Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →

Powered by CVE WATCHTOWER

×

Insider Threat

North Korean “Laptop Farms” Infiltrated 70 U.S. Companies North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean “Laptop Farms” Infiltrated 70 U.S. Companies

Do Son May 8, 2026

The corporate perimeter has been breached, and the threat isn’t coming through an external firewall—it’s sitting on...

The Negotiator Turned Traitor: Insider Betrayal in the BlackCat Ransomware Ring NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

The Negotiator Turned Traitor: Insider Betrayal in the BlackCat Ransomware Ring

Do Son April 21, 2026

A Florida man has admitted to playing both sides of the ransomware fence. Angelo Martino, 41, a...

The “Laptop Farm” Fallout: Two NJ Men Sentenced for Facilitating $5M North Korean Work Scheme Laptop Farm North Korean IT Fraud

Laptop Farm North Korean IT Fraud

The “Laptop Farm” Fallout: Two NJ Men Sentenced for Facilitating $5M North Korean Work Scheme

Do Son April 17, 2026

In what federal prosecutors are calling a sophisticated strike against national security, two New Jersey residents have...

Infiltrating the Infiltrators: Inside the Florida “Laptop Farm” and the DPRK’s Failed Strike on a Cyber Firm Conceptual network diagram of DPRK scam

Conceptual network diagram of DPRK scam

Infiltrating the Infiltrators: Inside the Florida “Laptop Farm” and the DPRK’s Failed Strike on a Cyber Firm

Do Son March 30, 2026

In an attempt to infiltrate the cybersecurity industry itself, a suspected North Korean (DPRK) IT worker recently...

The $800M Inside Job: OFAC Sanctions North Korean IT Network Defrauding U.S. Businesses NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

The $800M Inside Job: OFAC Sanctions North Korean IT Network Defrauding U.S. Businesses

Do Son March 16, 2026

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued a major sanctions...

Hired to Hack: North Korean Fake IT Workers Hijack Exec Identities in ‘Contagious Interview’ Scams Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Hired to Hack: North Korean Fake IT Workers Hijack Exec Identities in ‘Contagious Interview’ Scams

Do Son February 24, 2026

A new report from the GitLab Threat Intelligence Team lifts the veil on the latest tradecraft utilized...

“Natural Selection” at Work: How North Korean IT Workers Use AI to Infiltrate Companies North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

“Natural Selection” at Work: How North Korean IT Workers Use AI to Infiltrate Companies

Do Son February 17, 2026

A new report from Okta Threat Intelligence has pulled back the curtain on a sprawling fraudulent employment...

Under Siege: GTIG Report Exposes North Korean Spies & Russian Drone Hacks in Defense Sector

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

Under Siege: GTIG Report Exposes North Korean Spies & Russian Drone Hacks in Defense Sector

Do Son February 11, 2026

A new report from Google Threat Intelligence Group (GTIG) paints a stark picture of the modern battlefield,...

“Exfil Out&Look” Flaw Lets Spies Steal Emails via OWA Undetected Exfil Out&Look Microsoft 365 Logging Gap Outlook Classic KB5074109 freeze, January 2026 POP3 PST bug Outlook Classic POP3 freeze, KB5074109 Windows 11 bug Outlook, CPU Usage Outlook lag Outlook Lite discontinued

Exfil Out&Look Microsoft 365 Logging Gap Outlook Classic KB5074109 freeze, January 2026 POP3 PST bug Outlook Classic POP3 freeze, KB5074109 Windows 11 bug Outlook, CPU Usage Outlook lag Outlook Lite discontinued

“Exfil Out&Look” Flaw Lets Spies Steal Emails via OWA Undetected

Do Son February 2, 2026

A gaping blind spot in Microsoft 365’s logging capabilities allows attackers to steal sensitive emails without leaving...

The $40M Insider Heist: Son of Federal Contractor Investigated for Seized Crypto Theft CMDSS ZachXBT crypto theft, John Daghita U.S. Marshals investigation Bitfinex Hacker - DMM Bitcoin Cyberattack

CMDSS ZachXBT crypto theft, John Daghita U.S. Marshals investigation Bitfinex Hacker - DMM Bitcoin Cyberattack

The $40M Insider Heist: Son of Federal Contractor Investigated for Seized Crypto Theft

Do Son January 29, 2026

The United States government has amassed a colossal treasury of digital assets through the seizure of illicit...

Sabotage & Exploited in the Wild: Critical Backdoor Found in LA-Studio Element Kit CVE-2022-45359 LA-Studio Element Kit Backdoor CVE-2026-0920

CVE-2022-45359 LA-Studio Element Kit Backdoor CVE-2026-0920

Sabotage & Exploited in the Wild: Critical Backdoor Found in LA-Studio Element Kit

Do Son January 23, 2026

A critical security incident has rocked the WordPress community after a “backdoor” vulnerability was discovered in the...

