Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
135 articles

#Threat Intelligence

All CosmicBytez Labs articles tagged #Threat Intelligence, across news, security advisories, how-to guides, and projects.

  • NewsJul 17, 2026

    ClickLock: New macOS Infostealer Kills Apps Every 210ms to Force Password Entry

    Group-IB researchers discovered ClickLock, a new macOS infostealer distributed via ClickFix lures that terminates all visible system processes in a loop until the victim surrenders their login password — with zero AV detections at discovery.

  • NewsJul 16, 2026

    Identity Attacks Overtake Exploits as Top Ransomware Cause

    Sophos 2026: 79% of ransomware attacks start with stolen identities. MFA was present in 97% of credential-based cases yet failed to stop every one of them.

  • NewsJul 16, 2026

    New Spirals Ransomware Encrypts Victim Network in Under 24 Hours

    A newly identified ransomware group called Spirals has demonstrated alarming operational speed, completing the full attack lifecycle — initial access, lateral movement, data theft, and network-wide encryption — in less than 24 hours.

  • NewsJul 14, 2026

    Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity

    Microsoft has detailed three distinct attack paths used by actors aligned with ShinyHunters to infiltrate corporate Salesforce environments over the past year — none of which required exploiting any vulnerability in the Salesforce platform itself.

  • NewsJul 13, 2026

    Misconfigured Server Exposes Three Evilginx Phishing Ops Targeting M365

    An attacker's operational security mistake — leaving a Python HTTP server and .bash_history exposed on a public port — allowed researchers to uncover three simultaneous Evilginx phishing campaigns targeting Microsoft 365 credentials.

  • NewsJul 11, 2026

    Australia Warns of Global Campaign Targeting Vulnerable CMS Platforms

    The Australian Cyber Security Centre has issued an alert about a coordinated global campaign actively exploiting unpatched vulnerabilities in WordPress,...

  • NewsJul 11, 2026

    China and India-Linked Hackers Both Targeted the Same Pakistani Police Force

    SentinelOne researchers discovered that threat actors linked to both China and India independently targeted the Balochistan Police force in Pakistan for...

  • NewsJul 11, 2026

    Ghost Accounts Abuse GitHub API in Mass Recon Campaign

    Multiple threat campaigns are leveraging disposable 'ghost' GitHub accounts to conduct mass reconnaissance against organizations, systematically mapping...

  • NewsJul 11, 2026

    Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

    SentinelOne researchers have uncovered two years of sustained cyberespionage against Pakistani law enforcement — with China-nexus and India-nexus threat...

  • NewsJul 9, 2026

    Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours

    A single threat actor leveraged AI workflows, chained cloud misconfigurations, and stolen credentials to breach a large Amazon Web Services customer...

  • SecurityJul 9, 2026

    CVE-2026-35210: OpenCTI Authorization Bypass Allows Confidence Level and Object Marking Circumvention

    An authentication bypass vulnerability in OpenCTI prior to 7.260326.0 allows any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass...

  • NewsJul 7, 2026

    RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service

    A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service, letting even low-skill criminals take...

  • NewsJul 5, 2026

    Chinese LLMs Broaden the Gap Between Attackers & Defenders

    China's GLM 5.2 finds vulnerabilities at $0.17 each and outperforms frontier Western models on security benchmarks — while AI-enabled adversary activity...

  • NewsJul 4, 2026

    Agentic AI Used to Conduct Ransomware Attack via Langflow Vulnerability

    Threat group JadePuffer leveraged an LLM agent to autonomously execute a multi-stage ransomware-style attack through a critical Langflow vulnerability,...

  • NewsJul 4, 2026

    Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

    Kaspersky has identified a previously undocumented APT group — Armored Likho (aka Eagle Werewolf) — deploying an AI-assisted Python infostealer called...

  • NewsJul 4, 2026

    JadePuffer Ransomware Used an AI Agent to Automate the Entire Attack

    Security researchers have documented what appears to be the first ransomware operation conducted entirely by a large language model agent — JadePuffer...

