The post North Korean “Laptop Farms” Infiltrated 70 U.S. Companies appeared first on Daily CyberSecurity.

In the past week, the global cyber threat landscape has once again demonstrated how rapidly attackers are evolving shifting from isolated intrusions to coordinated, multi-stage campaigns targeting identities, supply chains, and service providers. From large-scale identity data exposure to sophisticated token abuse and ransomware-driven disruptions, these incidents highlight a critical reality: attackers are increasingly exploiting

The post Global Cyber Threat Brief: Identity Breaches, Supply Chain Attacks, and the Rise of Organized Cybercrime appeared first on Seceon Inc.

The post Global Cyber Threat Brief: Identity Breaches, Supply Chain Attacks, and the Rise of Organized Cybercrime appeared first on Security Boulevard.

The post Cybersecurity Pros Sentenced for Running ALPHV BlackCat Ransomware appeared first on Daily CyberSecurity.

The post The Negotiator Turned Traitor: Insider Betrayal in the BlackCat Ransomware Ring appeared first on Daily CyberSecurity.

The post The “Laptop Farm” Fallout: Two NJ Men Sentenced for Facilitating $5M North Korean Work Scheme appeared first on Daily CyberSecurity.

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio.

The post Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites appeared first on TechRepublic.

Kraken exchange faces extortion after a staff member misused access to record internal systems, about 2,000 accounts affected, no funds or systems breached.

The dark web is often misunderstood, but it plays an important role in both privacy technology and cybercrime activity. In this episode, Tom Eston speaks with cybersecurity researcher and educator John Hammond about what the dark web actually is and how it has evolved in recent years. The discussion covers underground marketplaces, ransomware leak sites, […]

The post The Dark Web Explained with John Hammond appeared first on Shared Security Podcast.

The post The Dark Web Explained with John Hammond appeared first on Security Boulevard.

💾

A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data.

The post Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic.

A researcher released a working ‘BlueHammer’ Windows zero-day exploit that could impact over 1 billion devices, granting SYSTEM-level access and leaving no patch yet.

The post ‘BlueHammer’ Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices appeared first on TechRepublic.

North Korean operatives are using AI-generated resumes and stolen identities to infiltrate US companies, turning hiring pipelines into a new attack vector.

The post New North Korean AI Hiring Scheme Targets US Companies appeared first on TechRepublic.

With 90% of organizations unprepared for quantum threats, the shift to post-quantum cryptography (PQC) is a structural necessity. Explore the "harvest now, decrypt later" risk and the NIST PQC standards.

The post The Quantum Clock is Ticking and Your Encryption is Running Out of Time  appeared first on Security Boulevard.

The post Infiltrating the Infiltrators: Inside the Florida “Laptop Farm” and the DPRK’s Failed Strike on a Cyber Firm appeared first on Daily CyberSecurity.

Just a week after the Stryker wiper attack claimed by the Iranian hacker group Handala made global headlines, the U.S. Intelligence Community says its China that we should be worried about instead.

The 2026 Annual Threat Assessment, published by the Office of the Director of National Intelligence, named China, Russia, Iran, and North Korea as the four nation-state cyber actors most actively targeting U.S. government, private-sector, and critical infrastructure networks. It does not rank them by severity — it ranks them by role. And the roles are distinct.

China: Pre-Positioned, Patient and Already Inside

The IC's assessment reserves its sharpest language for China. Beijing is the most active and persistent cyber threat to U.S. government, private-sector, and critical infrastructure networks — a designation the report pairs with a specific warning that Chinese cyber actors have already demonstrated the capability to compromise U.S. infrastructure, and they potentially maintain that access not for immediate disruption but for strategic advantage in the event of a conflict.

The distinction matters enormously for defenders. China does not primarily operate as a smash-and-grab actor. It pre-positions — meaning it establishes persistent footholds inside networks months or years before any potential military confrontation, ensuring that if tensions over Taiwan or the South China Sea escalate into open conflict, Beijing can trigger disruptions to U.S. transportation, logistics, and communications systems at a moment of its choosing. The ATA explicitly warns that a conflict over Taiwan would expose the U.S. to significant cyber attacks against its transportation sector.

"If the U.S. were to intervene (in China-Taiwan conflict), it probably would face significant but recoverable disruptions to its transportation sector from Chinese cyber attacks."

China's cyber ambitions also extend far beyond espionage. The report notes that Beijing continues to work to maintain U.S. dependence on sectors where it holds supply chain leverage — critical minerals, energy storage, pharmaceuticals, and unmanned aerial systems — while simultaneously accelerating its own decoupling from U.S. technology in semiconductors and artificial intelligence. The cyber program supports both these objectives. One of stealing what it needs and second of protecting what it builds.

Russia: Gray Zone Sabotage as Standard Operating Procedure

Russia's cyber posture in the ATA reflects a different strategic logic. Unlike China's long-horizon pre-positioning, it focuses on continuous, deniable harassment of adversaries operating in what the report calls the "gray zone" of geopolitical competition. Russia's toolkit, the IC assesses, includes cyber attacks, disinformation and influence operations, energy market manipulation, military intimidation, and physical sabotage — all deployed beneath the threshold of declared conflict.

