Data breaches, ransomware, phishing/malware operations, and infrastructure compromise.
193 articles across 8 topics
Breach costs, identity compromise, ransomware/extortion, phishing, exploitation, and enterprise decision implications based on verifiable sources.
Europe’s Europa platform disclosed a cloud-hosting cyberattack, Puerto Rico suspended licensing services after a government incident, and researchers detailed BPFdoor sleeper cells in telecom networks. The roundup also covers the FBI director’s personal Gmail breach, RedLine malware ...
Waterfall Threat Report 2026 finds ransomware slowdown masks deeper shift toward nation-state attacks on critical infrastructure.
2025 data shows the U.S. drove ~93% of recorded Americas incidents. Ransomware (~45%) and defacement (~35%) dominate, with December peaks and rising DDoS.
A serious cyberattack hasn’t prompted a strong enough policy or public reaction, one former director said.
The Mandiant M-Trends 2026 report reveals fast attacker hand-offs, rising dwell times, ransomware operators targeting backup infrastructure.
Enterprise vulnerability exploitation is accelerating alongside ransomware activity, MFA attacks, email threats, and growing AI-driven risks.
New M-Trends 2026 report reveals a threat landscape shaped by faster, coordinated, and industrialized cyberattacks.
SpyCloud’s 2026 report reveals a surge in non-human identity theft, with exposed API keys, tokens, and session data expanding cyberattack risks globally.
Cyberattacks Target Sector: India's educational institutions were the most heavily targeted sector in Asia-Pacific in 2025 with the country experiencing the highest average attack volume, at around 7,684 weekly attacks
Research from IBM X-Force on the 2025 cloud threat landscape showed how threat actors are continuously targeting the cloud ecosystem—not the cloud infrastructure itself. Here’s what this means for defenders.
Poland’s nuclear research centre blocked a cyberattack while Albania’s parliament isolated email systems during a separate incident. The FBI is tracing victims linked to malware distributed through Steam games, and U.S. prosecutors allege a responder assisted BlackCat ransomware actors.
On Friday, March 6, the Trump administration released the latest US national cybersecurity strategy, President Trump’s Cyber Strategy for America, alongside an executive order on combating cybercrime and fraud. The document, focused on six core pillars, is the briefest cybersecurity strategy ...
We talked to IBM and industry experts about the findings in the newly released X-Force Threat Intelligence Index 2026. IBM’s X-Force team identified patterns in how adversaries are adapting and executing their attacks in an AI- and data-focused era.
Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have only days to prepare defenses.
Cyber threats in cloud environments are shifting toward software vulnerabilities, identity compromise and insider data theft.
Flashpoint has announced the release of its 2026 Global Threat Intelligence Report (GTIR), providing security leaders from threat intelligence and vulnerability management teams to physical security professionals and the CISO’s office with a proprietary data-driven, ground-truth view of the ...
SAP released its monthly Security Patch Day updates, addressing multiple vulnerabilities across its enterprise software products.
2025 was a brutal, challenging year for businesses in terms of cyberattacks. The year was marked by significant increases in the frequency, sophistication and financial impact of incidents, with the … Continue reading "Three major cyber-attacks of 2025"
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days. At the same time, the use of weak credentials or misconfigurations has dropped significantly ...
Claude Opus 4.6 discovered 22 vulnerabilities in Firefox over two weeks, 14 rated high-severity by Mozilla — nearly a fifth of all high-severity Firefox vulnerabilities remediated in 2025. Demonstrates AI's ability to detect severe security flaws at accelerated speed.
Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances
There has been a fundamental shift toward industrialized cyber threats, highlighted by a record 31.4 Tbps DDoS attack and sophisticated session token theft. Our new report examines how nation-states and criminal actors have moved beyond traditional exploits to "living off the XaaS" within ...
Cloudflare Threat Report warns that AI tools enable attackers who lacked required skills to generate effective attacks rapidly and at scale
Cyber extortion has overtaken email scams as the top 2025 attack, as AI-powered threats grow and financial firms become prime targets.
