A Chinese national accused of participating in a major cyber espionage campaign linked to COVID-19 research has been extradited from Italy to the United States, marking a significant development in an ongoing international cybercrime investigation. Arrest and Extradition Details The suspect, Xu Zewei, aged 34, was taken into custody by Italian authorities in July 2025. His […]
Cybersecurity researchers have uncovered a sophisticated Russian-origin remote access toolkit called CTRL, which is distributed through malicious Windows shortcut (LNK) files disguised as private key folders. The toolkit enables credential theft, keylogging, and RDP session hijacking, while using Fast Reverse Proxy (FRP) tunnels to maintain stealthy command and control (C2). Multi-Stage Deployment According to Censys Censys, the
Russian CTRL Toolkit Uses Malicious LNK Files to Hijack RDP Through FRP Tunnels Read More »
A cyber espionage campaign linked to Iran has compromised the personal email account of Kash Patel, while also targeting major U.S. healthcare firm Stryker in a destructive cyberattack. FBI Director’s Personal Emails Leaked Online The breach was claimed by the hacktivist group Handala Hack, which published a collection of emails, photos, and documents allegedly belonging to the FBI
A pro-Ukraine hacking group has intensified its cyber operations against Russian businesses, deploying a newly developed ransomware strain to maximize disruption and financial gain. The group, known as Bearlyfy, has rapidly evolved into a serious threat actor since emerging in early 2025. Rapid Rise of a Dual-Purpose Threat Actor Since its appearance, Bearlyfy has been linked
Bearlyfy Targets Russian Firms with Custom GenieLocker Ransomware Read More »
Russian authorities have arrested the alleged administrator of the LeakBase cybercrime forum, a platform known for trading stolen personal and corporate data, state media reported. Details of the Arrest According to TASS and MVD Media, the suspect, a resident of Taganrog, was detained for creating and managing a criminal website that allowed stolen databases to be bought and sold since
LeakBase Administrator Arrested in Russia Over Massive Stolen Credential Marketplace Read More »
A Russian cybercriminal has been sentenced in the United States for his involvement in operating a botnet that played a key role in launching ransomware attacks against multiple organizations. Authorities confirmed that Ilya Angelov, aged 40 and originally from Tolyatti, received a two-year prison sentence along with a $100,000 fine. He was known online by aliases such as “milan”
Russian Hacker Sentenced to 2 Years for TA551 Botnet Ransomware Attacks Read More »
A widespread device code phishing campaign is actively targeting Microsoft 365 identities in more than 340 organizations across the U.S., Canada, Australia, New Zealand, and Germany. According to Huntress researchers, the campaign was first observed on February 19, 2026, and has accelerated since. The threat actors exploit Cloudflare Workers redirects combined with Railway.com PaaS infrastructure to turn legitimate authentication flows into credential-harvesting mechanisms. Targeted
Cybersecurity researchers have uncovered an advanced phishing campaign targeting corporate environments, particularly French-speaking organizations, by distributing fake resumes that secretly deploy malware. The operation, tracked as FAUX#ELEVATE by Securonix, combines credential theft, data exfiltration, and cryptocurrency mining into a single highly efficient attack chain. Malicious Resumes Disguised as Job Applications The campaign begins with phishing emails containing what
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner Read More »
Microsoft has issued a warning about a surge in phishing attacks exploiting the U.S. tax season, with cybercriminals targeting tens of thousands of users to steal sensitive data and deploy remote access malware. According to recent threat intelligence findings, attackers are leveraging tax-related themes to trick victims into engaging with malicious emails. These messages often
Microsoft Warns IRS Phishing Campaign Hits 29,000 Users and Deploys RMM Malware Read More »
A large-scale supply chain attack targeting the widely used Trivy security scanner has escalated into a self-propagating malware campaign, infecting at least 47 npm packages with a newly identified worm known as CanisterWorm. Security researchers report that the attackers are likely continuing their operations beyond the initial compromise, expanding the infection across multiple software ecosystems
Trivy Supply Chain Attack Spreads CanisterWorm Across 47 npm Packages Read More »