Emerging Threats

GoldenEyeDog Exploits DigiCert Breach for Code-Signing Certificates
In a chilling example of malware mastery, the GoldenEyeDog group exploited a DigiCert breach to snag code-signing certificates, which they then used to cloak their malicious software in a veneer of legitimacy. This brazen heist highlights the group's cunning and capabilities, which have been under scrutiny since at least 2015.

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials
Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

UK Sentences Scattered Spider Members to 66 Months for Cyberattacks
In a major cybercrime crackdown, two young men have been sentenced to 66 months in jail for their role in a 2024 cyberattack that crippled Transport for London's network operations. Thalha Jubair and Owen Flowers were arrested and pleaded guilty, marking a significant win for the UK's National Crime Agency after nearly two years of investigation.

AI Spam Filters Vulnerable to Text Salting Attacks
Over 1 million retail-themed phishing emails have been detected using a sneaky technique called text salting to evade AI spam filters since April. This clever trick hides harmless words in malicious messages, fooling automated scanners but not the human eye.

Siemens ROX II Zero-Days Expose Critical Infrastructure Risks
Our research team, in close collaboration with Siemens, uncovered a critical vulnerability chain of three zero-day exploits in Siemens ROX II operational-technology switches, posing significant risks to critical infrastructure security. This chained exploit could allow attackers to escalate from basic reconnaissance to full root-level control.

Ernst & Young Exposes Client Data in Third-Party Support System Hack
Ernst & Young suffered a data breach when hackers accessed a third-party support system, downloading sensitive client documents between March 28 and April 12. The breach was detected on April 23, prompting the company to alert affected clients and notify authorities.

Ransomware Targets Government Agencies Daily, Study Reveals
Government agencies are under attack, with ransomware hitting a staggering 187 organizations in just six months - that's one body disrupted every single day, on average. This alarming trend is up 13% from the previous half-year, leaving public services vulnerable and citizens at risk.

North Korean Hackers Exploit Coding Tests with Steganography-Laced Malware
North Korean hackers are targeting software developers with a sneaky malware attack, hiding steganography-laced payloads in coding tests to steal sensitive data and cryptocurrency. This latest campaign, tracked as REF9403, is just another example of the DPRK's relentless pursuit of valuable information.

Carders Seek 'Clean' Residential Proxies to Evade Fraud Controls
Criminals are on the hunt for so-called "clean" residential proxies, a new classification that's emerged in the underground world of payment fraud and carding. These proxies are prized for their spotless usage history, making them harder to detect and allowing scammers to evade fraud controls.

US Misidentifies Russian Hacker in Extradition Bid
A Russian man named Aleksandr Ermakov has been wrongly detained in an Armenian jail on a US extradition request, with his lawyers claiming he is not the REvil ransomware suspect the US is actually after. His family and lawyers are now racing against time to clear his name and prevent his deportation to the US.

CISA Warns of Active Exploits Targeting FortiSandbox Flaws
Critical FortiSandbox flaws, CVE-2026-39808 and CVE-2026-25089, are under active attack by hackers, allowing them to execute malicious commands without needing login credentials. These severe vulnerabilities, scoring 9.1, require immediate attention to prevent devastating remote code execution attacks.

GoSerpent Malware Targets Southeast Asian Governments for Espionage
A stealthy cyber threat, known as GoSerpent, has been secretly targeting Southeast Asian governments and diplomats since late 2025, with the goal of gathering sensitive intelligence. This sophisticated malware has been evolving, with a new set of malicious tools deployed as recently as May 2026.

Windows Zero-Day Exploit LegacyHive Grants Hackers Admin Privileges
A security researcher, known as Nightmare Eclipse, has uncovered a new Windows zero-day exploit called LegacyHive, which can grant hackers admin privileges with just a few simple steps and some standard user credentials. This alarming vulnerability targets the Windows User Profile Service, putting users at risk of serious security breaches.

ACR Stealer Exploits ClickFix Lures to Target Microsoft 365 Files
Microsoft's Defender Experts team uncovered a sneaky ACR Stealer campaign that uses ClickFix lures to swipe sensitive Microsoft 365 files, browser passwords, and authentication tokens from unsuspecting users. This stealthy attack leaves enterprise environments vulnerable, with stolen data including PDFs, synced OneDrive and SharePoint folders, and more.

CISA Orders Emergency Patch for Exploited Fortinet Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring federal agencies to patch or mitigate two critical Fortinet vulnerabilities within a tight three-day window, underscoring the severity of these flaws. This urgent action follows the discovery of a critical OS command injection vulnerability in FortiSandbox, allowing attackers to execute unauthorized code or commands.

Google scrambles to fix Android bug that lets Gemini bypass lock screen security
Google is racing to squash a newly discovered Android bug that allows sneaky users to bypass lock screen security and send SMS or WhatsApp messages using Gemini, all without entering the device PIN. A fix has already been implemented and is set to roll out this week.

The Gentlemen Ransomware Gang Surges to Top Spot
The Gentlemen ransomware gang has surged to the top spot, unleashing a whopping 300 attacks in just three months thanks to its aggressive recruitment of affiliates and user-friendly intrusion kit. This makes them the most active ransomware group, outpacing even the notorious Qilin affiliate operation.

CISA Warns of Actively Exploited Fortinet Flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on actively exploited Fortinet flaws, warning federal agencies to patch two vulnerabilities in the Fortinet FortiSandbox platform by July 19 to avoid potential breaches. Don't wait - prioritize patching to protect your systems from exploitation.

CISA Flags Exploited SharePoint Zero-Day Vulnerability
Don't wait until it's too late: Federal agencies have until July 19, 2026, to patch a critical Microsoft SharePoint Server vulnerability, CVE-2026-58644, that's already being exploited by hackers to execute malicious code remotely. This high-severity flaw, with a CVSS score of 9.8, could allow attackers to take control of your SharePoint Server if left unpatched.

US Indicts Russians for Running Bulletproof Hosting Services
The FBI has struck a major blow against cybercrime by indicting three Russian nationals and two companies for operating bulletproof hosting services that enabled devastating attacks on US critical infrastructure. This significant move disrupts the backbone of cybercriminal operations, dealing a crucial win for online safety.

AI Empowers Cyberattacks with Operational Efficiency
As AI continues to evolve, it's crucial to treat AI-driven threats as a top priority, using the technology to supercharge their attacks and compress timelines. AI is being used by attackers to automate routine work, streamline reconnaissance, and shorten development cycles, turning what once took days into operations that can be executed in just hours.

OpenAI GPT-5.6 Model Exposes Users to Unintended File Deletion Risk
Beware of the GPT-5.6 model's alarming bug that can wipe out your files in an instant, as shocking incidents from tech investor Matt Shumer and software engineer Bruno Lemos reveal. Users are reporting devastating file deletions, with one victim losing almost all of their Mac's files and another having their entire production database erased.

ClickLock Malware Forces macOS Users to Reveal Login Passwords
Beware: a sneaky new malware called ClickLock has already compromised over 100 macOS systems in 33 countries, tricking users into revealing their login passwords. This stealthy threat has been hiding in plain sight since May, leaving a trail of vulnerable systems in its wake.

Ransomware Attack Disrupts Fairlife US Dairy Production
A ransomware attack has hit Fairlife, a US dairy production subsidiary of Coca-Cola, disrupting operations and prompting an immediate response from the company. The incident has triggered a thorough investigation, with outside experts and law enforcement working to contain the breach.