Energy Sector Under Siege: AiTM Phishing Turns Insiders Into Threats AiTM Phishing Energy Sector Business Email Compromise

AiTM Phishing Energy Sector Business Email Compromise

Energy Sector Under Siege: AiTM Phishing Turns Insiders Into Threats

Do Son January 23, 2026

A sophisticated cyber campaign is rippling through the energy sector, blending high-tech interception techniques with classic deception...

Cybersecurity Pros Admit to Moonlighting as BlackCat Ransomware Affiliates Elderly lottery fraud scam DOJ wire fraud conspiracy ALPHV BlackCat, Insider Threat Nefilim ransomware Artem Stryzhak guilty plea, Volodymyr Tymoshchuk $11M reward CoinDCX, Employee Arrest Operation PowerOFF Cybercrime, Self-Promotion Hacking

Elderly lottery fraud scam DOJ wire fraud conspiracy ALPHV BlackCat, Insider Threat Nefilim ransomware Artem Stryzhak guilty plea, Volodymyr Tymoshchuk $11M reward CoinDCX, Employee Arrest Operation PowerOFF Cybercrime, Self-Promotion Hacking

Cybersecurity Pros Admit to Moonlighting as BlackCat Ransomware Affiliates

Do Son December 31, 2025

Two cybersecurity professionals have admitted to moonlighting as ransomware affiliates, utilizing the very skills designed to protect...

The Insider Crisis: How Bribed Outsourced Staff Sold Out Ubisoft’s Crown Jewels Ubisoft insider threat 2025, Rainbow Six Siege $339T hack Rainbow Six Siege hack, Ubisoft backend breach 2025

Ubisoft insider threat 2025, Rainbow Six Siege $339T hack Rainbow Six Siege hack, Ubisoft backend breach 2025

The Insider Crisis: How Bribed Outsourced Staff Sold Out Ubisoft’s Crown Jewels

Do Son December 31, 2025

The security research group vx-underground, active on social media platforms, recently released a series of disclosures concerning...

The Mole in the Machine: New Arrests in Coinbase’s $400M Insider Data Scandal Romanian hacker sentenced identity theft conviction Pig-Butchering Crackdown Operation Level Up Oleksandr Didenko North Korean IT Workers Coinbase TaskUs insider breach, Hyderabad police Coinbase arrest Scattered Spider, Cybercrime Scattered Spider group

Romanian hacker sentenced identity theft conviction Pig-Butchering Crackdown Operation Level Up Oleksandr Didenko North Korean IT Workers Coinbase TaskUs insider breach, Hyderabad police Coinbase arrest Scattered Spider, Cybercrime Scattered Spider group

The Mole in the Machine: New Arrests in Coinbase’s $400M Insider Data Scandal

Do Son December 31, 2025

The U.S.-listed cryptocurrency exchange Coinbase recently announced that Indian police have once again arrested a former employee...

110 Milliseconds of Truth: How Amazon Used “Lag” to Catch a North Korean Spy Amazon Redshift JDBC Driver RCE CVE-2026-8178 AWS Bahrain fire 2026 AWS UAE data center fire Amazon North Korean hacker keystroke latency, Arizona laptop farm infiltration

Amazon Redshift JDBC Driver RCE CVE-2026-8178 AWS Bahrain fire 2026 AWS UAE data center fire Amazon North Korean hacker keystroke latency, Arizona laptop farm infiltration

110 Milliseconds of Truth: How Amazon Used “Lag” to Catch a North Korean Spy

Do Son December 20, 2025

E-commerce and technology giant Amazon has recently disclosed its proactive efforts to counter North Korean hacking operations,...

Alarm: Coupang Data Breach Exposes 33.7 Million Users—Over Half of South Korea Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Alarm: Coupang Data Breach Exposes 33.7 Million Users—Over Half of South Korea

Do Son December 2, 2025

A major data breach has struck Coupang, one of South Korea’s most prominent e-commerce platforms, compromising the...

Scattered LAPSUS$ Hunters Pivot to EaaS, Launch Insider Recruitment Campaign After Salesforce Extortion

Insider Recruitment

Scattered LAPSUS$ Hunters Pivot to EaaS, Launch Insider Recruitment Campaign After Salesforce Extortion

Do Son October 22, 2025

Researchers at Palo Alto Networks’ Unit 42 have observed a surge in activity from Scattered LAPSUS$ Hunters...

Ex-Programmer Davis Lu Jailed for Triggering Malicious “Kill Switch” at Eaton Davis Lu, Kill Switch

Davis Lu, Kill Switch

Ex-Programmer Davis Lu Jailed for Triggering Malicious “Kill Switch” at Eaton

Do Son August 25, 2025

In March 2025, 55-year-old programmer Davis Lu had triggered a “kill switch” to delete company data. He...

Beyond the Breach: Coinbase Cracks Down on Remote Work to Stop Hackers North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Beyond the Breach: Coinbase Cracks Down on Remote Work to Stop Hackers

Do Son August 25, 2025

In June 2025, the Nasdaq-listed American cryptocurrency exchange Coinbase experienced a data breach. The incident was not...