  • NewsJul 4, 2026

    North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

    JFrog researchers attribute a fresh npm supply chain campaign to North Korea's Lazarus Group. Malicious packages impersonating Rollup polyfill tooling...

  • NewsJul 4, 2026

    North Korean Hackers Publish 108 Malicious Packages in PolinRider Campaign

    Threat actors linked to North Korea's Contagious Interview campaign have published 108 malicious packages and browser extensions across npm, Packagist,...

  • NewsJul 4, 2026

    PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

    Jamf Threat Labs has discovered PamStealer, a sophisticated two-stage macOS infostealer that impersonates the Maccy clipboard manager, delivers a...

  • NewsJul 2, 2026

    FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs

    Threat actors who exploited the FortiBleed vulnerability to gain persistent access to thousands of Fortinet firewalls are now monetizing that access by...

  • NewsJul 2, 2026

    Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

    Working alongside the FBI and Lumen Technologies, Google's Threat Intelligence Group has significantly degraded NetNut — one of the largest networks that...

  • NewsJun 30, 2026

    How Ransomware Syndicates Weaponize Corporate-Style Organization

    From outsourced labor to tiered pricing models, today's top ransomware groups operate less like rogue hackers and more like Fortune 500 companies — with...

  • NewsJun 29, 2026

    U.S. Offers $10 Million for Russian Hackers Targeting WhatsApp and Signal Users

    The U.S. Department of State is offering up to $10 million through its Rewards for Justice program for information identifying members of UNC5792 and...

  • NewsJun 28, 2026

    FBI: Russian Hackers Now Target Signal Backup Recovery Keys

    The FBI and CISA warn that a Russian-linked phishing campaign targeting Signal users has evolved to steal Backup Recovery Keys, giving attackers full...

  • NewsJun 28, 2026

    Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

    Ukraine's SSU and the FBI have exposed a sustained Russian intelligence campaign using fake support SMS messages to steal Signal, WhatsApp, and Telegram...

  • NewsJun 28, 2026

    Why Patch Directives Only Go So Far

    Six weeks of undetected access through a compromised VPN appliance exposes a hard truth: patching is necessary but not sufficient. Organisations already...

  • NewsJun 27, 2026

    Ukraine and FBI Expose Russian Intelligence Campaign Stealing Signal Credentials via Fake SMS

    The SSU and FBI jointly disclosed a sustained Russian intelligence operation targeting messaging credentials of government officials, military personnel,...

  • NewsJun 25, 2026

    Europe Evolves Into Ransomware's Favorite Region

    New research from Black Kite shows ransomware attacks against European organizations surged 55% in the first four months of 2026 compared to the same...

  • NewsJun 25, 2026

    More Malicious OpenClaw Skills Threaten AI Supply Chain

    Unit 42 researchers identified five persistent malicious skill packages on ClawHub — OpenClaw's AI agent marketplace — including infostealers disguised as...

  • NewsJun 25, 2026

    Russian APT Gamaredon Upgrades Its Arsenal, Requiring New Defenses

    ESET research reveals FSB-sponsored Gamaredon has significantly upgraded its C2 infrastructure obfuscation and malware delivery capabilities, running 35...

  • NewsJun 24, 2026

    FortiBleed: 5-Stage Attack Chain Behind 110 Million Credential Heist on FortiGate Firewalls

    Deep analysis of the FortiBleed operation reveals a sophisticated five-stage credential harvesting pipeline — custom Golang sniffers, Telegram-based...

  • ProjectJun 24, 2026

    OpenCTI: Building a Cyber Threat Intelligence Platform in Your Homelab

    Deploy OpenCTI to aggregate, correlate, and visualize threat intelligence from MISP, NVD, AlienVault OTX, and Shodan — all in a self-hosted Docker stack.

  • NewsJun 23, 2026

    FortiBleed Attackers Turn Firewalls Into Credential Stealers as Heists Persist

    The FortiBleed campaign's operators weaponize Fortinet's own built-in diagnostic command to run a custom Golang sniffer that intercepts 24 authentication...