Russia has targeted European critical infrastructure with the explicit aim of disrupting the military supply chains that sustain Kyiv. The IC notes that Russia also has advanced counterspace capabilities, hypersonic missiles, and undersea assets designed to negate U.S. military advantages — a portfolio that its cyber operations support through intelligence collection and pre-conflict reconnaissance.

Russia's gray zone doctrine deliberately makes attribution complicated. Moscow hides and denies its role in cyber operations, making it difficult for the U.S. and its allies to justify public responses or trigger alliance commitments. The IC warns this approach will continue, particularly as Russia leverages its partnerships with China, Iran, and North Korea to share capabilities and evade sanctions.

North Korea: A Billion-Dollar Cyber Economy Funding a Weapons Program

North Korea's cyber program occupies a unique category. It functions simultaneously as an intelligence collection tool, a sanctions evasion mechanism, and a weapons financing engine. The IC assesses that Pyongyang's cryptocurrency heists and other financial cybercrimes net at least $1 billion each year, with those proceeds flowing directly into the regime's nuclear and missile programs.

Read: North Korea’s $3 Billion Mystery: UN Probes Cyberattacks Funding Nuclear Program

The report introduces a dimension that defenders increasingly face but rarely discuss publicly. North Korea's growing use of IT workers with falsified credentials to gain employment with unwitting companies. This human insider access approach allows Pyongyang to circumvent the technical defenses that would otherwise block external intrusions. It uses a trusted insider inside the network perimeter before any exploit is needed. The IC warns this tactic specifically threatens organizations with stronger defensive measures, because it bypasses the very controls those organizations invested in building.

North Korean cyber actors are also expanding ransomware attacks against U.S. critical infrastructure and businesses — a shift from targeted espionage toward higher-volume, disruptive operations.

Iran: Degraded but Still Dangerous, and Escalating

Iran's cyber posture, the ATA notes, faces significant constraints following the 12-Day War in 2025. The IC characterizes Iran as a threat to U.S. networks primarily through cyber espionage and attacks against poorly defended targets — but couples that assessment with an explicit warning that Iranian proxies and hacktivists outside Iran will pursue cyber-enabled operations against U.S. targets, even if less technically advanced than state-directed campaigns.

The IC noted that a hacking group linked to Iran claimed responsibility on March 11 for wiping 200,000 systems and extracting 50 terabytes of data from a U.S. medical technology company. That company was Stryker, and the attack represented, in the IC's own words, a direct cyber retaliation for U.S. operations against Iran.

Read: Who Is Handala — The Iran-Linked Ghost Group That Just Wiped 200K Stryker Devices

Ransomware: The Non-State Accelerant

Beyond nation-states, the ATA identifies financially and ideologically motivated non-state actors like ransomware groups, cybercriminals, and hacktivists, as taking more aggressive cyber attack postures. Ransomware in particular harms U.S. critical infrastructure and business operations, generating operational disruptions, revenue loss, and sensitive data theft at scale. The IC specifically flags a tactical shift in how ransomware groups now operate faster and in high-volume. This compresses the window in which security teams have to detect and respond. The implication is that the dwell-time advantage defenders once relied on has narrowed significantly.

AI and Space: Emerging Force Multipliers for Adversaries

The ATA's cyber threat picture cannot be read in isolation from two accelerants the report addresses separately. On artificial intelligence, the IC warns that AI already influences targeting and decision-making in active conflicts, and that China — aiming to displace the U.S. as the global AI leader by 2030 — is driving AI adoption at scale using its talent pool, extensive datasets, government funding, and global partnerships. AI's application to offensive cyber operations, the report notes, holds significant potential to increase the autonomy, speed, and effectiveness of attacks that human operators alone could never sustain at scale.

Also read: European Space Agency Confirms Cybersecurity Breach on External Servers

On space, the IC identifies a growing convergence between cyber risk and satellite infrastructure. Adversaries are using jammers against U.S. satellites, and cyber attacks against satellite communications represent a rising threat as global reliance on digital systems expands the exploitable attack surface. Disruptive attacks against space services have become more common and, the report warns, will likely be normalized during crises or periods of strained relations between nations — a trajectory that places satellite ground systems, communication links, and the commercial constellation operators that power military logistics squarely in the crosshairs of China and Russia's counterspace programs.

Iranian threat group Boggy Serpens' cyberespionage evolves with AI-enhanced malware and refined social engineering. Unit 42 details their persistent targeting.

The post Boggy Serpens Threat Assessment appeared first on Unit 42.

Written by Katie Barnett, Director of Cyber Security at Toro Solutions

Insider risk is still often framed around intent, with the focus placed on malicious employees, disgruntled contractors, or deliberate misuse of access for personal gain.
Those cases exist and they matter, but they are rarely where risk first begins, and they do not reflect how most insider-related incidents actually develop.

In reality, many cases take shape slowly and quietly. They are shaped by pressure, fatigue, disengagement, coercion, manipulation or personal strain rather than hostility. The behaviour that later causes harm is often preceded by long periods of stress, isolation, being influenced or unresolved workplace issues. By the time someone is formally labelled an insider threat,the opportunity for early, proportionate support has usually passed, and the organisation is left with far fewer options.

