Threat

UAC-0050 Targets European Financial Institution Using Spoofed Domain and RMS Malware

A Russia aligned cyber threat group has been linked to a targeted social engineering campaign against a European financial institution, marking a potential expansion beyond its usual Ukraine focused operations. The activity has been attributed to UAC-0050, also known as DaVinci Group. Threat intelligence firm BlueVoyant tracks the cluster under the name Mercenary Akula. The attack reportedly targeted […]

UAC-0050 Targets European Financial Institution Using Spoofed Domain and RMS Malware Read More »

Lazarus Group Deploys Medusa Ransomware in Middle East and U.S. Healthcare Attacks

The North Korea aligned threat collective Lazarus Group, also tracked under alternative names such as Diamond Sleet and Pompilus, has been linked to fresh ransomware activity impacting organizations in the Middle East and the United States healthcare sector. According to research published by the Symantec and Carbon Black Threat Hunter Team, part of Broadcom, the group leveraged

Lazarus Group Deploys Medusa Ransomware in Middle East and U.S. Healthcare Attacks Read More »

UnsolicitedBooker Targets Central Asian Telecoms with LuciDoor and MarsSnake Backdoors

The threat cluster known as UnsolicitedBooker has expanded its targeting footprint, moving from earlier operations in Saudi Arabia to telecommunications providers in Kyrgyzstan and Tajikistan. Security researchers report that the campaign involves two custom backdoors, LuciDoor and MarsSnake, deployed through carefully crafted phishing operations. According to findings released by Positive Technologies, the attackers relied on uncommon

UnsolicitedBooker Targets Central Asian Telecoms with LuciDoor and MarsSnake Backdoors Read More »

Anthropic Claims Chinese AI Firms Used 16 Million Claude Queries to Replicate Its Model

Artificial intelligence firm Anthropic has revealed that three China based AI companies allegedly conducted large scale extraction campaigns targeting its Claude language model. According to the company, the activity involved millions of automated interactions designed to replicate Claude’s advanced capabilities. The organizations named in the disclosure include DeepSeek, Moonshot AI, and MiniMax. Anthropic claims the coordinated campaigns violated its terms

Anthropic Claims Chinese AI Firms Used 16 Million Claude Queries to Replicate Its Model Read More »

APT28 Targeted European Organizations with Webhook Based Macro Malware

A state sponsored cyber espionage group known as APT28 has been linked to a fresh cyber campaign directed at selected entities across Western and Central Europe. The operation, identified by the threat intelligence unit LAB52 of S2 Grupo, remained active from September 2025 through January 2026. Researchers have named the activity Operation MacroMaze, highlighting its structured yet deceptively simple

APT28 Targeted European Organizations with Webhook Based Macro Malware Read More »

CISA Warns Recently Patched RoundCube Vulnerabilities Are Now Being Exploited

The U.S. Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency, has issued an urgent alert regarding two recently patched vulnerabilities affecting Roundcube Webmail. The agency confirmed that both flaws are now being actively exploited in real world attacks and has directed federal agencies to apply patches within three weeks. Roundcube has served as the default

CISA Warns Recently Patched RoundCube Vulnerabilities Are Now Being Exploited Read More »

Wormable XMRig Campaign Leverages BYOVD Exploit and Time Based Logic Bomb

Cybersecurity analysts have uncovered a sophisticated cryptojacking campaign that distributes a customized XMRig miner through pirated software bundles. The operation combines social engineering, privilege escalation, worm like propagation, and a time triggered logic bomb to maximize cryptocurrency mining performance on compromised systems. According to a technical assessment published by Trellix, the malware demonstrates a multi stage

Wormable XMRig Campaign Leverages BYOVD Exploit and Time Based Logic Bomb Read More »

Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have uncovered an active supply chain attack leveraging at least 19 malicious npm packages to harvest credentials, cryptocurrency private keys, CI secrets, and API tokens from developer environments. The campaign, named SANDWORM_MODE by Socket, exhibits worm like behavior similar to earlier Shai Hulud style attacks. The malware is designed not only to extract sensitive

Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens Read More »

MuddyWater Targets MENA Organizations Using GhostFetch, CHAR, and HTTP_VIP

The Iranian state aligned threat group MuddyWater, also tracked as Earth Vetala, Mango Sandstorm, and MUDDYCOAST, has initiated a fresh cyber espionage campaign aimed at organizations and individuals across the Middle East and North Africa region. The latest operation, named Operation Olalampo, demonstrates the group’s continued evolution in malware development and operational tactics. According to

MuddyWater Targets MENA Organizations Using GhostFetch, CHAR, and HTTP_VIP Read More »

AI Assisted Threat Actor Compromises Over 600 FortiGate Devices Across 55 Countries

Amazon Threat Intelligence has reported a sophisticated cyber campaign in which a Russian-speaking, financially motivated threat actor leveraged commercial generative AI tools to compromise over 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, demonstrates how AI is increasingly lowering the barrier to entry for cybercriminals with limited

AI Assisted Threat Actor Compromises Over 600 FortiGate Devices Across 55 Countries Read More »