  • NewsJun 23, 2026

    Scope of Salesforce Attacks Expands as Icarus Leaks Stolen Data

    More victims have surfaced after attackers breached application vendor Klue and abused its OAuth tokens to access customers' Salesforce environments. The...

  • NewsJun 22, 2026

    ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

    Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack, with attackers injecting backdoor code into Pro plugin releases...

  • NewsJun 21, 2026

    China-Nexus Actor Spies on US Researchers Undetected for a Year

    Google's Threat Intelligence Group discovered and disrupted a sprawling China-nexus espionage campaign that stole RedCAP credentials to silently breach...

  • NewsJun 21, 2026

    Google Exposes China Espionage Group UNC6508 Lurking in Networks Since 2023

    Google's Threat Intelligence Group has unmasked UNC6508, a China-linked espionage actor that silently maintained access to critical infrastructure and...

  • NewsJun 21, 2026

    How Software Development's Speed Obsession Enabled TeamPCP's Chaos Crusade

    TeamPCP's remarkable success attacking open-source software was no accident — it exploited a cultural vulnerability baked into modern development: the...

  • NewsJun 21, 2026

    USB Worm Spreads Crypto-Stealing Malware via Windows Shortcut Files

    A self-spreading USB worm active since February 2026 hides real files behind malicious .lnk shortcuts, hijacks clipboard cryptocurrency addresses, hunts...

  • NewsJun 19, 2026

    CryptoBandits Malware Doubles as a Backdoor, Abuses Tor for Stealthy C2

    A newly detailed malware family called CryptoBandits routes all traffic through a local SOCKS5 proxy and the Tor network, blending credential theft with...

  • NewsJun 19, 2026

    Cybersecurity Firms Impacted by Klue Supply Chain Attack

    The hackers exfiltrated data from Salesforce instances of Klue customers, including Huntress and Recorded Future, in a cascading supply chain compromise.

  • NewsJun 19, 2026

    Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

    Salesforce has disabled the Klue Battlecards app integration following a security incident in which attackers abused OAuth tokens to access customer CRM...

  • NewsJun 18, 2026

    Bulgaria Allowed Surveillance Tech Firm to Sell Products to Repressive Regimes, Report Says

    Human Rights Watch obtained Bulgarian export licensing records showing the government approved surveillance firm Circles' technology sales to law...

  • NewsJun 18, 2026

    INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023

    Cybersecurity researchers have charted the evolution of INC ransomware from a nascent RaaS operation to one of the most prolific cybercrime groups in...

  • NewsJun 18, 2026

    'Popa' Botnet Linked to Publicly-Traded Israeli Firm

    Security researchers have traced the sprawling Popa Android botnet — which enslaved millions of consumer TV boxes for ad fraud and data scraping — to a...

  • NewsJun 17, 2026

    144 Mastra npm Packages Compromised via Hijacked Contributor Account

    A supply chain attack dubbed easy-day-js has compromised 144 npm packages in the @mastra/* namespace by hijacking a contributor account for the popular...

  • NewsJun 17, 2026

    The Top 10 Attack Surface Exposures in 2026

    A comprehensive breakdown of the most dangerous attack surface exposures organizations face in 2026 — from exposed admin panels and credential reuse to...

  • NewsJun 14, 2026

    'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

    The latest supply chain attacks against PyPI, which hit 37 wheels and 19 code packages, show a continued evolution of the persistent Shai-Hulud software...

  • NewsJun 11, 2026

    GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

    GitHub has announced that npm version 12 will disable install scripts by default as a breaking change aimed at combating software supply chain attacks...

  • NewsJun 10, 2026

    Who Runs the Ransomware Group 'The Gentlemen'?

    KrebsOnSecurity investigates the identity and structure behind The Gentlemen, the second most active ransomware gang of 2026, known for offering...