This is why treating insider risk purely as a disciplinary or compliance issue consistently falls short. In many situations, the underlying issue is one of wellbeing first, with security consequences following later, whether the organisation recognises that link or not.

The post When insider risk is a wellbeing issue, not just a disciplinary one appeared first on Security Boulevard.

Artificial intelligence (AI) agents, once touted as the next frontier of corporate efficiency, are increasingly exhibiting deceptive and rogue behaviors that could overwhelm traditional cybersecurity. New research shows autonomous systems are now capable of collaborating to smuggle sensitive data, forge credentials, and even peer-pressure other AIs into bypassing safety protocols. According to findings from Irregular,..

The post AI Agents Present ‘Insider Threat’ as Rogue Behaviors Bypass Cyber Defenses: Study appeared first on Security Boulevard.

An espionage operation demonstrated strategic operational patience against targets in Southeast Asia, deploying custom backdoors.

The post Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia appeared first on Unit 42.

A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data without logging in.

The post Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk appeared first on TechRepublic.

Finland is facing a growing intelligence challenge as Russia and China cyberespionage targeting Finland continues to expand across the country’s technology sector, research institutions, and government networks. The warning comes from Finland’s Security and Intelligence Service (SUPO), which released a new national security overview highlighting the persistent threat from foreign intelligence operations. The report suggests cyber espionage against Finland is not limited to isolated incidents. Instead, it involves a combination of cyber intrusions, traditional espionage, and influence operations designed to collect sensitive information and shape political or economic decisions. The warning about Russia and China cyberespionage targeting Finland reflects that countries are no longer focused only on military secrets but also targeting technology development, economic strategies, and innovation ecosystems.

Russia and China Cyberespionage Targeting Finland’s Technology Sector

According to the SUPO national security overview, the most frequent intelligence operations linked to foreign states originate from Russia and China. These activities increasingly focus on Finland’s technology sector and research institutions, areas that play a key role in the country’s economic and strategic future. The report notes that Russia and China cyberespionage targeting Finland often involves penetrating digital systems to access research data, proprietary technologies, and policy discussions. In several cases, state-backed actors have successfully infiltrated the networks of Finnish start-ups. This trend highlights a worrying reality: smaller technology companies, despite driving innovation, often lack the cybersecurity resources needed to defend against sophisticated state-backed cyber espionage campaigns. For intelligence agencies, start-ups represent valuable targets. Early-stage research and emerging technologies can provide strategic advantages long before products reach the market.

Russia’s Intelligence Interest in Finland Remains Strong

SUPO also warns that Russia’s intelligence interest in Finland will likely intensify in the coming years. Even if geopolitical tensions change, Russia and China cyberespionage targeting Finland is expected to remain a long-term concern. Russia’s intelligence capacity across Europe has been affected by its ongoing war in Ukraine. However, the report suggests that Moscow is already preparing to rebuild its intelligence networks, including operations focused on Finland. Finland’s geopolitical position makes it particularly relevant. As a NATO member located between the Baltic Sea and the Arctic region, the country holds strategic importance for both security and economic activities in northern Europe. SUPO Director Juha Martelius warned that if relations between Russia and Western countries partially normalize in the future, intelligence operations could become even more diverse. Russia may increasingly rely on proxy actors and remote intelligence gathering while maintaining pressure through cyber operations.

China’s Long-Term Intelligence Strategy

Alongside Russia, China continues to maintain a strong intelligence interest in Finland. The report states that Russia and China cyberespionage targeting Finland includes Chinese cyber operations that are both persistent and long-term. Chinese intelligence activity has traditionally focused on foreign policy and security matters, but it is increasingly expanding into areas such as critical infrastructure and advanced technologies. This reflects China’s broader strategy of securing technological advantages and strengthening control over global supply chains. The SUPO report notes that control over critical minerals, raw materials, and manufacturing technologies gives countries significant geopolitical leverage. For Finland, this means that protecting innovation and industrial development has become closely tied to national security.

Economic Security and Cyber Threats Are Now Linked

One of the key messages from the assessment is that economic competitiveness and national security are becoming deeply interconnected. Technology development, supply chains, and access to raw materials are now strategic assets in global power competition. As a result, Russia and China cyberespionage targeting Finland is increasingly aimed at gathering economic intelligence. By accessing technological research or industrial plans, foreign intelligence services can gain advantages in emerging industries. This is why Finland’s intelligence services are paying closer attention to the role of the private sector in national security. Protecting companies working on advanced technologies is no longer only about business interests—it is about safeguarding strategic capabilities.

A Persistent Cyberespionage Threat

The SUPO report makes it clear that Russia and China cyberespionage targeting Finland is unlikely to disappear. As technological competition intensifies worldwide, intelligence agencies will continue to pursue information that strengthens their countries’ strategic positions. At the same time, Finland must maintain an open research environment and international partnerships that drive innovation. Balancing security with openness remains one of the country’s biggest challenges.