Skip to main content

Latest Analysis

Cybersecurity intelligence, threat analysis, and national security reporting.

Taxi dispatch center with console and control panel screens blank.

Nihon Kotsu Cyberattack Disrupts Taxi Operations

Nihon Kotsu, Japan's largest taxi operator, suffered a devastating cyberattack that forced an emergency shutdown of its systems, disrupting taxi operations nationwide. The malware infection was detected on Saturday morning, prompting swift action to contain the breach.

Analyst 207
Developer workspace with npm package management page, terminal window, and software items on a brightly lit desk.

Jscrambler npm Package Infected with Infostealer Malware

A malicious version of the Jscrambler npm package was published, infecting nearly 1,500 downloads with infostealer malware within a two-hour window before being removed and replaced with a safe version. The incident was quickly contained, but users who downloaded the compromised package between releases 8.14 and 8.20 may be at risk.

Analyst 207
Cluttered home office desk with Mac computer displaying fake CrashReporter window.

Malware Disguises as Apple Tool to Steal macOS Credentials

Beware of a sneaky malware that's masquerading as a legitimate Apple tool to steal your macOS credentials! This malicious software, known as CrashStealer, can infiltrate your password managers and even target over 80 browser-based cryptocurrency wallets.

Analyst 207
Browser extension icon on a computer screen with a blurred history page in the background on a clean office workspace.

Google and Microsoft Remove ModHeader Extension Exposing Dormant Browsing History Collector

A shocking discovery was made about the popular ModHeader extension, used by 1.6 million Chrome and Edge users, which contained a hidden browsing history collector that thankfully remained dormant. Fortunately, both Google and Microsoft swiftly removed the extension from their stores after it was uncovered.

Analyst 207
macOS laptop on a desk with a blurred background and a faint shadow nearby.

macOS Malware CrashStealer Exploits Notarization to Evade Gatekeeper Checks

Meet CrashStealer, a sneaky new macOS malware that uses clever tactics to evade detection, including validation of the victim's login password to harvest sensitive data. This native C++ stealer quietly fetches a second-stage payload to steal a broad range of secrets from compromised machines.

Analyst 207
Laptop screen shows an email inbox with a single message against a blurred home office background.

MemGhost Attack Plants AI Agent False Memories via Single Email

Imagine giving an attacker the keys to manipulate your AI assistant's memories - and all it takes is one ordinary-looking email to rewrite what it thinks it knows about you. With a new tool called MemGhost, hackers can plant false memories in AI agents, altering their responses and actions over time.

Analyst 207
Brightly-lit server stands out in dimly lit data center with blurred equipment and cityscape visible through a window.

Misconfigured Server Reveals Evilginx Phishing Operators

A shocking security blunder exposed the inner workings of a massive Evilginx phishing campaign, revealing 218 victims across 12 countries, with nearly 94% being corporate targets, who were quietly harvested over the course of a year. The careless mistake, made on a Budapest virtual private server, gave researchers a rare glimpse into the sophisticated phishing ecosystem.

Analyst 207
Control room with industrial equipment and officials monitoring power distribution systems.

UK, EU Attribute Poland Cyberattack to Russian Spies, Warn Infrastructure Operators

The UK and EU have called out Russia's Federal Security Service for a brazen cyberattack on Poland's power grid, saying it's just another example of their reckless attempts to wreak havoc across Europe. The attack, attributed to FSB's Centre 16, was foiled, but serves as a stark warning for infrastructure operators to stay vigilant.

Analyst 207
Rows of computer servers and storage equipment with warning lights on front panels in a brightly-lit data center.

Citrix Bleed 2 Exploit Fuels Ransomware Attacks

Ransomware attacks are on the rise, fueled by a new exploit that has already made a significant impact, and now a major software company has ordered its customers to take critical systems offline due to a credible security threat. Progress has urged customers to shut down vulnerable Windows servers to prevent potential breaches.

Analyst 207
Web server setup under attack in a bright office environment.

CISA Warns of Exploited Flaws in Joomla Extensions

Stay safe online: a critical vulnerability in the iCagenda extension for Joomla can allow attackers to upload malicious files and take control of your website, leading to data theft and total site compromise. CISA warns that this flaw, tracked as CVE-2026-48939, is being actively exploited, so take action now to protect your site.

Analyst 207
Police officers work at desks in a brightly-lit station with a large map of Balochistan on the wall.

Chinese and Indian Spies Target Pakistani Police Systems

Suspected Chinese and Indian spies launched a targeted attack on Pakistani police systems, specifically focusing on the Balochistan Police, between February 2024 and April 2026. The intrusion campaigns compromised sensitive data, including biometric records, criminal case files, and national identity information.

Analyst 207
Supermarket checkout area with scattered shopping items and a blurred point-of-sale terminal.

Lidl Online Shop Breach Exposes Customer Data After Service Provider Hack

Lidl's online shop was hit by a data breach after a service provider was hacked, exposing customer information - but fortunately, the online shop's system itself remained secure. The company has notified affected customers and taken steps to address the issue.

Analyst 207
People stand on a beach with a subtle network infrastructure pattern in the background.