  • NewsJun 7, 2026

    What the 2026 DBIR Confirms: Attacks Are Living in the Browser

    The 2026 Verizon DBIR confirms phishing, shadow AI, malicious extensions, and credential theft now execute inside the browser, exposing major security gaps.

  • NewsJun 5, 2026

    IronWorm and New Miasma Worm Variant Hit npm in Coordinated Supply Chain Attacks

    Two distinct malware campaigns have hit the npm ecosystem simultaneously — IronWorm deploys a Rust-based infostealer via 50+ poisoned packages, while a new…

  • NewsJun 2, 2026

    AI-Built Ransomware Toolkit Automates EDR Evasion and AD Discovery

    A threat actor has deployed an AI-generated ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and…

  • NewsJun 2, 2026

    Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense

    Twenty years after Dark Reading launched, security leaders are looking beyond the assume-breach paradigm toward AI-native, hyper-segmented enterprise defense…

  • NewsMay 31, 2026

    As Global Powers Explore Humanoid Robots, Cyber-Risk Looms

    Nation-states are racing to dominate the embodied AI and humanoid robotics market, but as governments and militaries integrate these systems, the…

  • NewsMay 31, 2026

    From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a-Service Market

    DDoS attacks are increasingly sold as subscription services with pricing tiers, reseller programs, and customer support. Flare's analysis reveals how the…

  • NewsMay 31, 2026

    Frontier AI Reinforces the Future of Modern Cyber Defense

    As OpenAI and Anthropic push frontier AI capabilities forward, SentinelOne argues that AI-native, machine-speed cyber defense is now essential — and that the…

  • NewsMay 31, 2026

    GCHQ Chief: AI Is an 'Unstoppable Force' with Offensive and Defensive Cyber Ramifications

    Anne Keast-Butler, head of the UK's GCHQ signals intelligence agency, has warned that artificial intelligence represents an unstoppable force in cyberspace…

  • NewsMay 30, 2026

    Russian Spies Aggressively Targeting Western Technology as Sanctions Bite

    Western intelligence officials warn that Moscow's espionage apparatus is deploying cyber spies, hackers, and recruited middlemen to steal dual-use...

  • NewsMay 28, 2026

    UK Cyberspying Chief Calls AI 'an Unstoppable Force' and Warns About Russia

    UK signals-intel chief warns AI is reshaping threats as an unstoppable force while Russia escalates hostile gray-zone activity below open conflict.

  • NewsMay 26, 2026

    Iranian APT Targets Aviation, Software Companies With

    Nimbus Manticore, an Iranian advanced persistent threat group, has continued operations targeting aviation and software companies during and after the US.

  • NewsMay 24, 2026

    Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

    The Belarus-aligned Ghostwriter APT (UAC-0057/UNC1151) has launched a new phishing campaign impersonating Prometheus, a Ukrainian e-learning platform, to...

  • NewsMay 22, 2026

    ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI

    This week's threat intelligence bulletin covers Linux rootkit campaigns, an actively exploited router zero-day, AI-assisted intrusions, new scam kit...

  • NewsMay 19, 2026

    Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

    Threat actors have compromised the widely-used actions-cool/issues-helper GitHub Action, redirecting every existing tag to a malicious imposter commit...

  • NewsMay 19, 2026

    Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid

    Researchers at HUMAN Security uncovered Trapdoor, a sophisticated Android ad fraud and malvertising operation that used 455 malicious apps and 183...

  • NewsMay 19, 2026

    Verizon DBIR 2026: Vulnerability Exploitation Overtakes

    Verizon's 2026 Data Breach Investigations Report reveals a landmark shift: vulnerability exploitation has surpassed credential abuse as the leading breach...

  • NewsMay 17, 2026

    Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution

    A Flare threat intelligence analysis breaks down the REMUS infostealer — a rapidly evolving credential theft tool built around stolen browser sessions and...

  • NewsMay 17, 2026

    Living Off the Pipeline: Defending Against CI/CD Subversion

    Adversaries are increasingly weaponizing CI/CD pipelines as a living-off-the-land vector — abusing trusted build infrastructure to execute attacks without...

