Data breaches, ransomware, phishing/malware operations, and infrastructure compromise.
425 articles across 8 topics
The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned.
Carnival Data Breach: Nearly 6 million people were notified after hackers stole sensitive customer data later leaked online by ShinyHunters.
Carnival Corporation, the world's largest cruise line operator, has confirmed a data breach affecting nearly 6 million people claimed by the ShinyHunters extortion gang in April 2026.
I am a big fan of Verizon’s yearly Data Breach Investigations Report. I follow it closely, as it confirms what we are seeing in the field, and provides validation for defense strategies employed to protect against attacks. The 2026 Report was recently published, and as I have mentioned before, ...
The company’s reported revenue exceeded $54 billion in 2025. Find out if your email, phone number or related personal information might have fallen into the wrong hands. ... Unlock more exclusive Cybernews content on YouTube. ... GitHub, the world’s largest code hosting platform used by over 100 million developers, has confirmed a data breach, and the attackers are selling the stolen data online. OnlyFans mega leak reveals 340M user records, hackers claim 28 May 2026...
Instructure disclosed a data breach involving its Canvas learning platform in late April.
U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid.
The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned.
A round-up of data breaches recently announced by 9 HIPAA-regulated entities: University of Nebraska Medical Center, Singing River Health System, Tampa A round-up of data breaches recently announced by 9 HIPAA-regulated entities: University of Nebraska Medical Center, Singing River Health System, ...
This breach took place between November 2025 and February 2026 and was the result of an unnamed third-party vendor breach. Exposed data varies by individual but includes patients’ health insurance plan and policy information, medical information (such as diagnoses, medications, tests, and ...
The Zara data breach exposed 197,400 customer records after ShinyHunters used stolen Anodot tokens to lift them from a former technology provider's BigQuery instance.
The largest incident affects the New York City Health and Hospitals Corporation, which in March disclosed a data breach detected on February 2, 2026. An investigation found that threat actors had access to its systems between November 2025 and February 2026 via a third-party vendor. Exposed ...
The hackers had access to its network from November 2025 until February 2026, during which the hackers copied files from its systems. The healthcare system said hackers broke due to a breach at a third-party vendor, which it did not name. NYCHHC said that the exposed data varies by individual ...
The hackers claimed to have stolen more than 600,000 Salesforce records, including personal information and corporate data.
Claim Depot reports: Extant Aerospace, a defense and space electronics company based in Melbourne, Florida, disclosed a data breach that affected 3,012 individu
On Monday, Instructure disclosed that its widely used Canvas software was the victim of a hacking breach.
American Lending Center this week revealed that a data breach discovered last year has impacted more than 123,000 individuals.
A class action lawsuit claims ADT failed to protect its customers’ sensitive information from an April 2026 cyberattack.
Australian dark web data is bundled and sold by ransomware groups, driving a sharp rise in breaches in 2025.
Sophos’ 2026 survey links identity attack trends to ransomware, rising breach costs, and weak non-human identity security.
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has submitted a pair of reports to Congress on the state of compliance OCR has submitted two reports to Congress on HIPAA compliance and breaches of unsecured protected health information in calendar year 2023.
The company behind Canvas says it has "reached an agreement" with the hackers who disrupted thousands of colleges and universities.
In March 2026, 44 healthcare data breaches affecting 500 or more individuals were reported to the HHS’ Office for Civil Rights (OCR). More than 1.5 In March 2026, 44 healthcare data breaches affecting 500 or more individuals were reported to the HHS’ Office for Civil Rights.
Customers urged to keep an eye out for phisherfolk
A hacking group breached the academic software Canvas, used by thousands of schools and universities across the globe.
That means a Social Security number ... until 2026 or later. By then, the free credit monitoring offered after the breach may have expired. The breach itself may also be long gone from the headlines. UnitedHealth confirmed in January 2025 that about 190 million people were affected by the Change Healthcare breach. The incident exposed personal and ...
From government agencies to AI startups, April saw several notable data breaches. Here, Security magazine reviews 10 of those stories that caught traction last month.
Most users regained access to the platform hours after a hacking group said it had attacked Canvas’s parent company and breached 275 million people’s data.
A massive data breach of the Instructure Canvas learning system hit UC, CSU, USC, Stanford and Los Angeles community colleges, among other schools across the nation. A criminal group called ShinyHunters claimed credit for the hack.
Most of the time, criminals use hacking or phishing methods to get access to sensitive information.
ShinyHunters claims it stole personal data from 275 million users on Instructure’s Canvas platform across schools and education providers.
According to initial reports, a ... October 2025 resulted in unauthorized access to protected health information and sensitive identifiers managed by the Department of Social Services. The Mitchell County, North Carolina breach was publicly reported on May 1, 2026. The exact date of the attack has not been disclosed. The investigation confirmed the exposure of a wide ...
Instructure confirms Canvas data breach as ShinyHunters claims theft of millions of user records across global education institutions.
Educational technology company Instructure has confirmed a data breach in which personal data of users was exposed. The ShinyHunters group has claimed
Canvas LMS got breached again on May 1, 2026—the second incident in eight months. Names, school emails, student IDs, and private user messages were taken.
The sender was Conduent Business ... benefits records and human resources data for state Medicaid programs, employer health plans and government agencies. Between October 2024 and January 2025, ransomware operators pulled names, Social Security numbers, dates of birth, home addresses, medical diagnosis codes and health insurance claim numbers out of Conduent's systems. In February 2026, Texas Attorney General Ken Paxton called it the largest data breach in ...
ADT confirms a new data breach exposing customer names, phone numbers and addresses. The cybercrime group ShinyHunters claims it stole millions of records.
A security company, two medtech companies, a video streaming service, and an older attack we missed last week compromise this week's data breach headlines.
Banks hit through vendors, a county knocked offline, and the largest Patch Tuesday of 2026. Here's what happened in April and what to do now.
A hacker using the alias "Xorcat" claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident.
A dataset attributed to Amtrak appeared on Have I Been Pwned, reportedly exposing customer emails, names, addresses and support interaction records.
Ameriprise Financial disclosed a data breach affecting nearly 48,000 people across the U.S. Personal data exposure can carry long-term risk.
Home security giant ADT has suffered a data breach that appears to have exposed personally identifiable information tied to 5.5 million customers. Prolific
ADT confirmed a data breach after hackers accessed a portion of customer data, prompting an investigation and law enforcement notification.
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid.
A popular app-infrastructure provider, an important French government agency, a watchmaker, and a cosmetics giant make up this week's confirmed data breaches.
In 2025, organizations across North Carolina continued to report data breaches affecting businesses, schools, government agencies, and nonprofits in our state. A record-setting total of 2,349 data breaches were reported to the North Carolina Department of Justice (NCDOJ), impacting 9,275,938 ...