Cloudflare says attackers are shifting to stealing session tokens and abusing cloud services, amid 47.1 million DDoS attacks in 2025 and 230 billion threats blocked daily.
IBM X-Force reports 44% surge in exploitation of public-facing applications as supply chain and identity attacks intensify
Darktrace Annual Threat Report 2026 finds shift from exploit-driven breaches to faster, AI-enabled credential abuse.
Nearly 3,000 Google Cloud API keys embedded in public website JavaScript have gained unintended Gemini AI access after users enabled the Gemini API. Attackers can use these keys to access private files, cached data, and rack up LLM usage charges. Google Cloud defaults new keys to Unrestricted, affecting every enabled API including Gemini.
IBM's 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws
Zero-day exploits, AI-driven Android malware, firmware backdoors, password manager trust gaps, rising DDoS define this week’s critical cyber threats.
AI compresses cyberattack timelines—32% of flaws exploited day-zero, phishing up 1,265%, forcing shift to CTEM defense models.
Axios npm maintainer account compromised on March 31, 2026. Backdoored versions 1.14.1 and 0.30.4 deployed cross-platform RAT. Full IOCs, detection guidance, and remediation steps.
Key Takeaways TeamPCP is an operationally sophisticated threat actor—evidenced by multi-stage cascading infrastructure, a novel C2 mechanism, and deliberate pre-positioning beginning months before activation—that executed a cascading software supply chain campaign between March 19–27, ...
TeamPCP and the Cascading AI/ML Supply Chain Campaign Key Takeaways The TeamPCP threat group executed a cascading supply chain campaign in March 2026 that compromised the Trivy security scanner, two Checkmarx IDE extensions, the PyPI package (~97 million monthly downloads), and the SDK within ...
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had suffered supply chain poisoning by the TeamPCP group on PyPI. It stole the publishing permission ...
A look at the most significant supply-chain attacks of 2025, and their impact on target organizations.
If you run LiteLLM in production, you probably had a rough week. On March 24, 2026, two backdoored...
LiteLLM is a widely used open-source Python library and proxy (95M+ monthly PyPI downloads) that provides a single OpenAI-compatible interface for 100+ LLM providers (OpenAI, Anthropic, Groq, Azure OpenAI, etc.). It is common in AI agent frameworks, MCP servers, orchestration tools, and production ...
Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8 on PyPI with a three-stage backdoor. Learn how to detect, mitigate, and prevent supply chain attacks like this.
Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. This analysis walks through the Trivy supply‑chain compromise, attacker techniques, and concrete steps security teams can take to detect and defend against similar ...
TeamPCP backdoored LiteLLM versions, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent
A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP cybercriminals.
The Trivy Supply Chain Attack shows how security tools can be weaponized. Learn how this 2026 breach unfolded and how Cortex Cloud blocks the threat.
A complete technical analysis of the LiteLLM supply chain attack of March 2026. How TeamPCP compromised the AI proxy, what the malware did, which organizations are affected, and what the incident reveals about the security of AI infrastructure.
The TeamPCP campaign that hit Trivy, Checkmarx, and LiteLLM in March 2026 reveals a new attack pattern: compromise security tools to harvest CI/CD secrets, then use those secrets to poison AI infrastructure. Here's why AI supply chains are now critical infrastructure and what enterprises must ...
Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing infections.
Trivy backdoored, FBI buys location data, iOS DarkSword kit, WhatsApp usernames, Langflow RCE, Cisco FMC zero-day & critical CVEs to patch.
Comprehensive shielding of the software supply chain in 2025: covering dependency management, secure CI/CD, artifact signing, and industry standards.
New supply chain attacks are smaller, more patient, and target overlooked areas like browser extensions and SaaS integrations.
The joint paper tells organizations buying or building AI to verify training data, models, software and third-party services as supply-chain dependencies
Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.
Who's attacking your vendors? Read about the six main supply chain attack groups who are driving SaaS, open-source, and MSP compromise in 2026. Learn how npm supply chain attacks threaten your security today, based on threat intelligence collected by Group-IB.
Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.
GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.