  • NewsMay 17, 2026

    ODNI Taps Officials to Coordinate Response to Foreign

    Director of National Intelligence Tulsi Gabbard has appointed two officials to lead cross-agency monitoring of foreign threats targeting the 2026 U.S....

  • NewsMay 17, 2026

    SecurityScorecard Acquires Driftnet to Boost Third-Party

    SecurityScorecard has acquired Driftnet to expand visibility into third-party ecosystems, addressing growing supply chain attack risks that continue to...

  • NewsMay 15, 2026

    TeamPCP Ups the Game, Releases Shai-Hulud Worm's Source Code

    The hacking group TeamPCP has publicly released the source code for its Shai-Hulud supply chain worm, actively encouraging other threat actors to...

  • NewsMay 13, 2026

    Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak

    An OPSEC failure provides a rare window into the inner workings of The Gentlemen ransomware-as-a-service group, exposing their affiliate model, TTPs, and...

  • NewsMay 12, 2026

    Mini Shai-Hulud Worm Compromises TanStack, Mistral AI

    TeamPCP has expanded its supply chain attack campaign with a fresh Mini Shai-Hulud worm that compromised npm and PyPI packages from TanStack, UiPath,...

  • NewsMay 11, 2026

    Google: Hackers Used AI to Develop Zero-Day Exploit for Web

    Google Threat Intelligence Group researchers say a zero-day exploit targeting a widely used open-source web administration tool was likely generated using...

  • HOWTOMay 11, 2026

    CrowdSec: Deploy a Community-Powered Intrusion Prevention System

    Install and configure CrowdSec on Linux to detect and block attacks using crowdsourced threat intelligence, custom scenarios, and iptables/nftables bouncers.

  • NewsMay 10, 2026

    One Missed Threat Per Week: What 25M Alerts Reveal About

    Analysis of more than 25 million security alerts across enterprise SOCs reveals a troubling pattern: organizations are institutionalizing the practice of...

  • NewsMay 8, 2026

    Trellix Source Code Breach Claimed by RansomHouse Hackers

    The RansomHouse threat group has claimed responsibility for the Trellix source code repository breach disclosed last week, leaking a set of proof images...

  • NewsMay 3, 2026

    New Bluekit Phishing Kit Features AI Assistant and Automated Domain Registration

    A newly discovered phishing-as-a-service toolkit called Bluekit is emerging on underground forums, offering threat actors an AI assistant for campaign...

  • NewsApr 28, 2026

    Feuding Ransomware Groups Leak Each Other's Data

    When rival ransomware groups 0APT and KryBit turned on each other, they exposed infrastructure details, operational data, victim lists, and internal...

  • NewsletterApr 28, 2026

    Apr 28 Digest: Medtronic 9M Breach, GitHub RCE, LiteLLM

    ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...

  • NewsApr 26, 2026

    ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse

    This week's ThreatsDay Bulletin covers the $290M KelpDAO DeFi hack tied to Lazarus Group, new macOS living-off-the-land attack techniques, ProxySmart SIM...

  • NewsApr 25, 2026

    Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting

    SentinelOne has discovered 'fast16', a 2005-era Lua-based cyber sabotage implant that predates Stuxnet by five years and targeted high-precision...

  • NewsApr 25, 2026

    Threat Actor Uses Microsoft Teams to Deploy New 'Snow'

    UNC6692 employs email bombing and Teams impersonation to deliver a three-component Snow malware suite — SnowBelt, SnowGlaze, and SnowBasin — enabling full...

  • NewsApr 23, 2026

    Malicious KICS Docker Images and VS Code Extensions Hit

    Threat actors hijacked the official checkmarx/kics Docker Hub repository by overwriting existing image tags — including v2.1.20 and alpine variants — and...

  • NewsApr 23, 2026

    Trigona Ransomware Deploys Custom CLI Exfiltration Tool in Active Attacks

    Recently observed Trigona ransomware attacks are using a bespoke command-line exfiltration tool to steal data from compromised environments faster and...