A 19-year-old college student used stolen credentials to access the PowerSchool platform, exposing the personal information of 60 million children and 10 million teachers nationwide.
In February 2026, 63 data breaches were reported to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) that affected 500 or There was a 14.5% month-over-month increase in large healthcare data breaches in February, with 63 data breaches reported to OCR that affected ...
Data security stories in March saw cybercriminal hackings, data accessed under false pretenses, and legal data purchases that leave some concerned. Here, Security magazine review ten events that made headlines last month in the data security and privacy world.
The European Commission has revealed details of a data breach impacting its AWS infrastructure
Cegedim detected it, filed a criminal complaint in October 2025, and said nothing publicly for four months. France24 broke the story. Cegedim confirmed on March 3. 15.8 million patient records were stolen in what became one of the largest healthcare data breaches in European history. The serious part: 165,000 files contained doctors’ free-text notes with HIV status, psychiatric diagnoses, sexual orientation, and mental health conditions. Politicians were among those exposed...
ShinyHunters claims it breached European Commission systems, leaking 350GB of data. Officials are investigating, with no independent verification yet.
Health tech firm handling insurance checks hit by breach exposing 3.4M records. Hackers hid in the system for months before discovery.
This week saw breaches from anime streaming service Crunchyroll, carmaker Mazda, cybersecurity company HackerOne, and a new hacker group called "Internet Yiff Machine." No, really.
The investigation determined that ... 22, 2025, and January 15, 2026.” reads the data breach notification. “We conducted a thorough review of the activity to determine which individuals may have been impacted by this event. We are notifying you because that investigation determined certain information related to you was impacted.” · Navia confirmed the breach did not expose claims or ...
Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people.
Navia Benefit Solutions says a data breach exposed personal and benefits data tied to 2.7 million people after weeks of unauthorized access.
Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026.
Once more from the "irony" department: an "identity protection" company falling for a phishing attack.
Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers.
CarGurus data breach allegedly exposes 12.4 million user records by ShinyHunters hacking group, including names, phone numbers and email addresses from the auto platform.
Roughly one billion sensitive records across 26 countries have been reportedly exposed as part of a massive data leak.
An IDMerit data breach allegedly exposed over 203 million U.S. records containing personal details for identity verification, researchers reported.
We analyzed the top 35 breaches and the trends for privacy violations and fines to uncover top trends from 2025 and what to do about them.
Ericsson's U.S. subsidiary notified California and Texas officials that a vendor breach in April 2025 may have exposed personal data of employees and customers.
Could your data have been exposed in the reported Infutor data breach? Learn more about the incident that the lawyers we work with are investigating.
During the exposure period, the threat actors accessed records relating to insurance eligibility verification transactions, which are part of the process providers use to confirm a patient’s insurance coverage before treatment. The types of data that have been exposed vary per individual, and may include one or more of the following: ... Affected providers were alerted on December 9, 2025, but customer notification started in early February 2026...
LexisNexis confirmed a data breach after hackers leaked stolen files, with attackers claiming they exploited the React2Shell vulnerability.
LexisNexis Legal & Professional has confirmed that hackers breached its servers and accessed customer and business information, after a threat actor calling itself FulcrumSec publicly posted stole...
Madison Square Garden confirmed a data breach tied to the 2025 Oracle E-Business Suite hacking campaign....
February 2026 brought a series of significant data breaches spanning automotive, aviation, hospitality, finance, telecom, and media. The incidents were not driven by a single attack method. Some resulted from... The post Top Data Breaches of February 2026 appeared first on Strobes Security.
A data breach at Canadian Tire exposed personal data from over 38 million accounts, including contact details and encrypted passwords.
CIRO’s January 2026 breach exposed 750,000 investors’ SINs and financials after an August 2025 phishing attack — what went wrong was insufficient email filters and a slow response, with alerts only in mid-January.
The HHS’ Office for Civil Rights (OCR) healthcare data breach portal shows a slight month-over-month decline in large healthcare data breaches, which fell Healthcare data breaches continue to be reported in relatively low numbers, with only 46 data breaches affecting 500 or more individuals ...
The number of people affected by a data breach at government contractor giant Conduent is growing, as millions of people continue to receive notices warning them that hackers stole their personal data.
IDMerit database exposed one billion personal records across 26 countries
The Conduent ransomware attack has grown to impact 25 million Americans, exposing Social Security numbers and medical data in one of 2025’s largest breaches.
JFrog warns that AI-driven development is accelerating software supply chain threats faster than many organizations can secure them.
Discover the most impactful software supply chain security incidents from May 2026. Nigel Douglas breaks down GlassWorm, TanStack, and malicious npm/PyPI packages.
In a joint operation, CrowdStrike, Google and Shadowserver Foundation disrupted infrastructure used by the Glassworm cybercrime group, cutting off attackers from
GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.
Eight-Nation AI/ML Supply Chain Risk and Mitigation Guidance --- Key Takeaways On March 4–5, 2026, the NSA's AI Security Center (AISC) and seven allied national cybersecurity agencies released Artificial Intelligence and Machine Learning – Supply Chain Risks and Mitigations [1], the most ...
TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.
GitHub Action tags point to malicious commits, exposing CI/CD credentials; 15 second-action tags also compromised.
3 campaigns hit npm, PyPI, and Docker Hub in 48 hours, exposing secrets from developer and CI/CD environments.
Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI vendor questionnaires are missing.
Two devices were compromised by TeamPCP's infostealing malware.
Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June 12, 2026.
Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain attack.
A sprawling supply-chain attack dubbed "Mini Shai-Hulud" has compromised hundreds of open-source packages, including TanStack and MistralAI. By hijacking automated CI/CD pipelines and spoofing digital signatures, the TeamPCP-linked malware successfully bypassed 2FA to steal cloud credentials ...
Kaspersky uncovers targeted DAEMON Tools supply chain cybersecurity attacks affecting manufacturing, government sectors
Quasar Linux RAT (QLNX) harvests DevOps credentials to enable software supply chain attacks with fileless execution and dual rootkit stealth.
Kaspersky researchers uncovered another supply chain compromise involving the popular Daemon Tools software for Windows.
Explore how supply chain attacks threaten Linux ecosystems and discover proactive measures for better security.
Targeted by threat actors: individuals and organizations across 100+ countries and territories, with the majority of victims located in Russia, Brazil, Turkey, Spain, Germany, France, Italy, and China.
Info is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, giving attackers a leg up.
Kaspersky experts have detected a supply chain attack using the popular DAEMON Tools software.
Daemon Tools users: It's time to check your machines for stealthy infections, stat.