Learn about the npm chalk and debug widespread software supply chain attack, highlighting risks and the need for better SBOM and SCA practices.
UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.
Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have just days to keep them secure.
Researchers found 35 Docker Hub images, including Debian builds, still carrying the XZ Utils backdoor a year later, highlighting supply chain risks.
Explore the 2025 Notepad++ supply chain attack and Chrysalis backdoor. Learn how attackers exploited updates and validate your defenses with Picus.
Between Feb 21–28 2026, an autonomous bot called hackerbot-claw — self-described as powered by Claude Opus — systematically targeted CI/CD pipelines across Microsoft, DataDog, and CNCF repositories using 5 different GitHub Actions exploitation techniques, achieving remote code execution in 4 of 7 targets and exfiltrating a GitHub write token. The campaign marks a new era of AI agents attacking other AI agents and software supply chains.
A critical Notepad++ supply-chain flaw (CVE-2025-15556) enabled stealthy APT access. Understand the attack chain and how to defend your systems.
: Researchers say breaches link identity abuse, SaaS compromise, and ransomware into a cascading cycle
Software supply chain attacks are rising steadily. A look at the top 15 examples shows where organizations should focus to defend their software and reduce risk.
Researchers have attributed the recent Notepad++ supply chain attack to Lotus Blossom, a Chinese state-sponsored group.
DHS shutdown grows worries that U.S. cyber defenses have taken a hit, as Iran-linked attacks continue.
Team Cymru warns exposed ICS and OT devices targeted by nation-state actors raise industrial, critical infrastructure risks
Energy Sector The Energy Sector’s Ransomware Nightmare: Why Critical Infrastructure Can’t Catch a Break "Let’s talk about the sector that keeps our lights o...
Energy sector ransomware attacks surged in 2025 as ransomware groups exploited vulnerabilities and deployed FrostyGoop malware globally.
Critical infrastructure faces growing cybersecurity risks as legacy systems converge with IT and cloud technologies
The study found that most attacks exploit communication protocols to gain remote control of industrial processes but don’t require advanced skills or technical knowledge.
ODNI report: US critical infrastructure faces escalating cyber threats and risks from China, Russia, Iran, and North Korea.
Students respond to simulated AI-enabled cyberattack on critical infrastructure with government, military, and industry partners.
Booz Allen warns cyberattacks are reaching machine speed as AI outpaces human-driven defense across critical infrastructure
Why industrial cybersecurity must evolve as climate disruption and digitalization reshape critical infrastructure systems.
A new global dataset of 119 energy-sector cyber incidents from 2022–2024 shows EU and BRICS countries, followed by the US, are most affected. Attacks targeted power, oil, gas, and nuclear infrastructure, driven by both financial and political motives, with diverse threat actors involved.
New ISAC advisory highlights cyber and physical risks to critical infrastructure as Middle East tensions rise.
The cyberattack affected people across the country, including a woman in New Hampshire who went in for surgery Wednesday morning.
The full scope of the impact on the medical equipment firm, including operational and financial effects, remains unclear.
On March 6, 2026, the Administration released “President Trump’s Cyber Strategy for America” alongside an Executive Order (entitled “Combating Cybercrime,
Cyber retaliation surges after US–Israel strikes on Iran as hacktivists hit governments, defense, and critical sectors
A deep dive into Iranian cyber warfare and actionable defenses for network operators.
New U.S. cybersecurity strategy outlines six pillars aimed at deterring cyber threats, protecting critical infrastructure, modernizing federal systems, and securing emerging technologies.
Although Sean Plankey's access badge was taken and he was escorted out of Coast Guard headquarters Monday, he remains the nominee to lead the Cybersecurity and Infrastructure Security Agency, sources said.
A new Cydome report finds a 150% surge in maritime OT cyberattacks as ransomware attacks tighten grip in 2025.
A dramatic escalation in Middle Eastern tensions began last week with Operation Lion's Roar, a joint U.S.-Israeli military strike on Iranian nuclear and military sites.