  • NewsApr 23, 2026

    Vercel Finds More Compromised Accounts in Context.ai-Linked

    Vercel has expanded its breach investigation tied to the Context.ai supply chain compromise and identified additional customer accounts with unauthorized...

  • NewsApr 21, 2026

    No Exploit Needed: How Attackers Walk Through the Front

    Stolen credentials remain the dominant initial access vector in 2026 — no zero-days, no malware, just valid logins that blend in with normal activity...

  • NewsApr 20, 2026

    Why the Axios Attack Proves AI Is Mandatory for Supply

    The North Korean supply chain attack on Axios — a JavaScript library with 100 million weekly downloads — highlights why human-scale monitoring can no...

  • NewsApr 19, 2026

    Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

    Following law enforcement disruption of the Tycoon 2FA platform, threat actors are reusing its tools and techniques across a wave of new phishing kits,...

  • NewsApr 18, 2026

    $13.74M Hack Shuts Down Sanctioned Grinex Exchange After

    Grinex, a Kyrgyzstan-based cryptocurrency exchange sanctioned by the U.S., U.K., and EU for facilitating sanctions evasion, has suspended all operations...

  • NewsApr 17, 2026

    Grinex Exchange Blames Western Intelligence for $13.7M

    Kyrgyzstan-based cryptocurrency exchange Grinex has suspended all operations after a $13.7 million hack, with the platform controversially attributing the...

  • NewsApr 17, 2026

    Three Microsoft Defender Zero-Days Actively Exploited; Two

    Huntress is warning that threat actors are actively exploiting three privilege escalation vulnerabilities in Microsoft Defender — codenamed BlueHammer,...

  • NewsApr 11, 2026

    Citizen Lab: Law Enforcement Used Webloc to Track 500

    Citizen Lab has documented how an Israeli surveillance company called Cobwebs Technologies built an advertising-based global geolocation platform named...

  • NewsApr 10, 2026

    UK Government Threatens Tech Bosses With Jail Time Over AI

    UK communications regulator Ofcom has warned tech executives they face criminal prosecution and imprisonment if their platforms fail to adequately combat...

  • NewsApr 9, 2026

    Cryptocurrency ATM Giant Bitcoin Depot Reports $3.6 Million

    Bitcoin Depot, one of North America's largest Bitcoin ATM operators, has filed an SEC disclosure revealing a cyberattack in which threat actors gained...

  • NewsApr 9, 2026

    Cybercriminals Target Accountants to Drain Russian Firms'

    Cybercriminals are stealing millions from Russian companies by compromising accountants' computers and disguising fraudulent transfers as routine salary...

  • NewsApr 9, 2026

    ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache

    This week's ThreatsDay Bulletin from The Hacker News covers 20 active threats including a hybrid P2P DDoS botnet, a 13-year-old Apache ActiveMQ RCE flaw...

  • NewsApr 7, 2026

    Storm-1175 Deploys Medusa Ransomware at 'High Velocity'

    Microsoft says the financially motivated cybercrime group Storm-1175, linked to China, has exploited N-day and zero-day vulnerabilities in high-velocity...

  • NewsApr 6, 2026

    Microsoft Links Storm-1175 to Medusa Ransomware Zero-Day

    Microsoft has formally attributed Medusa ransomware zero-day attacks to Storm-1175, a China-based financially motivated cybercriminal group that has...

  • NewsApr 5, 2026

    36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

    Cybersecurity researchers discovered 36 malicious npm packages disguised as Strapi CMS plugins that abused Redis and PostgreSQL connections to harvest...

  • NewsApr 4, 2026

    Evolution of Ransomware: Multi-Extortion Ransomware Attacks

    Modern ransomware has evolved far beyond simple file encryption. Multi-extortion tactics — combining encryption, data theft, and public leak threats —...

