companies, generating over $5 million for Pyongyang.
Authorities from 21 countries dismantled 53 domains and arrested four individuals tied to DDoS-for-hire services used by more than 75,000 cybercriminals, Europol announced Thursday.
A new phase of Operation PowerOFF has identified more than 75,000 individuals using DDoS-for-hire platforms, resulting in four arrests, 53 domain takedowns, and 25 search warrants across 21 countries.
Kejia Wang and Zhenxing Wang received federal prison sentences for helping North Korean operatives land jobs at over 100 U.S. companies, generating more than $5 million for the regime.
Google blocked 8.3 billion ads and suspended 24.9 million advertiser accounts in 2025 using Gemini AI, as cybercriminals increasingly leverage generative AI to run sophisticated malvertising campaigns at scale.
A 16-year-old boy was arrested in Portadown, County Armagh, on suspicion of Computer Misuse Act offenses after an attack took the C2K educational platform offline, affecting up to 300,000 pupils and 20,000 teachers.
Security researchers at Socket uncovered more than 100 malicious Chrome Web Store extensions operating as part of a coordinated campaign to steal Google OAuth2 Bearer tokens, hijack sessions, and commit ad fraud.
Crypto exchange Kraken is being extorted by a criminal group threatening to release videos of its internal systems containing client data, following two insider access incidents affecting roughly 2,000 accounts.
Microsoft has introduced a temporary accelerated process to help developers recover access to Windows Hardware Program accounts suspended over incomplete identity verification, following an outcry from high-profile open-source project maintainers.
The Triad Nexus cybercrime network has rebuilt its global fraud infrastructure despite US sanctions, shifting toward emerging markets while abusing cloud services from Amazon, Cloudflare, Google, and Microsoft.
A joint US report from CSA, SANS, and OWASP warns organizations will be \
OpenAI is revoking and rotating signing certificates for its macOS apps after a North Korean hacking group briefly infected the widely-used Axios JavaScript library, forcing all Mac users to update before May 8.
The FBI Atlanta Field Office and Indonesian authorities have seized the W3LL phishing kit marketplace and arrested its alleged developer in the first joint US-Indonesia enforcement action targeting a phishing kit creator.
U.S. and Indonesian authorities have jointly dismantled W3LL, a full-service phishing platform that enabled over $20 million in fraud and targeted more than 56,000 Microsoft 365 accounts worldwide.
China-linked APT41 has deployed a zero-detection Linux backdoor targeting AWS, Google Cloud, Azure, and Alibaba Cloud environments, using SMTP port 25 as a covert C2 channel and typosquatted domains to mask malicious traffic.
The ShinyHunters cybercrime group says it accessed Rockstar Games data via stolen authentication tokens linked to cloud analytics provider Anodot, threatening to leak files unless a ransom is paid by April 14.
OpenAI confirmed its macOS app-signing workflow executed a malicious version of the Axios JavaScript library, published by North Korean-linked threat group UNC1069 after compromising a lead maintainer's NPM account.
A joint law enforcement operation involving the United States, United Kingdom, and Canada has identified over $45 million in stolen cryptocurrency and successfully frozen roughly $12 million, which will be returned to victims.
A multinational law enforcement operation led by the UK's National Crime Agency has identified over 20,000 cryptocurrency fraud victims in Canada, the UK, and the United States, freezing more than $12 million in suspected criminal proceeds.
Two malicious versions of Axios, the most downloaded JavaScript HTTP client library, were briefly published to NPM and contained a cross-platform RAT. Google has attributed the attack to suspected North Korean threat actor UNC1069.
Government agencies across Latin America are being hammered by cyberattacks at a rate far exceeding the global average, with incidents striking Colombia's health ministry, Puerto Rico's transport department, and Mexico's government systems.
The threat group TeamPCP is leveraging credentials harvested from supply chain attacks on open source projects to rapidly breach AWS, Azure, and SaaS environments, with some victims compromised within 24 hours of initial theft.