Varonis Launches Breach at the Beach, a Hands-On Entra ID Training Experience

Get ready to dive into the world of Entra ID with Varonis' immersive Breach at the Beach training experience, where you'll learn to navigate the complex control plane that connects users, applications, and AI-powered workflows. Discover how to defend against threats that exploit non-human identities and automate breaches.

Analyst 207
Person working on laptop with smartphone nearby in a casual setting.

Forg365 Phishing Service Targets Microsoft 365 with Advanced Device Code Theft

Meet Forg365, a sophisticated phishing service that's targeting Microsoft 365 users with advanced device code theft capabilities, offering a disturbingly user-friendly operator panel and a subscription-based model starting at just $400 a month. This illicit toolkit is being sold on Telegram, putting sensitive data at risk with its legitimate email delivery infrastructure and AI-powered email generation.

Analyst 207
Formal setting with blurred law enforcement emblem in background.

UK Charges Five in Crackdown on Russian Coms Spoofing Platform

In a major crackdown on cybercrime, five London residents have been charged in connection with Russian Coms, a notorious caller-ID spoofing platform that enabled scammers to swindle tens of millions from an estimated 170,000 victims since 2020. The accused allegedly helped fraudsters pose as trusted institutions to trick people into handing over cash and sensitive information.

Analyst 207
Cluttered computer workstation with code on laptop screen, notes, and coffee cups in dim lighting.

Threat Actors Leverage AI-Generated Scripts to Accelerate Active Directory Attacks

Cyber attackers are now using AI-generated scripts to supercharge their Active Directory attacks, allowing them to quickly map and exploit sensitive domains, users, and computers. This alarming trend was uncovered by Huntress researchers, who analyzed a sophisticated PowerShell script that bore hallmarks of AI assistance.

Analyst 207
Security analyst at desk with laptop and multiple monitors, hint of futuristic AI device nearby.

Autonomous AI Transforms SOC with Analyst Copilots

Imagine sitting with a Fortune 50 CISO, witnessing a critical moment of clarity: "This is exactly what is wrong with how most security teams are designing their AI architecture right now." It turns out, current AI designs in the SOC are misguided, asking the wrong part of the decision process to do the wrong work.

Analyst 207
Person speaking into smartphone in quiet, neutral-colored room with soft daylight.

Meta's AI Patent Tracks Emotions Through Voice, Biometrics

Meta just filed a patent for an AI system that can track emotions through voice and biometric data, potentially allowing for continuous emotional analysis throughout the day. This innovative technology could revolutionize the way we interact with devices, making it possible for them to respond to our emotional needs.

Analyst 207
Brightly-lit server room with rows of humming servers and a lone technician inspecting a rack, hinting at potential…

Cyber-attackers Exploit OAuth Client ID Spoofing in Cloud Environments

Cyber-attackers are increasingly using OAuth Client ID spoofing to infiltrate cloud environments, with multiple campaigns emerging, each with unique tools and infrastructure. This technique allows attackers to cleverly abuse Microsoft Entra ID by mimicking legitimate authentication requests.

Analyst 207
Brightly-lit sports facility with subtle computer hint, and staff in background.

Infostealer Infection Enables Argentine FA Breach

A single compromised computer with high-level access likely gave hackers the keys to the Argentine Football Association's database and internal email system, thanks to an infostealer infection that went undetected for months. The breach, traced back to September 8, 2025, highlights the devastating impact of a simple infection on a high-privilege machine.

Analyst 207
Server room with equipment racks and a highlighted security alert on one device.

Progress Software Probes External Threat to ShareFile Storage

Progress Software has alerted ShareFile customers to a credible external security threat targeting its Storage Zone Controllers, and is urging immediate action to protect sensitive data. The company has promised to provide an update within 24 hours and recommends that affected customers disable account access and shut down servers.

Analyst 207
European Union officials gather in a formal council meeting room with symbolic representations of official seals in the…

EU Targets Russian Hackers with Sanctions Over Europe Cyberattacks

The European Union is cracking down on Russian hackers, imposing sanctions on nine individuals and four entities linked to malicious cyber operations that threaten the continent's security and stability. This move targets those behind a foiled attack on Poland's critical infrastructure, which could have left 500,000 people in the dark during winter.

Analyst 207
Dignitaries stand together overlooking a harbor with naval ships docked.

Australia, India Forge Deeper Security Ties to Counter Regional Threats

Australia and India are taking their defence partnership to the next level with a new Joint Declaration, aiming to boost interoperability and information sharing between their forces to tackle regional threats. This landmark deal marks a significant step towards closer coordination and consultation on defence matters between the two nations.

Analyst 207
Two officials shake hands in a conference room with a cityscape view.

Germany, Ukraine Partner to Co-Produce BARS Missile-Drone

Ukraine and Germany have joined forces to co-produce the game-changing BARS missile-drone, a powerful jet-powered strike weapon that's proven its mettle in targeting deep into Russian territory, including Moscow. The historic deal, signed on the sidelines of the NATO summit, cements a major boost to Ukraine's defence capabilities.

Analyst 207