DAEMON Tools supply chain attack since April 8, 2026 infects signed installers, enabling targeted malware delivery globally.
Executive Summary On February 2, 2026, the developers of Notepad++, a widely used text editor among software developers, published a public statement confirming that the project’s update infrastructure had been compromised. According to the disclosure, the incident originated from a hosting ...
Weekly summary of Cybersecurity Insider newsletters
According to Kaspersky telemetry, almost 19,500 malicious packages were found in open-source projects by the end of 2025, representing a 37% increase compared to the end of 2024. Modern software development is inseparable from open-source components. However, open-source software may contain ...
SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
: Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump
Dependency scanners cover one of three AI supply chain surfaces. Here's what they miss on model artifacts and tools — and how to scan.
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more.
Q1 2026's biggest cyber threats exploited trusted vendors and supply chains to hit U.S. critical infrastructure. See what happened and what to do next.
A compromised Context AI employee triggered a chain of events that reached a Vercel employee's Workspace account, leading to a Vercel database breach now being sold on BreachForums for $2M Breaking News: Breaking News: Vercel and Context AI were breached; Vercel's internal database containing ...
A 2026 WordPress supply-chain attack allegedly turned 30+ sold plugins into a dormant backdoor operation that hid SEO spam from site owners, persisted beyond a forced update, and exposed deep marketplace trust failures.
The Register Home Page · FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from tens of thousands – if not more – organizations. We won't know the full blast radius for months
The recent supply chain attack involving Mercor and the LiteLLM vulnerability serves as a massive wake-up call for enterprise security teams. While the security industry has spent the last year fixating on prompt injections and model jailbreaks, this breach highlights a far more systemic ...
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet.
Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, impacting multiple OS.
Axios npm maintainer account compromised on March 31, 2026. Backdoored versions 1.14.1 and 0.30.4 deployed cross-platform RAT. Full IOCs, detection guidance, and remediation steps.
Key Takeaways TeamPCP is an operationally sophisticated threat actor—evidenced by multi-stage cascading infrastructure, a novel C2 mechanism, and deliberate pre-positioning beginning months before activation—that executed a cascading software supply chain campaign between March 19–27, ...
Unit 42 discusses the supply chain attack targeting Axios. Learn about the full attack chain, from the dropper to forensic cleanup.
TeamPCP and the Cascading AI/ML Supply Chain Campaign Key Takeaways The TeamPCP threat group executed a cascading supply chain campaign in March 2026 that compromised the Trivy security scanner, two Checkmarx IDE extensions, the PyPI package (~97 million monthly downloads), and the SDK within ...
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had suffered supply chain poisoning by the TeamPCP group on PyPI. It stole the publishing permission ...
A look at the most significant supply-chain attacks of 2025, and their impact on target organizations.
If you run LiteLLM in production, you probably had a rough week. On March 24, 2026, two backdoored...
LiteLLM is a widely used open-source Python library and proxy (95M+ monthly PyPI downloads) that provides a single OpenAI-compatible interface for 100+ LLM providers (OpenAI, Anthropic, Groq, Azure OpenAI, etc.). It is common in AI agent frameworks, MCP servers, orchestration tools, and production ...
Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8 on PyPI with a three-stage backdoor. Learn how to detect, mitigate, and prevent supply chain attacks like this.
Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. This analysis walks through the Trivy supply‑chain compromise, attacker techniques, and concrete steps security teams can take to detect and defend against similar ...
TeamPCP backdoored LiteLLM versions, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent
A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP cybercriminals.
The Trivy Supply Chain Attack shows how security tools can be weaponized. Learn how this 2026 breach unfolded and how Cortex Cloud blocks the threat.
A complete technical analysis of the LiteLLM supply chain attack of March 2026. How TeamPCP compromised the AI proxy, what the malware did, which organizations are affected, and what the incident reveals about the security of AI infrastructure.
The TeamPCP campaign that hit Trivy, Checkmarx, and LiteLLM in March 2026 reveals a new attack pattern: compromise security tools to harvest CI/CD secrets, then use those secrets to poison AI infrastructure. Here's why AI supply chains are now critical infrastructure and what enterprises must ...
Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing infections.
Trivy backdoored, FBI buys location data, iOS DarkSword kit, WhatsApp usernames, Langflow RCE, Cisco FMC zero-day & critical CVEs to patch.
Comprehensive shielding of the software supply chain in 2025: covering dependency management, secure CI/CD, artifact signing, and industry standards.
New supply chain attacks are smaller, more patient, and target overlooked areas like browser extensions and SaaS integrations.
The joint paper tells organizations buying or building AI to verify training data, models, software and third-party services as supply-chain dependencies
Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.
Who's attacking your vendors? Read about the six main supply chain attack groups who are driving SaaS, open-source, and MSP compromise in 2026. Learn how npm supply chain attacks threaten your security today, based on threat intelligence collected by Group-IB.
Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.
GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.
Learn about the npm chalk and debug widespread software supply chain attack, highlighting risks and the need for better SBOM and SCA practices.
UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.
Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have just days to keep them secure.
Researchers found 35 Docker Hub images, including Debian builds, still carrying the XZ Utils backdoor a year later, highlighting supply chain risks.
Explore the 2025 Notepad++ supply chain attack and Chrysalis backdoor. Learn how attackers exploited updates and validate your defenses with Picus.
Between Feb 21–28 2026, an autonomous bot called hackerbot-claw — self-described as powered by Claude Opus — systematically targeted CI/CD pipelines across Microsoft, DataDog, and CNCF repositories using 5 different GitHub Actions exploitation techniques, achieving remote code execution in 4 of 7 targets and exfiltrating a GitHub write token. The campaign marks a new era of AI agents attacking other AI agents and software supply chains.
A critical Notepad++ supply-chain flaw (CVE-2025-15556) enabled stealthy APT access. Understand the attack chain and how to defend your systems.
: Researchers say breaches link identity abuse, SaaS compromise, and ransomware into a cascading cycle
Software supply chain attacks are rising steadily. A look at the top 15 examples shows where organizations should focus to defend their software and reduce risk.
Researchers have attributed the recent Notepad++ supply chain attack to Lotus Blossom, a Chinese state-sponsored group.
The Protect Technology-Telecom Alliance Pilipinas or PROTECTA Pilipinas is working with the Department of National Defense, the Armed Forces of the Philippines, and the Cybercrime Investigation and Coordinating Center to strengthen community participation in protecting telecommunications ...
The warning followed coordinated cyber-attacks against Poland’s energy infrastructure in December, which targeted operational control systems at combined
The Cybersecurity and Infrastructure Security Agency May 26 announced a revised schedule for its series of virtual town hall meetings for public input on proposed rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
US telecom giants announce launch of C2 ISAC to strengthen cyber intelligence sharing, protect communications infrastructure.