The Kimwolf IoT botnet has been hammering the I2P anonymity network since early February 2026 after its operators attempted to enroll 700,000 infected devices as network nodes, overwhelming the system and cutting connectivity roughly in half.
A new phishing-as-a-service platform called Starkiller dynamically loads authentic login pages through a reverse proxy, capturing credentials and MFA tokens in real time while rendering traditional detection methods largely ineffective.
The compromise of the Axios JavaScript library by suspected North Korean threat group UNC1069 exposes how sophisticated, slow-burn social engineering campaigns are being scaled to target open source maintainers with massive downstream reach.
Open-source intelligence and breach data link Kimwolf botnet operator 'Dort' to Jacob Butler, an Ottawa, Canada resident born in August 2003, who has since orchestrated DDoS attacks, doxing, and a swatting incident against those who exposed the botnet.
The Iran-backed hacktivist group Handala claims to have erased data from over 200,000 Stryker systems across 79 countries, sending more than 5,000 workers home in Ireland and disrupting U.S. surgical supply chains.
Authorities across three countries have taken down infrastructure supporting four botnets — Aisuru, Kimwolf, JackSkid, and Mossad — that compromised over three million IoT devices and launched hundreds of thousands of DDoS attacks.
Cisco Talos has uncovered a widespread credential theft campaign by threat cluster UAT-10608, which exploits CVE-2025-55182 in Next.js apps and deploys an automated tool called NEXUS Listener to exfiltrate secrets from at least 766 compromised hosts.
A chief medical information officer at San Joaquin General Hospital told RSAC 2026 attendees that preparation and repeated rehearsal—not just downtime playbooks—are what truly determine whether a ransomware attack on a healthcare facility escalates or stabilizes.
Cybercriminals on platforms like Telegram and Discord are increasingly using emojis to signal, obfuscate, and coordinate malicious activity, bypassing keyword filters and complicating automated monitoring efforts.
A threat actor used AI-assisted automation to launch more than 500 malicious pull requests against GitHub repositories, compromising at least two NPM packages in a campaign tracked as 'prt-scan.'
Russia's APT28 has been silently intercepting internet traffic at government and critical infrastructure targets worldwide since at least 2024, exploiting old bugs in SOHO routers and tweaking a single DNS setting to steal credentials.
The fallout from TeamPCP's supply chain campaign continues to grow, with Mercor and the European Commission disclosing breaches while ShinyHunters and Lapsus$ claim stolen data and a new ransomware alliance raises the threat further.
Iranian-affiliated threat actors are actively attacking Internet-facing OT devices across US energy, water, and government sectors, causing operational disruption and financial losses, according to a joint CISA advisory.
Trend Micro research and a fresh FBI warning reveal that Russia's APT28 is targeting governments, defense contractors, and critical infrastructure worldwide using both old and new techniques. Experts say defenders don't need to match the group's sophistication — they just need to get the basics right.
Fraud across Latin America's digital banking sector is accelerating faster than any other global region, fueled by social engineering, account takeovers, and mobile-focused attack chains, according to a new BioCatch report.
Russian GRU-linked hackers known as Forest Blizzard exploited vulnerabilities in outdated SOHO routers to redirect DNS traffic and harvest Microsoft Office authentication tokens from over 18,000 networks without deploying any malware.
FINRA has officially launched the Financial Intelligence Fusion Center (FIFC), a secure portal designed to enable real-time threat intelligence sharing between FINRA and its member brokerage firms to combat cybersecurity and fraud threats.
Federal agencies issued an urgent joint warning that Iranian government-linked hackers are actively disrupting programmable logic controllers and SCADA systems at American critical infrastructure facilities, with new victims reported since March.
Microsoft Threat Intelligence has detailed how the financially motivated group Storm-1175 is conducting rapid ransomware campaigns, moving from initial exploitation to Medusa ransomware delivery in as little as 24 hours.
A court-authorized FBI-led operation has neutralized a massive Russian state-sponsored espionage network that hijacked over 18,000 routers across more than 120 countries, disrupting credential-theft campaigns tied to GRU unit APT28.
