Latest Analysis
Cybersecurity intelligence, threat analysis, and national security reporting.
FTC Warns of $2.1 Billion Losses to Social Media Scams
Scammers are making a killing on social media, with nearly one-third of reported losses - a whopping $2.1 billion - originating from these platforms in 2025, according to the FTC. That's an eightfold increase in just five years, making social media a primary target for scammers to swindle unsuspecting consumers.
Checkmarx Breach Exposes GitHub Repository Data on Dark Web
Checkmarx revealed that a security breach, linked to a March 23 supply chain attack, exposed sensitive GitHub repository data, which has now surfaced on the dark web. The incident has been contained, with no customer data compromised, as the affected repository was separate from Checkmarx's customer production environment.
Medtronic Breach Exposes Risks in Medical Tech Sector
The recent Medtronic data breach highlights a glaring vulnerability in the medical tech sector, with phishing attacks like this one proving that many organizations are still granting employees far more access than they need. Medtronic has confirmed the breach was contained within its corporate IT systems, with no evidence it impacted patient safety or product operations.
PyPI Package elementary-data Compromised to Steal Developer Data
A malicious release of the popular elementary-data package on PyPI, which has over 1.1 million monthly downloads, allowed an attacker to steal developer data through a sneaky backdoor. This widely-used open-source tool for data observability in dbt pipelines became a prime target for the secrets-stealing campaign.
Fast16 Malware Exposes Pre-Stuxnet Cyber Warfare Roots
Meet fast16, a sneaky malware framework that's been around since 2005 - five years before the infamous Stuxnet - and is designed to quietly sabotage high-precision software by subtly altering numerical results. This stealthy approach can cause systems to fail, wear out faster, or produce false conclusions, making it a chilling precursor to modern cyber warfare.
US Sanctions Disrupt Cambodian Scam Network's Financial Infrastructure
The US Treasury has taken a major swipe at a massive scam network based in Southeast Asia, sanctioning 29 individuals and organizations, including Senator Kok An, in a bid to disrupt their financial infrastructure and protect American citizens from further losses. Americans lost a staggering $10 billion to these scams in 2023, a 66% surge from the previous year.
US Space Force Awards $3.2 Billion for Orbital Interceptors
The US Space Force is taking a major leap in missile defense, awarding $3.2 billion in prototype contracts to 11 companies, including industry giants and innovative newcomers, to develop space-based interceptors that can counter threats with speed and agility. This move marks a significant step in the development of a new layer of US missile defense.
ADT Breach Exposes 5.5 Million in ShinyHunters Hack
A massive data breach at ADT has put 5.5 million people's personal info at risk, including names, phone numbers, addresses, and sensitive details like dates of birth and Social Security numbers. The breach, linked to the ShinyHunters extortion group, has left millions vulnerable to potential identity theft and scams.
Itron Discloses Cyberbreach, Launches Investigation
Itron has launched a swift investigation into a recent cyber security breach, taking immediate action to assess, mitigate, and contain the incident with the help of external advisors and law enforcement. The company currently believes the breach will not have a significant impact on its operations.
Medtronic Breach Exposes 9 Million Records to Hackers
Medtronic has confirmed a data breach affecting 9 million records, but thankfully, the hackers didn't compromise critical systems that could impact patient safety or product operations. The company's corporate IT systems were the target, and Medtronic assures that business operations, including manufacturing and distribution, remain unaffected.
Browser Extensions Sell User Data With Explicit Disclosure
You've probably installed browser extensions without a second thought, but the truth is, some of them are selling your data - and they're not even trying to hide it. According to LayerX Security, over 80 extensions explicitly state in their privacy policies that they'll collect and share your info for profit.
Deepfake Voice Attacks Expose Vulnerabilities in Corporate Defenses
With just three seconds of a CEO's voice online, your company is vulnerable to a deepfake voice attack - and it only takes one convincing call to compromise your defenses, as seen in a string of high-profile heists. Make sure your team knows how to spot and stop these sophisticated scams before it's too late.