Attorneys at Womble Bond Dickinson provide an overview of the White House's National Cyber Strategy for combating cybercrime and modernizing critical infrastructure, and review other recent cybersecurity activities by federal agencies.
U.S. officials suspect Iranian hackers are behind the breach of gas station pump displays in several states. The hacks are part of a long-term Iranian campaign targeting U.S. critical infrastructure, including...
The strategy is a strong foundation. The harder question is what comes next.
Explore the UK Government Cyber Security Strategy 2026, new protection plans, cyber resilience goals, AI threats, and CNI security updates.
Learn about health care’s top 3 cyber risks for 2026 in this blog by John Riggi, AHA national advisor for cybersecurity and risk
Introduction The global cyber threat landscape continues to evolve as threat actors intensify attacks against critical infrastructure, telecommunications providers, defense organizations, and enterprise environments worldwide. Recent campaigns demonstrate how modern adversaries are combining ...
As usual Australia's latest Federal Budget has made some losers, and other winners. Here's where the nation stands on cyber security spending and priorities.
CESER’s CyberStrike program prepares over 100 participants to defend our nation’s critical infrastructure.
Polish ABW warns cyberattacks shifting from espionage and data theft toward physical disruption of critical infrastructure.
A cyberattack shut down an education platform used by universities and K-12 schools across the US Thursday, depriving students and teachers of essential classroom materials — at a time when many are taking or preparing for final exams.
American critical infrastructures are vulnerable to Chinese sabotage and the federal government is taking steps to mitigate the threats, according to the lead U.S. cybersecurity agency.
Iranian cyberthreat actors are targeting critical infrastructure and other key sectors in the United States.
Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers
CISA's new CI Fortify initiative emphasizes the importance of isolation and recovery to ensure critical infrastructure entities can continue key operations during a cyberattack.
CI Fortify provides guidance that's meant to ensure the continued operation of critical infrastructure in case of conflict or attack.
The Cybersecurity and Infrastructure Security Agency has launched a new initiative for critical infrastructure to defend against cyberattacks through proactive isolation and recovery planning. The initiative, called “CI Fortify,” seeks to ensure that organizations can sustain essential ...
Fresh off the longest shutdown in government history, CISA is pushing critical infrastructure orgs to plan for a cybersecurity emergency.
As concerns mount about potential cyber sabotage by the Chinese government, the U.S. is warning operators to practice maintaining services in a degraded state.
Read how critical infrastructure and operational technology cybersecurity attacks are running rampant, as evidenced in this week's news.
Geoeconomic confrontation, cyberattacks, extreme weather and aging systems are amplifying risks across essential infrastructure networks, according to a Gallagher report.
CISA staff departures, especially in the Stakeholder Engagement Division, have kneecapped the cyber agency's ability to coordinate with the private sector.
Critical infrastructure defense is hindered by fragmentation across private owners, local governments, and federal agencies, creating gaps that adversaries exploit across physical, cyber, and informational domains. The threat landscape is expanding and becoming more accessible, with rising ...
Explore how a critical infrastructure cyberattack and rising nation-state threats are reshaping US cybersecurity risks in 2026.
Itron, which makes devices that measure energy and water use, said its operations were continuing, despite the intrusion.
The American technology giant provides water and energy monitoring and utility meters to hundreds of millions of homes and businesses.
One group claimed responsibility for hacking the Los Angeles Metro as the federal government warns of vulnerabilities.
The Medical technology giant Stryker has provided an update on the impact of its March 11, 2026, cyberattack, confirming that the incident has had a The Michigan-based medical device manufacturer Stryker experienced a cyberattack on March 11, 2026. An Iran-linked hacking group stole 50 gigabytes ...
A highly coordinated cyber campaign that scanned more than 12,000 internet-exposed systems ahead of targeted attacks.
The Internet Crime Complaint Center identified more than 2,100 ransomware incidents in 2025 directed at U.S. critical infrastructure, including health care, energy and critical manufacturing, among other sectors.
As the US and Israel's war has ramped up, so too have hacks on US industrial sites.
Federal cyber and law enforcement agencies warned that Iran-linked hackers are exploiting programmable logic controllers to target U.S. energy, water and government services sectors.
FBI’s 2025 Internet Crime Report finds cyber threats to critical infrastructure intensify as US cybercrime losses hit $21 billion.
DHS shutdown grows worries that U.S. cyber defenses have taken a hit, as Iran-linked attacks continue.
As the Iran conflict intensifies, U.S. energy infrastructure faces escalating cyber threats from nation-state actors. Scale, age, and regulatory fragmentation leave the sector uniquely exposed. A successful attack would cascade across the entire U.S. economy.
Team Cymru warns exposed ICS and OT devices targeted by nation-state actors raise industrial, critical infrastructure risks
Energy Sector The Energy Sector’s Ransomware Nightmare: Why Critical Infrastructure Can’t Catch a Break "Let’s talk about the sector that keeps our lights o...
Energy sector ransomware attacks surged in 2025 as ransomware groups exploited vulnerabilities and deployed FrostyGoop malware globally.
Critical infrastructure faces growing cybersecurity risks as legacy systems converge with IT and cloud technologies
The study found that most attacks exploit communication protocols to gain remote control of industrial processes but don’t require advanced skills or technical knowledge.
ODNI report: US critical infrastructure faces escalating cyber threats and risks from China, Russia, Iran, and North Korea.
Students respond to simulated AI-enabled cyberattack on critical infrastructure with government, military, and industry partners.
Booz Allen warns cyberattacks are reaching machine speed as AI outpaces human-driven defense across critical infrastructure
Why industrial cybersecurity must evolve as climate disruption and digitalization reshape critical infrastructure systems.
A new global dataset of 119 energy-sector cyber incidents from 2022–2024 shows EU and BRICS countries, followed by the US, are most affected. Attacks targeted power, oil, gas, and nuclear infrastructure, driven by both financial and political motives, with diverse threat actors involved.
New ISAC advisory highlights cyber and physical risks to critical infrastructure as Middle East tensions rise.
The cyberattack affected people across the country, including a woman in New Hampshire who went in for surgery Wednesday morning.
The full scope of the impact on the medical equipment firm, including operational and financial effects, remains unclear.
On Friday, March 6, the Trump administration released the latest US national cybersecurity strategy, President Trump’s Cyber Strategy for America, alongside an executive order on combating cybercrime and fraud. The document, focused on six core pillars, is the briefest cybersecurity strategy ...