NCSC warns of cyber spillover risk amid Middle East conflict, as experts flag potential Iranian attacks on critical infrastructure
The FBI is reminding critical infrastructure organizations to implement mitigations from a June 2025 fact sheet on potential actions by Iranian-affiliated cyber actors who may target U.S. devices and networks due to geopolitical tensions.
US-Israeli campaign triggers Iranian counteroffensive targeting Gulf energy and critical infrastructure installations.
Initial suspicion fell on Sandworm, the rowdy, sabotage-prone cyber wing of Russia’s GRU military intelligence. But the latest findings point to a different actor – and Europe should pay attention.
Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) announced a series of public town hall meetings to solicit
: Plus 3 new goon squads targeted critical infrastructure last year
This notice announces town hall meetings to allow external stakeholders a limited additional opportunity to provide input on refining the scope and burden of the CIRCIA Notice of Proposed Rulemaking (NPRM) issued in the Federal Register on April 4, 2024. The proposed CIRCIA rulemaking seeks to...
NCSC call firms to ‘act now’ following disruptive malware attacks targeting Polish energy providers
Armis reveals that “mutually assured disruption” is no longer preventing state-backed attacks
In 2026, the stakes for critical infrastructure integrity are high. Organizations must move beyond the "wait and see" reactive posture that defines 43% of current operations.
Iranian cyber retaliation is escalating. Chinese operators remain embedded in U.S. infrastructure. Ransomware groups continue to disrupt hospitals, schools, and local governments. Trump’s recently released cyber strategy raises doubts the administration is prepared to address these threats.
New GAO report highlights risks to CMMC rollout as nation-state attacks increasingly target defense contractors.
When cybersecurity experts from the public and private sectors gathered this week, AI and critical infrastructure took a back seat to frontline defense in light of recent international headlines.
Evidence indicates that the attackers leveraged existing endpoint management software rather than malware to wipe devices.
Medical technology leader Stryker Corp. remained grappling Thursday with the aftermath of a major cyberattack that disrupted its global Microsoft-based network, as a pro-Iran hacking group claimed responsibility for a destructive operation it described as retaliation for recent U.S. and Israeli
U.S. military cyber operations underpinned the first part of the country's joint strike with Israel against Iran on Saturday. Since then, experts see signs of at
Handala isn't playing around, as it allegedly wipes thousands of mobile phones, computers, and servers belonging to Stryker.
Cyber warfare 2026 highlights nation-state attacks, AI-powered threats, and geopolitical cyber risks targeting governments, telecom networks, and infrastructure.
An Iranian-linked hacking group on Wednesday claimed responsibility for a destructive cyberattack on U.S.-based medical device and services provider Stryker, according to messages posted to the group's Telegram channel.
On March 11, 2026, global medical technology giant Stryker suffered a devastating cyberattack when Iranian-linked hackers deployed wiper malware to permanently erase data across its network.
Blockchain analytics firm Chainalysis has released its latest findings on cryptocurrency crime, revealing a dramatic escalation in 2025 driven primarily by nation-state actors exploiting digital assets to bypass international sanctions. According to the report, illicit cryptocurrency transactions ...
Organizations across the West and allied nations should prepare for Iranian cyberattacks in the wake of Israeli and U.S. ongoing strikes, threat intelligence firms
Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.
An APT41 spinoff is spying on targets across Europe and Asia using a blend of custom and legitimate tools.
Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders.
Both sides conduct hacking and other attacks, including the deployment of wiper malware, DDoS, and disruptions to critical infrastructure.
Iranian cyber proxies are girding for revenge while nation-state hackers in Tehran have gone quiet, whether to shelter from an onslaught of missile attacks or
The bigger threat to U.S. companies may not be a data breach, but a coordinated campaign designed to make your employees stop trusting everything they see and hear.
The Notepad++ compromise is proof that adversaries are targeting the gap between vulnerability management and detection and response.
Researchers at Google’s Threat Intelligence Group (GTIG) warn that nation-state threat actors have adopted Gemini and other AI tools as essential...
UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation
Read up on this week's cybersecurity news, which highlights how nation-state hackers are escalating attacks on critical infrastructure.