  • NewsApr 4, 2026

    Microsoft Details Cookie-Controlled PHP Web Shells

    Microsoft Defender researchers have documented a stealthy PHP web shell technique that uses HTTP cookies as a covert command-and-control channel on Linux...

  • NewsApr 4, 2026

    UNC1069 Social Engineering of Axios Maintainer Led to npm

    The North Korean threat actor UNC1069 used a sophisticated, targeted social engineering campaign against the Axios npm package maintainer Jason Saayman to...

  • NewsApr 3, 2026

    Blast Radius of TeamPCP Attacks Expands Amid Hacker

    As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are taking credit and creating a murky attribution...

  • NewsApr 2, 2026

    Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime

    Threat actors are weaponizing vacant properties as drop addresses for mail interception, blending physical access with digital fraud. A Flare threat...

  • NewsApr 2, 2026

    Drift Loses $280 Million as Hackers Seize Security Council

    The Drift Protocol DeFi platform lost at least $280 million after a sophisticated threat actor executed a planned governance attack, seizing control of...

  • NewsApr 1, 2026

    Google Attributes Axios npm Supply Chain Attack to North

    Google's Threat Intelligence Group has formally attributed the supply chain compromise of the popular Axios npm package to UNC1069, a financially...

  • NewsMar 31, 2026

    Attack on Axios Developer Tool Threatens Widespread

    Security researchers at multiple firms are sounding alarms over a supply chain attack against Axios, an npm package with 100 million weekly downloads....

  • NewsMar 30, 2026

    New RoadK1ll WebSocket Implant Used to Pivot on Breached

    Security researchers have identified a newly discovered malicious implant named RoadK1ll that leverages WebSocket connections to silently move from an...

  • NewsMar 30, 2026

    Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple

    This week's cybersecurity roundup covers long-running telecom espionage operations reaching courtrooms, resurging LLM jailbreak techniques, Apple's UK age...

  • NewsMar 29, 2026

    AI Slashes Cyberattack Exploit Timelines From Years to Days

    New research shows AI is dramatically accelerating how quickly threat actors can weaponize vulnerabilities, with 92% of security professionals expressing...

  • NewsMar 28, 2026

    TA446 Deploys DarkSword iOS Exploit Kit in Targeted

    Proofpoint has attributed a targeted email campaign to Russian state-sponsored threat actor TA446, which is leveraging the recently disclosed DarkSword...

  • NewsMar 28, 2026

    TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides

    The TeamPCP threat actor — behind previous supply chain attacks on Trivy, KICS, and litellm — has now compromised the telnyx Python package on PyPI,...

  • ProjectMar 27, 2026

    Build a Collaborative IPS with CrowdSec

    Deploy CrowdSec on a Linux server to get community-powered intrusion prevention — block brute-force attacks, credential stuffing, and vulnerability...

  • NewsMar 21, 2026

    New Speagle Malware Hijacks Cobra DocGuard for State-Sponsored Espionage

    A newly discovered .NET infostealer dubbed Speagle repurposes compromised Cobra DocGuard servers for C2 and data exfiltration, targeting organizations...

  • NewsMar 18, 2026

    Interlock Ransomware Has Been Exploiting Cisco FMC Zero-Day

    The Interlock ransomware gang has been actively exploiting a CVSS 10.0 insecure deserialization flaw in Cisco Secure Firewall Management Center since late...

  • NewsMar 17, 2026

    LeakNet Ransomware Weaponizes ClickFix and Deno Runtime for Stealthy Corporate Attacks

    The LeakNet ransomware gang is using ClickFix social engineering for initial access and a Deno-based malware loader to execute fileless payloads from...

  • NewsMar 14, 2026

    GlassWorm Escalates: 72 Malicious Open VSX Extensions Use

    The GlassWorm self-propagating worm campaign has compromised 72 Open VSX extensions using invisible Unicode Private Use Area characters and a Solana...

  • NewsMar 8, 2026

    Termite Ransomware Operator Velvet Tempest Chains ClickFix

    Microsoft-tracked threat actor Velvet Tempest is deploying Termite ransomware via a ClickFix social-engineering chain that loads DonutLoader and installs...