On March 6, 2026, the Administration released “President Trump’s Cyber Strategy for America” alongside an Executive Order (entitled “Combating Cybercrime,
Cyber retaliation surges after US–Israel strikes on Iran as hacktivists hit governments, defense, and critical sectors
A deep dive into Iranian cyber warfare and actionable defenses for network operators.
New U.S. cybersecurity strategy outlines six pillars aimed at deterring cyber threats, protecting critical infrastructure, modernizing federal systems, and securing emerging technologies.
Although Sean Plankey's access badge was taken and he was escorted out of Coast Guard headquarters Monday, he remains the nominee to lead the Cybersecurity and Infrastructure Security Agency, sources said.
A new Cydome report finds a 150% surge in maritime OT cyberattacks as ransomware attacks tighten grip in 2025.
A dramatic escalation in Middle Eastern tensions began last week with Operation Lion's Roar, a joint U.S.-Israeli military strike on Iranian nuclear and military sites.
NCSC warns of cyber spillover risk amid Middle East conflict, as experts flag potential Iranian attacks on critical infrastructure
The FBI is reminding critical infrastructure organizations to implement mitigations from a June 2025 fact sheet on potential actions by Iranian-affiliated cyber actors who may target U.S. devices and networks due to geopolitical tensions.
US-Israeli campaign triggers Iranian counteroffensive targeting Gulf energy and critical infrastructure installations.
Initial suspicion fell on Sandworm, the rowdy, sabotage-prone cyber wing of Russia’s GRU military intelligence. But the latest findings point to a different actor – and Europe should pay attention.
Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) announced a series of public town hall meetings to solicit
: Plus 3 new goon squads targeted critical infrastructure last year
This notice announces town hall meetings to allow external stakeholders a limited additional opportunity to provide input on refining the scope and burden of the CIRCIA Notice of Proposed Rulemaking (NPRM) issued in the Federal Register on April 4, 2024. The proposed CIRCIA rulemaking seeks to...
NCSC call firms to ‘act now’ following disruptive malware attacks targeting Polish energy providers
LLM-driven attackers exploited CVE-2026-39987 on May 10, 2026, to steal credentials and exfiltrate a PostgreSQL database.
CERT-In urges firms to patch critical security vulnerabilities within 12 hours as AI and LLMs accelerate cyberattacks.
House Republicans scrutinize escalating ransomware, nation-state, AI-driven cyber threats targeting state and local governments
Check Point report reveals rise in AI-powered cyberattacks, exposing risks to government agencies, enterprises, AI tools, and cloud security systems. Technology For SMEs | Cybersecurity
The global cyber threat landscape continues to evolve rapidly as ransomware groups, nation-state operators, and cybercriminal organizations intensify attacks against enterprises, government systems, and critical infrastructure worldwide. Over recent weeks, security teams have observed a sharp ...
Verizon DBIR 2026 findings reveal attackers exploiting vulnerabilities, rising ransomware threats, and gaps in security fundamentals.
Verizon's 2026 DBIR finds AI cuts defense time to hours as software flaws beat stolen credentials for the first time.
Verizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industrywide.
Cyber attacks more than doubled in 2025, with Health-ISAC’s 2025 Fourth Quarter Health Sector Heartbeat reporting a 55% year-over-year increase in cyber
An analysis of attacks on Ollama, LM Studio, AutoGPT, and LangServe servers, and recommendations on protecting your organization from the LLMjacking threat.
Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks.
CISA added the critical LiteLLM SQL injection flaw (CVE-2026-42208) to its KEV catalog on May 8, 2026, after active exploitation was detected. Learn about...
A threat intelligence deep-dive into the world's most dangerous state-sponsored APT groups — their identities, motivations, campaigns, and tradecraft in 2026.
Dark Reading looks back on 20 of the biggest newmaking events from the past 2 decades that influenced the risk landscape for today's cybersecurity teams.
Executive SummaryDate: May 2026The Middle East cyber battlefield has expanded significantly in 2024–2026, with the United Arab Emirates (UAE) emerging as a primary target for advanced, persistent, and
AI infrastructure exposes 1M services from 2M hosts due to weak defaults, increasing risk of data leaks and system compromise
AI lowers attack barriers in 2025, enabling 7M-user breach and faster exploits, increasing scale and impact of cyber threats.
Weekly cybersecurity news: Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major
The cyber threat outlooks from CIOs and CISOs at the NASCIO Midyear Conference in Philadelphia ranged from the good to the bad to the ugly — with AI front and center.
Tel Aviv, Israel, April 29, 2026 (GLOBE NEWSWIRE) -- [Tel Aviv, Israel – April 29, 2026] — KELA, a global leader in cyber threat intelligence an...
CISA added two actively exploited CVEs to KEV after confirmed attacks, mandating FCEB patching by May 12, 2026.
Hackers rushed to target a critical LiteLLM SQL injection flaw to steal keys, credentials, and environment-variable configuration.
KELA claims infostealers remained the primary access vector for attacks in 2025
CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.
1.96B emails and 1.3B passwords loaded into HIBP. 22% of 2025 breaches start with stolen credentials per Verizon. All 2026 stats sourced inline.
The most damaging attacks of 2025 didn't rely on sophisticated exploits. They relied on trust. Blackpoint Cyber's 2026 Annual Threat Report explains what that means for defenders right now.
CRIL March analysis of the 2026 threat landscape reveals 702 ransomware attacks, major breaches, access brokers, vulnerabilities, and global risks.
Stolen credentials remain the most common way attackers get in. The 2025 Verizon Data Breach Investigations Report, covering more than 22,000 security incidents and 12,000 confirmed breaches, makes the case plainly: credential abuse was the leading initial access vector for the second consecutive ...
Breach costs, identity compromise, ransomware/extortion, phishing, exploitation, and enterprise decision implications based on verifiable sources.
Europe’s Europa platform disclosed a cloud-hosting cyberattack, Puerto Rico suspended licensing services after a government incident, and researchers detailed BPFdoor sleeper cells in telecom networks. The roundup also covers the FBI director’s personal Gmail breach, RedLine malware ...
Waterfall Threat Report 2026 finds ransomware slowdown masks deeper shift toward nation-state attacks on critical infrastructure.
2025 data shows the U.S. drove ~93% of recorded Americas incidents. Ransomware (~45%) and defacement (~35%) dominate, with December peaks and rising DDoS.
A serious cyberattack hasn’t prompted a strong enough policy or public reaction, one former director said.
The Mandiant M-Trends 2026 report reveals fast attacker hand-offs, rising dwell times, ransomware operators targeting backup infrastructure.
Enterprise vulnerability exploitation is accelerating alongside ransomware activity, MFA attacks, email threats, and growing AI-driven risks.
New M-Trends 2026 report reveals a threat landscape shaped by faster, coordinated, and industrialized cyberattacks.