Crypto Launderer Sentenced to 70 Months for $230M Heist Role
Meet Evan Tangeman, a 22-year-old crypto launderer who lived large on stolen millions, racking up half-million-dollar nightclub tabs and luxury cars, before getting sentenced to 70 months in prison for his role in a $230M heist. His lavish lifestyle, fueled by greed, came crashing down with a guilty plea and a lengthy prison term.
Researchers Expose 73 Fake VS Code Extensions Spreading GlassWorm v2 Malware
Malicious VS Code extensions are putting developers at risk, with 73 fake extensions discovered spreading GlassWorm v2 malware, allowing attackers to stealthily retrieve and execute payloads after activation. These extensions act as loaders, using obfuscated JavaScript to achieve the same malicious outcomes as their binary-based counterparts.
PhantomCore Exploits TrueConf Flaws to Breach Russian Networks
Researchers Daniil Grigoryan and Georgy Khandozhko revealed that PhantomCore attackers exploited a chain of three TrueConf Server vulnerabilities, including insufficient access control and file reading flaws, to breach Russian networks. This sophisticated attack highlights the importance of addressing these critical vulnerabilities to protect against potential threats.
Cybersecurity Salaries Stagnate Amid Rising Threats and Workloads
Despite the rising demand for cybersecurity experts, a shocking 71% of infosec pros worldwide - and 77% in the UK - have seen their salaries stagnate over the past year, leaving them lagging behind their peers in other tech fields.
Vulnerability Discovery Outpaces Remediation Infrastructure
The latest AI-powered vulnerability discovery tool, Anthropic's Claude Mythos Preview, can identify a massive number of security risks at unprecedented speed, raising crucial questions about whether organizations can keep up with remediation. With AI outpacing human teams, the real challenge now is turning these findings into actionable fixes.
ADT Breach Exposes Customer Data, ShinyHunters Claim Responsibility
ADT confirmed a data breach on April 20, after discovering unauthorized access to sensitive customer and prospective-customer information, which was swiftly shut down and investigated. The breach exposed key personal details, but thankfully, payment information and customer security systems remained unaffected.
Microsoft Probes Outlook.com Outage as Sign-in Failures Mount
Microsoft is investigating an Outlook.com outage that's causing sign-in failures and unexpected sign-outs for some users, citing possible issues with client sign-in scenarios. The company is working to identify the root cause, but hasn't yet shared details on the number of affected users or regions.
Microsoft Adds Pause Option to Windows Updates
Microsoft is putting you in the driver's seat with its latest update: you can now pause Windows Updates for a longer period, giving you more control over when and how you update your system. This new feature is a direct result of your feedback, and it's designed to minimize disruptions caused by untimely updates.
ADT Confirms Cyber Intrusion After ShinyHunters Extortion Attempt
ADT confirmed a cyber intrusion on April 20, swiftly isolating the breach and collaborating with incident responders and law enforcement to contain the damage. The compromised data included sensitive information like names, phone numbers, and addresses, as well as dates of birth and partial Social Security numbers for a smaller subset of individuals.
Cybersecurity Pros Feel Undervalued as Pay Lags
Cybersecurity pros are feeling underappreciated and overworked, with over 75% not getting a pay rise last year and nearly half feeling undervalued. This disconnect is sparking dissatisfaction, with many considering a career move.
Identity Management Wrestles with AI-Driven Risks
The rapid evolution of Artificial Intelligence is a double-edged sword for IT leaders, bringing unprecedented opportunities for efficiency, but also sophisticated threats and complex identity management challenges. As organizations adopt autonomous digital workers, they must navigate the tension between harnessing AI's power and mitigating its risks to trust and identity.
Researchers Uncover Fast16 Malware That Preceded Stuxnet
Meet fast16.sys, a sneaky kernel driver that intercepts and modifies executable code as it's read from disk, giving its creators unprecedented control over the storage stack and filesystem. This boot-start filesystem component was a game-changer in its time, and researchers are still unraveling its secrets.