  • ProjectMar 6, 2026

    Deception Technology Lab: T-Pot Honeypot with OpenCanary

    Deploy a full deception technology stack using T-Pot and OpenCanary to capture real attacker behaviour, generate threat intelligence, and sharpen your...

  • NewsMar 4, 2026

    Cloudflare 2026 Threat Report: 230 Billion Daily Threats as

    Cloudflare's inaugural threat intelligence report reveals its network blocks 230 billion cyber threats daily, with DDoS attacks doubling to 47.1 million...

  • NewsFeb 25, 2026

    AI-Armed Amateur Hacker Compromises 600+ FortiGate

    Amazon's threat intelligence team has documented how a Russian-speaking, financially motivated actor used multiple commercial generative AI tools to...

  • NewsFeb 25, 2026

    Diesel Vortex: Russian Cybercrime Ring Steals 1,649

    A Russian-linked phishing operation dubbed Diesel Vortex has stolen over 1,649 credentials from major freight and logistics companies across the US and...

  • NewsFeb 18, 2026

    AI-Driven Threats Accelerate: Agentic Attacks, Model

    Multiple industry reports warn that 2026 marks the emergence of agentic AI threats — autonomous systems capable of planning and executing multi-step...

  • NewsFeb 15, 2026

    Ransomware in 2026: Data-Only Extortion Replaces Encryption

    With 91 publicly disclosed ransomware attacks in January 2026 alone, the ransomware landscape is shifting toward data-only extortion while healthcare...

  • NewsFeb 11, 2026

    SSHStalker Linux Botnet Uses IRC Protocol for Command and Control

    Security researchers discover a new Linux botnet named SSHStalker that leverages the legacy IRC protocol for C2 operations, marking a return to old-school...

  • SecurityFeb 8, 2026

    International AI Safety Report: AI Now Provides 'Meaningful

    The 2026 International AI Safety Report confirms AI systems can assist attackers across multiple stages of the cyberattack chain, with vulnerability...

  • NewsletterFeb 8, 2026

    Global Threat Intelligence & New Tools - Issue #3

    This week: state-backed espionage campaigns across 155 countries, China-linked router hijacking, ransomware surge, new security tools, and site updates.

  • NewsFeb 7, 2026

    Shadow Campaigns: State-Backed Espionage Group Breaches 70+

    Palo Alto Unit 42 reveals a state-aligned group designated TGR-STA-1030 compromised government and critical infrastructure targets in 37 countries using...

  • HOWTOFeb 6, 2026

    OSINT Reconnaissance Methodology for Security Professionals

    A structured approach to open-source intelligence gathering covering domain reconnaissance, email enumeration, social media profiling, and infrastructure...

  • NewsFeb 4, 2026

    AI-Powered Cyberattacks Expected to Cause Major Enterprise

    Security experts predict autonomous AI systems will be responsible for at least one major enterprise breach within months, as threat actors weaponize...

  • NewsFeb 4, 2026

    The Rise of Ransomware-as-a-Service: 14 Active Platforms

    Security researchers identify 14 active RaaS platforms operating sophisticated affiliate programs, with entry costs as low as $40 per month lowering the...

  • NewsFeb 4, 2026

    Ransomware Attacks Surge in Early 2026 with 26 Claims in One Day

    Threat intelligence reports show 8 active ransomware groups claimed 26 victims on February 2nd alone, with major corporations including BASF and Honeywell...

  • NewsJan 27, 2026

    Healthcare Sector Faces Unprecedented Ransomware Surge in 2026

    Ransomware attacks against healthcare organizations have increased 67% in the first month of 2026, with multiple hospital systems reporting service disruptions.

  • NewsJan 20, 2026

    AI-Powered Phishing Achieves 54% Click-Through Rate

    Microsoft reveals adversaries using AI for automated vulnerability discovery, phishing campaigns, and malware generation. AI-crafted phishing emails...