SpyCloud’s 2026 report reveals a surge in non-human identity theft, with exposed API keys, tokens, and session data expanding cyberattack risks globally.
Cyberattacks Target Sector: India's educational institutions were the most heavily targeted sector in Asia-Pacific in 2025 with the country experiencing the highest average attack volume, at around 7,684 weekly attacks
Research from IBM X-Force on the 2025 cloud threat landscape showed how threat actors are continuously targeting the cloud ecosystem—not the cloud infrastructure itself. Here’s what this means for defenders.
Poland’s nuclear research centre blocked a cyberattack while Albania’s parliament isolated email systems during a separate incident. The FBI is tracing victims linked to malware distributed through Steam games, and U.S. prosecutors allege a responder assisted BlackCat ransomware actors.
We talked to IBM and industry experts about the findings in the newly released X-Force Threat Intelligence Index 2026. IBM’s X-Force team identified patterns in how adversaries are adapting and executing their attacks in an AI- and data-focused era.
Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have only days to prepare defenses.
Cyber threats in cloud environments are shifting toward software vulnerabilities, identity compromise and insider data theft.
Flashpoint has announced the release of its 2026 Global Threat Intelligence Report (GTIR), providing security leaders from threat intelligence and vulnerability management teams to physical security professionals and the CISO’s office with a proprietary data-driven, ground-truth view of the ...
SAP released its monthly Security Patch Day updates, addressing multiple vulnerabilities across its enterprise software products.
2025 was a brutal, challenging year for businesses in terms of cyberattacks. The year was marked by significant increases in the frequency, sophistication and financial impact of incidents, with the … Continue reading "Three major cyber-attacks of 2025"
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days. At the same time, the use of weak credentials or misconfigurations has dropped significantly ...
Claude Opus 4.6 discovered 22 vulnerabilities in Firefox over two weeks, 14 rated high-severity by Mozilla — nearly a fifth of all high-severity Firefox vulnerabilities remediated in 2025. Demonstrates AI's ability to detect severe security flaws at accelerated speed.
Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances
There has been a fundamental shift toward industrialized cyber threats, highlighted by a record 31.4 Tbps DDoS attack and sophisticated session token theft. Our new report examines how nation-states and criminal actors have moved beyond traditional exploits to "living off the XaaS" within ...
Cloudflare Threat Report warns that AI tools enable attackers who lacked required skills to generate effective attacks rapidly and at scale
Cyber extortion has overtaken email scams as the top 2025 attack, as AI-powered threats grow and financial firms become prime targets.
Cloudflare says attackers are shifting to stealing session tokens and abusing cloud services, amid 47.1 million DDoS attacks in 2025 and 230 billion threats blocked daily.
IBM X-Force reports 44% surge in exploitation of public-facing applications as supply chain and identity attacks intensify
Darktrace Annual Threat Report 2026 finds shift from exploit-driven breaches to faster, AI-enabled credential abuse.
Nearly 3,000 Google Cloud API keys embedded in public website JavaScript have gained unintended Gemini AI access after users enabled the Gemini API. Attackers can use these keys to access private files, cached data, and rack up LLM usage charges. Google Cloud defaults new keys to Unrestricted, affecting every enabled API including Gemini.
IBM's 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws
Zero-day exploits, AI-driven Android malware, firmware backdoors, password manager trust gaps, rising DDoS define this week’s critical cyber threats.
AI compresses cyberattack timelines—32% of flaws exploited day-zero, phishing up 1,265%, forcing shift to CTEM defense models.
The cyber-attack lifecycle has entered a new, unforgiving phase, which was underscored at the recent Google Cloud Next 2026 event, where leaders highlighted how AI-driven security operations are reshaping both attack and defence.
Explore 2026 ransomware operations targeting law firm hospitals, from phishing attacks to physical intrusions, and learn key tactics criminals use to breach and extort organizations.
Latest ransomware trends highlight good news, but more risk
Kaspersky ransomware report highlights EDR killers, evolving ransomware tactics, and emerging post-quantum threats shaping cybersecurity risks in 2026.
The April 2026 Cybersecurity Round-Up: Qilin hit Die Linke, Winona County struck twice, 1 million IBANs leaked, and four critical CVEs saw active exploitation.
Ransomware in Q1 2026 is a structural risk, not a spike. Double extortion weaponizes compliance gaps. Here's the data and what to do about it.
State-backed ransomware activity raises new concerns over escalating threats to OT and critical infrastructure operations.
EXECUTIVE SUMMARY Ransomware activity in April 2026 reflects a rapidly maturing, highly adaptive, and increasingly industrialized cybercriminal ecosystem, with 801...
The ransomware landscape is shifting from a chaotic swarm of minor players into a highly organized, heavily armed oligopoly.
A ransomware group has claimed responsibility for hacking the electronics manufacturing giant Foxconn and is attempting to extort the company.
Ransomware activity remained elevated in Q1 2026, continuing the trend established over the past year.
In 2025, the share of ransoms paid dropped to 28%. As a response to this, one of the developments in the 2026 landscape is the growing prevalence of extortion incidents in which no file encryption takes place at all. Instead, attackers leave out the “ware” in “ransomware” and focus ...
Ransomware activity remained elevated in Q1 2026, continuing the trend established over the past year. According to the State of Ransomware Q1 2026 report Ransomware stayed near record highs in Q1 2026, with 2,122 victims and 71% tied to the top 10 groups, led by Qilin, The Gentlemen, and LockBit.
Key Findings Ransomware in Q1 2026: Consolidation at Scale During the first quarter of 2026, we monitored more than 70 active data leak sites (DLS) that collectively listed 2,122 new victims. This figure represents a 12.2% decline from the Q4 2025 all-time record of 2,416 victims but remains ...
Ransomware activity holds steady in Q1 2026 as threat actors prioritise data theft over disruption, BlackFog finds.
BlackFog's state of ransomware April 2026 report measures publicly disclosed and non-disclosed attacks globally.
Ransomware targets aviation ecosystem, where one breach can disrupt airlines, airports, and global operations across interconnected systems.
Ransomware attacks surged dramatically in 2025, with global victims reaching 7,831. The sharp rise highlights how cybercrime has evolved into a highly organized.
April 2026 yet again saw a surge in cyber attacks and ransomware incidents, affecting diverse sectors and highlighting the need for robust cyber resilience
Two American cybersecurity professionals were sentenced today to four years each in prison for their role in a conspiracy to obstruct, delay, or affect commerce through extortion in connection with ransomware attacks occurring in 2023.
It took the healthcare organization nearly one year to publicly disclose a data breach after it was targeted by Inc Ransom.
The former deputy assistant director of the FBI’s Cyber Division said hackers are targeting OEMs and suppliers who must act quickly to identify attacks.