A coordinated investigation by Access Now, Lookout, and SMEX has exposed an ongoing spyware campaign linked to the Bitter APT group targeting journalists and civil society members across the Middle East and North Africa since at least 2022.
The FBI's Operation Masquerade disrupted a GRU-linked hacking campaign that compromised more than 18,000 TP-Link routers and infiltrated over 200 organizations worldwide, cutting off what officials called 'tremendous access' to household internet traffic.
Attackers hijacked the update distribution system for the Smart Slider 3 Pro plugin, pushing version 3.5.1.35 loaded with multiple backdoors to WordPress and Joomla sites. The vendor urges all users to upgrade immediately to version 3.5.1.36 or roll back to 3.5.1.34.
Google has introduced Device Bound Session Credentials (DBSC) in Chrome 146 for Windows, cryptographically tying session cookies to a device's hardware to stop infostealers like LummaC2 from exploiting stolen authentication tokens.
Dutch EHR vendor ChipSoft has been struck by a ransomware attack, forcing the company to take its website and patient-facing digital services offline and prompting warnings to connected hospitals across the Netherlands and Belgium.
Researchers at Censys have identified more than 5,200 internet-exposed Rockwell Automation/Allen-Bradley PLCs potentially vulnerable to Iranian state-backed attackers, with nearly 3,900 of those devices located in the United States.
A previously undocumented phishing-as-a-service platform called VENOM is targeting Microsoft account credentials belonging to CEOs, CFOs, and VPs across multiple industries, using AiTM techniques and QR code lures.
Senate Judiciary Committee Chair Chuck Grassley has launched a congressional inquiry into eight major technology companies, citing failures to provide adequate data to a child exploitation cyber tipline operated by NCMEC.
A ransomware attack on Dutch healthcare software vendor ChipSoft on April 7 forced the company to disable key digital platforms used by roughly 70% of Netherlands hospitals, triggering widespread logistical disruptions.
Drift's post-mortem reveals a six-month North Korean social engineering campaign using fake companies, in-person cutouts, and malicious code that ultimately drained more than $280 million from the platform.
A financially motivated threat actor called Storm-2755 is redirecting Canadian employees' salary payments by stealing session tokens through adversary-in-the-middle phishing attacks that bypass MFA protections.
US agencies CISA and the FBI warned that Iran-affiliated threat actors are actively targeting internet-exposed industrial control systems in water, energy, and government sectors, prompting urgent guidance from security professionals across the industry.
Hackers compromised a secondary API on the CPUID website for roughly six hours, redirecting download links for CPU-Z and HWMonitor to trojanized malware. The breach was discovered and remediated, but users who downloaded either tool during that window may be infected.
Florida Attorney General James Uthmeier is probing OpenAI after the gunman behind a deadly Florida State University shooting allegedly communicated with ChatGPT in the days before the attack.
Britain's Ministry of Defence says it tracked and exposed a covert Russian submarine mission near pipelines and cables north of the UK, forcing the vessels to abandon their operation and return home.
From a Windows SYSTEM-level zero-day released after a Microsoft dispute to Stryker confirming financial damage from a March 2026 cyberattack, this week's threat landscape was packed with significant developments.
Iranian state-backed hacking groups have been targeting Rockwell Automation Allen-Bradley PLCs since March 2026, with nearly 3,900 such devices in the US currently exposed online, according to federal agencies and cybersecurity firm Censys.
An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was...
Threat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack...
Ransomware continues to evolve at an alarming pace. From AI-powered attack chains to the decline of ransom payments, we examine the trends reshaping the threat landscape in 2026.
Supply chain attacks have surged dramatically, targeting the trust relationships between software vendors, open-source ecosystems, and end users. We examine the evolving threat landscape and strategies for defense.
A new wave of IoT botnet activity is exploiting millions of unpatched smart devices worldwide. Security researchers are tracking multiple Mirai variants and novel malware families targeting everything from home routers to industrial sensors.