Cybercriminals

Beyond Ukraine: Mercenary Akula Spearphishing Hits European Finance with Russian Remote Admin Tools Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Beyond Ukraine: Mercenary Akula Spearphishing Hits European Finance with Russian Remote Admin Tools

Do Son February 27, 2026

A newly detected spearphishing campaign indicates that a notorious Russia-aligned threat actor is expanding its hunting grounds....

Unmasking 1Campaign: The Professionalized ‘Cloaking’ Service Powering Global Malvertising Scams 1Campaign Cloaking Platform Google Ads Malvertising

1Campaign Cloaking Platform Google Ads Malvertising

Unmasking 1Campaign: The Professionalized ‘Cloaking’ Service Powering Global Malvertising Scams

Do Son February 27, 2026

Varonis Threat Labs recently highlights a comprehensive toolkit designed to weaponize search engine advertising. Researchers uncovered 1Campaign,...

The Interview Trap: Malicious Next.js Repositories Weaponize Coding Tests to Hack Developers Developer Targeting Campaign Next.js Malware Lures

Developer Targeting Campaign Next.js Malware Lures

The Interview Trap: Malicious Next.js Repositories Weaponize Coding Tests to Hack Developers

Do Son February 27, 2026

The job hunt just got a lot more dangerous for software engineers. Microsoft Defender Experts identified a...

North Korea’s Lazarus Group Deploys Medusa Ransomware Against U.S. Healthcare SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

North Korea’s Lazarus Group Deploys Medusa Ransomware Against U.S. Healthcare

Do Son February 26, 2026

A disturbing shift in nation-state cyber tactics has been uncovered as North Korean state-backed attackers integrate Medusa...

Unpatched ActiveMQ Flaw Leads to Repeat Breach and LockBit Ransomware LockBit 3.0 Ransomware

LockBit 3.0 Ransomware

Unpatched ActiveMQ Flaw Leads to Repeat Breach and LockBit Ransomware

Do Son February 25, 2026

In the world of cybersecurity, “eviction” is rarely the end of the story. A new case study...

Machine-Speed Intrusions: How One Hacker Used DeepSeek and Claude to Scale a Global Campaign

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

Machine-Speed Intrusions: How One Hacker Used DeepSeek and Claude to Scale a Global Campaign

Do Son February 24, 2026

A report by threat researcher @goyaramen reveals a sophisticated software pipeline that embeds Large Language Models (LLMs)...

Hired to Hack: North Korean Fake IT Workers Hijack Exec Identities in ‘Contagious Interview’ Scams Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Hired to Hack: North Korean Fake IT Workers Hijack Exec Identities in ‘Contagious Interview’ Scams

Do Son February 24, 2026

A new report from the GitLab Threat Intelligence Team lifts the veil on the latest tradecraft utilized...

The Invisible Backdoor: AI Exposes Malicious OAuth Apps Hiding in Microsoft Entra ID Malicious OAuth Apps Entra ID Homoglyph Attack

Malicious OAuth Apps Entra ID Homoglyph Attack

The Invisible Backdoor: AI Exposes Malicious OAuth Apps Hiding in Microsoft Entra ID

Do Son February 23, 2026

The integration of third-party applications into corporate environments has become the lifeblood of modern productivity, but it...

The Fake IT Threat: “TrustConnect” Malware-as-a-Service Masquerades as Legitimate RMM Software TrustConnect Malware Fake RMM MaaS

TrustConnect Malware Fake RMM MaaS

The Fake IT Threat: “TrustConnect” Malware-as-a-Service Masquerades as Legitimate RMM Software

Do Son February 23, 2026

A new report from Proofpoint sheds light TrustConnect, detailing the rise of a new Malware-as-a-Service (MaaS) that...

Industrialized Theft: GoldFactory Malware Hijacks Tax Season via Fake ‘Coretax’ Apps Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Industrialized Theft: GoldFactory Malware Hijacks Tax Season via Fake ‘Coretax’ Apps

Do Son February 23, 2026

As tax season approaches, cybersecurity defenders are tracking a massive escalation in mobile banking fraud. According to...