Ransomware groups 0APT and KryBit have doxxed each other online
SystemBC C2 exposed 1,570+ victims tied to The Gentlemen since July 2025, revealing expanding ransomware scale.
In May 2025, the Ohio health system Kettering Adventist Healthcare (Kettering Health) experienced a ransomware attack. The attack was detected on May 20, Kettering Health has confirmed that patients' protected health information was compromised in a May 20, 2025, ransomware attack.
Manufacturing absorbs 56% ransomware surge of global attacks in 2025, as RaaS, legacy OT systems, and supply chains fuel spike.
Ransomware in Q1 2026 remained stable in volume but grew more dangerous in nature, as financially motivated attacks increasingly intersected with geopolitical conflict and disruptive intent.
Health care and public health was the top sector targeted for cyberthreats in 2025, according to the FBI’s latest annual report on internet crimes. There were 460 ransomware attacks and 182 data breaches, totaling 642 cyber events. Financial services was the next highest sector at 447 total ...
A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses.
129 groups posted 7,655 ransomware claims over 376 days. Breakdown by group, sector, country, and trend.
March 2026 saw major cyber attacks and data breaches across various sectors, highlighting the urgent need for robust cybersecurity measures.
BlackFog's state of ransomware 2025 report measures publicly disclosed and non-disclosed attacks globally.
BakerHostetler’s 2026 Data Security ... 26, 2026, reveals a sharp escalation in ransomware attacks targeting law firms, with incidents nearly doubling over the previous year. The report, based on data from 2025, highlights law firms as prime targets due to their troves of sensitive client data, making them vulnerable to extortion and financial ...
U.S. state and local government organizations remain under growing pressure from ransomware, making the issue a major cybersecurity and public service concern
CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns
BlackFog's state of ransomware 2026 report measures publicly disclosed and non-disclosed attacks globally.
Google’s research report on ransomware activity last year underscores how cybercrime is evolving and clouding a collective understanding of its full impact and scale.
Explore today's ransomware landscape with 18 new victims, top actors, and geographic and sector trends shaping the 2026 threat map.
Ransomware of the week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring...
French small and medium businesses remained the organizations most targeted by ransomware in 2025
Ransomware attacks in Asia-Pacific surged 59% in 2025 as rapid digitalisation and AI adoption fuel faster, more targeted cyber extortion.
Ontario Health atHome came under scrutiny last year after one of its vendors was hit by a cyberattack that was kept under wraps for months. We now know the attack was ransomware.
NCC Group counts 7,874 ransomware attacks in 2025, an increase of 50%. Qilin most active, LockBit out of top ten. Industrial sector hardest hit.
Check out the biggest cyber incidents, including ransomware attacks, data breaches and vulnerabilities exploited in February 2026.
Fewer businesses are paying, but ransomware groups are growing in number.
VulnCheck finds ransomware operators increasingly relying on zero-days, raising operational risk in OT environments
In 2025, total on-chain ransomware payments fell by approximately 8% to $820 million in 2025, even as claimed attacks rose 50%.
: Smaller crews piled in as old names splintered and rebranded
The SafePay ransomware group claimed responsibility, boasting of exfiltrating more than 8 terabytes of files during a nearly three-month intrusion.
2025 saw a rise in data-theft-driven extoration, sustained pressure from ransomware groups, and a significant increae in attacks.
: As if snooping on your workers wasn't bad enough
Ransomware in 2026 is faster, stealthier, and identity driven. Explore the latest trends and why prevention-first security is critical.
An in-depth guide to state sponsored hacking, APT tactics, real-world examples, and how organizations can defend against nation-state cyber threats.
Rather than it being a separate domain, it is now part of a whole-of-state response and a whole-of-state action in those conflict situations," Kat Sommer said.
Ransomware, AI-enabled cyber campaigns and nation-state cyber actors are targeting critical infrastructure organizations and the defense industrial base Several organizations, including federal agencies, have provided guidance on how to address cyberthreats Government leaders, including CISOs ...
The most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.
MuddyWater used Teams phishing in 2026 to steal credentials, enabling stealthy data exfiltration and persistence without encryption.
The mention of offensive cyberattacks highlights the White House’s effort to deter foreign hackers and follows public acknowledgments of cyber operation...
The U.S. State Department has ordered a global push to bring attention to what it says are widespread efforts by Chinese companies, including AI startup DeepSeek, to steal intellectual property from U.S. artificial intelligence labs, according to a diplomatic cable seen by Reuters.
Microsoft's Kaja Ciglic on how nation state cyber programs now drive sanctions evasion, crime, and statecraft across global security fronts.
: Latest in long-running pwning of Cisco kit found in mystery Fed agency
The UK is facing four nationally significant cyber attacks a week, the majority from hostile states, NCSC chief, Richard Horne, will warn at the CyberUK conference.
To understand the cyber implications of this conflict, federal leaders need to understand how Iran uses cyber as a strategic instrument.
NCSC CEO Richard Horne says nation-state attacks, AI and the looming quantum threat require stronger global collaboration
Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders.
Iran didn’t send a missile to Indiana. It sent a fax. Last week, Saint Joseph’s County was informed by Iranian hackers that they had “completely taken control of the centralized IT infrastructure...
APT28 exploits SOHO routers for global DNS hijacking and adversary-in-the-middle attacks, enabling credential theft and espionage.
New CSIS analysis flags Iran's shift from episodic cyberattacks to a sustained campaign against critical infrastructure installations.
Armis reveals that “mutually assured disruption” is no longer preventing state-backed attacks
In 2026, the stakes for critical infrastructure integrity are high. Organizations must move beyond the "wait and see" reactive posture that defines 43% of current operations.
Iranian cyber retaliation is escalating. Chinese operators remain embedded in U.S. infrastructure. Ransomware groups continue to disrupt hospitals, schools, and local governments. Trump’s recently released cyber strategy raises doubts the administration is prepared to address these threats.
New GAO report highlights risks to CMMC rollout as nation-state attacks increasingly target defense contractors.
When cybersecurity experts from the public and private sectors gathered this week, AI and critical infrastructure took a back seat to frontline defense in light of recent international headlines.
Evidence indicates that the attackers leveraged existing endpoint management software rather than malware to wipe devices.
Medical technology leader Stryker Corp. remained grappling Thursday with the aftermath of a major cyberattack that disrupted its global Microsoft-based network, as a pro-Iran hacking group claimed responsibility for a destructive operation it described as retaliation for recent U.S. and Israeli
U.S. military cyber operations underpinned the first part of the country's joint strike with Israel against Iran on Saturday. Since then, experts see signs of at
Handala isn't playing around, as it allegedly wipes thousands of mobile phones, computers, and servers belonging to Stryker.