Google researchers found that government-backed hackers now use AI throughout the whole attack lifecycle
The Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) shared details of a multi-agency cybersecurity operation, codenamed Operation CYBER GUARDIAN, to defend our telecommunications sector.
Data security stories in March saw cybercriminal hackings, data accessed under false pretenses, and legal data purchases that leave some concerned. Here, Security magazine review ten events that made headlines last month in the data security and privacy world.
The European Commission has revealed details of a data breach impacting its AWS infrastructure
ShinyHunters claims it breached European Commission systems, leaking 350GB of data. Officials are investigating, with no independent verification yet.
Health tech firm handling insurance checks hit by breach exposing 3.4M records. Hackers hid in the system for months before discovery.
This week saw breaches from anime streaming service Crunchyroll, carmaker Mazda, cybersecurity company HackerOne, and a new hacker group called "Internet Yiff Machine." No, really.
The investigation determined that ... 22, 2025, and January 15, 2026.” reads the data breach notification. “We conducted a thorough review of the activity to determine which individuals may have been impacted by this event. We are notifying you because that investigation determined certain information related to you was impacted.” · Navia confirmed the breach did not expose claims or ...
Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people.
Navia Benefit Solutions says a data breach exposed personal and benefits data tied to 2.7 million people after weeks of unauthorized access.
Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026.
Once more from the "irony" department: an "identity protection" company falling for a phishing attack.
Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers.
CarGurus data breach allegedly exposes 12.4 million user records by ShinyHunters hacking group, including names, phone numbers and email addresses from the auto platform.
Roughly one billion sensitive records across 26 countries have been reportedly exposed as part of a massive data leak.
An IDMerit data breach allegedly exposed over 203 million U.S. records containing personal details for identity verification, researchers reported.
We analyzed the top 35 breaches and the trends for privacy violations and fines to uncover top trends from 2025 and what to do about them.
Ericsson's U.S. subsidiary notified California and Texas officials that a vendor breach in April 2025 may have exposed personal data of employees and customers.
Could your data have been exposed in the reported Infutor data breach? Learn more about the incident that the lawyers we work with are investigating.
During the exposure period, the threat actors accessed records relating to insurance eligibility verification transactions, which are part of the process providers use to confirm a patient’s insurance coverage before treatment. The types of data that have been exposed vary per individual, and may include one or more of the following: ... Affected providers were alerted on December 9, 2025, but customer notification started in early February 2026...
LexisNexis confirmed a data breach after hackers leaked stolen files, with attackers claiming they exploited the React2Shell vulnerability.
LexisNexis Legal & Professional has confirmed that hackers breached its servers and accessed customer and business information, after a threat actor calling itself FulcrumSec publicly posted stole...
Madison Square Garden confirmed a data breach tied to the 2025 Oracle E-Business Suite hacking campaign....
February 2026 brought a series of significant data breaches spanning automotive, aviation, hospitality, finance, telecom, and media. The incidents were not driven by a single attack method. Some resulted from... The post Top Data Breaches of February 2026 appeared first on Strobes Security.
A data breach at Canadian Tire exposed personal data from over 38 million accounts, including contact details and encrypted passwords.
CIRO’s January 2026 breach exposed 750,000 investors’ SINs and financials after an August 2025 phishing attack — what went wrong was insufficient email filters and a slow response, with alerts only in mid-January.
The HHS’ Office for Civil Rights (OCR) healthcare data breach portal shows a slight month-over-month decline in large healthcare data breaches, which fell Healthcare data breaches continue to be reported in relatively low numbers, with only 46 data breaches affecting 500 or more individuals ...
The number of people affected by a data breach at government contractor giant Conduent is growing, as millions of people continue to receive notices warning them that hackers stole their personal data.
IDMerit database exposed one billion personal records across 26 countries
The Conduent ransomware attack has grown to impact 25 million Americans, exposing Social Security numbers and medical data in one of 2025’s largest breaches.
A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses.
129 groups posted 7,655 ransomware claims over 376 days. Breakdown by group, sector, country, and trend.
BlackFog's state of ransomware 2025 report measures publicly disclosed and non-disclosed attacks globally.