Inside the ‘Upworksell’ Syndicate: Hacker Gets 60 Months for Funneling US Tech Jobs to North Korea Romanian hacker sentenced identity theft conviction Pig-Butchering Crackdown Operation Level Up Oleksandr Didenko North Korean IT Workers Coinbase TaskUs insider breach, Hyderabad police Coinbase arrest Scattered Spider, Cybercrime Scattered Spider group

Romanian hacker sentenced identity theft conviction Pig-Butchering Crackdown Operation Level Up Oleksandr Didenko North Korean IT Workers Coinbase TaskUs insider breach, Hyderabad police Coinbase arrest Scattered Spider, Cybercrime Scattered Spider group

Inside the ‘Upworksell’ Syndicate: Hacker Gets 60 Months for Funneling US Tech Jobs to North Korea

Do Son February 20, 2026

A 29-year-old Ukrainian national has been sentenced to 60 months in federal prison for orchestrating a massive,...

Infoblox Exposes Hybrid Malvertising & “Pig Butchering” Scam Hybrid Crypto Scam Pig Butchering Malvertising

Hybrid Crypto Scam Pig Butchering Malvertising

Infoblox Exposes Hybrid Malvertising & “Pig Butchering” Scam

Do Son February 20, 2026

Cybercriminals are continuously evolving their tactics to maximize profits, and a new hybrid scam has emerged on...

Fake Jobs, Real Theft: “Contagious Interview” Malware Drains Crypto Wallets Contagious Interview Campaign MetaMask Malware

Contagious Interview Campaign MetaMask Malware

Fake Jobs, Real Theft: “Contagious Interview” Malware Drains Crypto Wallets

Do Son February 18, 2026

A notorious North Korean cyber espionage campaign targeting the tech sector has evolved with a dangerous new...

The “I Paid Twice” Trap: New Booking.com Phishing Kit Targets Hotels & Guests Booking.com Fraud Hospitality Phishing

Booking.com Fraud Hospitality Phishing

The “I Paid Twice” Trap: New Booking.com Phishing Kit Targets Hotels & Guests

Do Son February 18, 2026

A sophisticated financial fraud campaign has resurfaced, targeting the hospitality sector that victimizes both hotels and their...

Hackers Use Jira Notifications to Bypass Spam Filters Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Hackers Use Jira Notifications to Bypass Spam Filters

Do Son February 18, 2026

A new spam campaign is slipping past enterprise defenses by wearing a disguise that most security filters...

“Natural Selection” at Work: How North Korean IT Workers Use AI to Infiltrate Companies North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

“Natural Selection” at Work: How North Korean IT Workers Use AI to Infiltrate Companies

Do Son February 17, 2026

A new report from Okta Threat Intelligence has pulled back the curtain on a sprawling fraudulent employment...

“Carding” as a Service: How Stolen Credit Cards Became a Structured Economy Carding-as-a-Service Underground Credit Card Market

Carding-as-a-Service Underground Credit Card Market

“Carding” as a Service: How Stolen Credit Cards Became a Structured Economy

Do Son February 16, 2026

A new report from Rapid7 has shed light on the sophisticated evolution of the underground credit card...

“Distillation” Theft: Attackers Target AI Models in New Wave of Intellectual Property Heists Model Extraction Attacks AI API Theft

Model Extraction Attacks AI API Theft

“Distillation” Theft: Attackers Target AI Models in New Wave of Intellectual Property Heists

Do Son February 16, 2026

A new report from the Google Threat Intelligence Group (GTIG) has revealed a sharp rise in a...

Trojan Horse in the Server Room: Muddled Libra’s Rogue VM Strategy Exposed Muddled Libra Rogue VM

Muddled Libra Rogue VM

Trojan Horse in the Server Room: Muddled Libra’s Rogue VM Strategy Exposed

Do Son February 13, 2026

A new investigation by Unit 42 has pulled back the curtain on the operations of Muddled Libra,...

Telegram Phishing Campaign Hijacks Accounts by Abusing Trust Telegram Phishing Account Takeover

Telegram Phishing Account Takeover

Telegram Phishing Campaign Hijacks Accounts by Abusing Trust

Do Son February 13, 2026

A new phishing campaign is targeting Telegram users by turning the platform’s own security features into a...