Cyber warfare 2026 highlights nation-state attacks, AI-powered threats, and geopolitical cyber risks targeting governments, telecom networks, and infrastructure.
An Iranian-linked hacking group on Wednesday claimed responsibility for a destructive cyberattack on U.S.-based medical device and services provider Stryker, according to messages posted to the group's Telegram channel.
On March 11, 2026, global medical technology giant Stryker suffered a devastating cyberattack when Iranian-linked hackers deployed wiper malware to permanently erase data across its network.
Blockchain analytics firm Chainalysis has released its latest findings on cryptocurrency crime, revealing a dramatic escalation in 2025 driven primarily by nation-state actors exploiting digital assets to bypass international sanctions. According to the report, illicit cryptocurrency transactions ...
Organizations across the West and allied nations should prepare for Iranian cyberattacks in the wake of Israeli and U.S. ongoing strikes, threat intelligence firms
Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.
An APT41 spinoff is spying on targets across Europe and Asia using a blend of custom and legitimate tools.
Both sides conduct hacking and other attacks, including the deployment of wiper malware, DDoS, and disruptions to critical infrastructure.
Iranian cyber proxies are girding for revenge while nation-state hackers in Tehran have gone quiet, whether to shelter from an onslaught of missile attacks or
The bigger threat to U.S. companies may not be a data breach, but a coordinated campaign designed to make your employees stop trusting everything they see and hear.
The Notepad++ compromise is proof that adversaries are targeting the gap between vulnerability management and detection and response.
Researchers at Google’s Threat Intelligence Group (GTIG) warn that nation-state threat actors have adopted Gemini and other AI tools as essential...
UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation
Read up on this week's cybersecurity news, which highlights how nation-state hackers are escalating attacks on critical infrastructure.
Google researchers found that government-backed hackers now use AI throughout the whole attack lifecycle
The Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) shared details of a multi-agency cybersecurity operation, codenamed Operation CYBER GUARDIAN, to defend our telecommunications sector.
The FBI is alerting the public to a new cyber threat involving a Phishing‑as‑a‑Service kit known as Kali365, which is designed to hijack Microsoft 365 access tokens.
The hackers hid phishing links inside chained Google services, bypassing email security and fooling users.
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑compromise access.
A large-scale phishing campaign leveraging fake event invitations is actively targeting U.S. organizations, combining credential theft, OTP interception.
A new phishing attack abuses Google's recovery contact system to send crypto-targeting emails that pass authentication checks.
Security researchers discover new flaw between Gmail and Google Drive that allows malicious files blocked by Gmail's malware scanner to still reach inboxes marked as "Scanned by Gmail," potentially exposing billions of users to phishing attacks
2026 Email Threats Report finds attackers adopting stealthier delivery methods, underscoring need for integrated, multilayered email protection.
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing fleets of WordPress websites.
Microsoft disclosed a credential theft campaign targeting 35,000+ users at 13,000+ organizations across 26 countries.
Microsoft has warned organizations in the United States about a sophisticated phishing campaign that uses a “code of conduct review” theme.
Attackers are increasingly abusing Amazon Simple Email Service (SES) to deliver highly convincing phishing emails that bypass traditional security controls.
Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step attack chain, and legitimate email services to distribute fully authenticated messages from attacker-controlled domains.
In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics.
Microsoft blocked 8.3 billion phishing emails in Q1 2026. QR codes hidden in PDFs drove a 146% surge, and HTML attachments now make up 31% of payloads—here's why.
Cybercriminals allegedly sent 9,000+ phishing emails using Google Cloud tools, targeting 3,200 organizations by exploiting legitimate automation features.
A surge in password-related cybercrime throughout 2025 has seen not only 2.8 billion credentials stolen, but macOS infostealer infections alone rise by 7,000%.
Chinese-language phishing-as-a-service (PhaaS) platforms are rapidly expanding their global reach by leveraging SMS and over-the-top (OTT) messaging channels.
Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vertical for initial access since Q2 2025.
Fake Ledger crypto-wallet stole $9.5m in two weeks; Silent group hit almost 40 law firms in a year; Google cracks down on back button hijacking.
n8n webhooks abused since October 2025, with phishing volume up 686%, enabling malware delivery and device tracking.
Remcos RAT is being delivered in a new phishing campaign that abuses Google Cloud Storage and trusted Google domains.
Hackers are abusing Google Cloud Storage to host phishing pages that steal credentials and deliver Remcos RAT through a multi-stage malware infection chain.
Phishing evolves into AI-driven, multi-channel scams abusing trusted platforms.
Threat actors are increasingly abusing trusted platforms like GitHub and GitLab to host malware and credential phishing pages, allowing malicious links to bypass email security because these domains are widely trusted and cannot easily be blocked. The volume of these campaigns has grown ...
The blog explains how threat actors increasingly abuse legitimate Cloudflare services like Workers and Tunnels to host phishing pages, distribute malware, and evade traditional security defenses by leveraging Cloudflare’s trusted infrastructure. It details how attackers use these tools to ...
RSAC 2026: Voice phishing is second most common initial access method across all IR probes, and top in cloud break-ins
Microsoft warns tax-season phishing hit 29,000 users via IRS lures, enabling credential theft and RMM-based access.
Another well-crafted phishing campaign uses Google Cloud Integration Application infrastructure to bypass email filters.
Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek. With nearly 900,000 installs and activity across more than 20,000 enterprise tenants, the campaign highlights the growing risk of data exposure through browser extensions.
Phishers abused Google Cloud Storage links to bypass email filters, sending 25+ trusted-looking lures to one target.
OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
Attackers misused Google Cloud Application Integration to send 9,394 phishing emails from Google domains, bypassing filters and stealing credentials.
2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities
Introduction A new wave of Android cyberattacks is leveraging fake Internet Protocol Television (IPTV) applications to distribute Massiv, a highly advanced banking trojan capable of full device takeover, credential theft, and identity fraud. The malware is spreading rapidly across Europe—particu
Suspected Russian actor deploys CANFAIL malware via phishing, targeting Ukrainian defense, energy, and aid sectors using LLM-assisted lures.
A multi-stage phishing campaign is targeting business users by exploiting Vercel cloud storage, PDF attachments, and Telegram bots to steal Dropbox credentials.
A global operation led by German authorities and supported by Europol (Operation Alice) shut down over 373,000 fraudulent dark web websites and seized 105 servers. The operator, a 35-year-old man based in China, made over EUR 345,000 from ~10,000 customers purchasing CSAM and cybercrime-as-a-service offerings. 440 customers worldwide were identified, with investigations ongoing against 100+ individuals.