BakerHostetler’s 2026 Data Security ... 26, 2026, reveals a sharp escalation in ransomware attacks targeting law firms, with incidents nearly doubling over the previous year. The report, based on data from 2025, highlights law firms as prime targets due to their troves of sensitive client data, making them vulnerable to extortion and financial ...
U.S. state and local government organizations remain under growing pressure from ransomware, making the issue a major cybersecurity and public service concern
CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns
BlackFog's state of ransomware 2026 report measures publicly disclosed and non-disclosed attacks globally.
Google’s research report on ransomware activity last year underscores how cybercrime is evolving and clouding a collective understanding of its full impact and scale.
Explore today's ransomware landscape with 18 new victims, top actors, and geographic and sector trends shaping the 2026 threat map.
Ransomware of the week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring...
French small and medium businesses remained the organizations most targeted by ransomware in 2025
Ransomware attacks in Asia-Pacific surged 59% in 2025 as rapid digitalisation and AI adoption fuel faster, more targeted cyber extortion.
Ontario Health atHome came under scrutiny last year after one of its vendors was hit by a cyberattack that was kept under wraps for months. We now know the attack was ransomware.
NCC Group counts 7,874 ransomware attacks in 2025, an increase of 50%. Qilin most active, LockBit out of top ten. Industrial sector hardest hit.
Check out the biggest cyber incidents, including ransomware attacks, data breaches and vulnerabilities exploited in February 2026.
Fewer businesses are paying, but ransomware groups are growing in number.
VulnCheck finds ransomware operators increasingly relying on zero-days, raising operational risk in OT environments
In 2025, total on-chain ransomware payments fell by approximately 8% to $820 million in 2025, even as claimed attacks rose 50%.
: Smaller crews piled in as old names splintered and rebranded
The SafePay ransomware group claimed responsibility, boasting of exfiltrating more than 8 terabytes of files during a nearly three-month intrusion.
2025 saw a rise in data-theft-driven extoration, sustained pressure from ransomware groups, and a significant increae in attacks.
: As if snooping on your workers wasn't bad enough
Ransomware in 2026 is faster, stealthier, and identity driven. Explore the latest trends and why prevention-first security is critical.
The blog explains how threat actors increasingly abuse legitimate Cloudflare services like Workers and Tunnels to host phishing pages, distribute malware, and evade traditional security defenses by leveraging Cloudflare’s trusted infrastructure. It details how attackers use these tools to ...
RSAC 2026: Voice phishing is second most common initial access method across all IR probes, and top in cloud break-ins
Microsoft warns tax-season phishing hit 29,000 users via IRS lures, enabling credential theft and RMM-based access.
Another well-crafted phishing campaign uses Google Cloud Integration Application infrastructure to bypass email filters.
Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek. With nearly 900,000 installs and activity across more than 20,000 enterprise tenants, the campaign highlights the growing risk of data exposure through browser extensions.
Phishers abused Google Cloud Storage links to bypass email filters, sending 25+ trusted-looking lures to one target.
OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
Attackers misused Google Cloud Application Integration to send 9,394 phishing emails from Google domains, bypassing filters and stealing credentials.
2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities
Introduction A new wave of Android cyberattacks is leveraging fake Internet Protocol Television (IPTV) applications to distribute Massiv, a highly advanced banking trojan capable of full device takeover, credential theft, and identity fraud. The malware is spreading rapidly across Europe—particu
Suspected Russian actor deploys CANFAIL malware via phishing, targeting Ukrainian defense, energy, and aid sectors using LLM-assisted lures.
A multi-stage phishing campaign is targeting business users by exploiting Vercel cloud storage, PDF attachments, and Telegram bots to steal Dropbox credentials.
A global operation led by German authorities and supported by Europol (Operation Alice) shut down over 373,000 fraudulent dark web websites and seized 105 servers. The operator, a 35-year-old man based in China, made over EUR 345,000 from ~10,000 customers purchasing CSAM and cybercrime-as-a-service offerings. 440 customers worldwide were identified, with investigations ongoing against 100+ individuals.