Skip to main content

Emerging Threats

Rows of computer servers and networking equipment in a brightly-lit corporate server room.

Spirals Ransomware Encrypts Network in Record Time

In a lightning-fast attack, the newly identified Spirals ransomware gang compromised a network and encrypted its entire system in under 24 hours, showcasing an alarming level of speed and sophistication. The attack began with a simple vulnerability - an exposed IIS server - which allowed hackers to upload a web shell and rapidly escalate their privileges.

Analyst 207
Phone on a desk in a customer service setting with a person working at a computer in the background.

Privacy Breach at Qantas Exposed by Tech Support Scam Tactics

A clever tech-support scam led to a massive 2025 Qantas privacy breach, where 5.7 million customer records were compromised after a social engineering call tricked a contact-centre agent into giving away sensitive access. The sneaky tactic, not a systemic failure, was the surprising root cause of the breach.

Analyst 207
Vulnerable password on whiteboard amidst blurred office equipment and files.

Law Firm's Single Password Weakness Exposes Client Data

A shocking security lapse at a law firm has put client data at risk due to a single, weak password that was used across the board. This simple yet critical mistake highlights the importance of robust password management in protecting sensitive information.

Analyst 207
Refrigerated warehouse interior with frozen food storage units, some packages on floor, and a parked pallet jack.

Cyberattack Disrupts Japan's Frozen Food Supply Chain

A cyberattack has crippled Nichirei Group's operations, causing system failures and disrupting Japan's frozen food supply chain, with the company confirming it is struggling to resume shipments and operations. The incident has already impacted downstream customers, with Nichirei hoping to restore services by Friday.

Analyst 207
Rack-mounted SonicWall SMA1000 appliance in a typical office server closet.

Attackers Exploit Zero-Days in SonicWall Appliances

Cyber attackers are exploiting two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410, in SonicWall appliances, with ransomware attacks seemingly their ultimate goal. Rapid7's team has thwarted attempts at data exfiltration and encryption, but the threat remains.

Analyst 207
Formal law enforcement setting with natural daylight through tall windows.

Dutch Police Disrupts €100 Million Investment Fraud Ring

Dutch police have cracked down on a massive €100 million investment fraud ring, arresting multiple suspects, including a 46-year-old Israeli-Polish national with a notorious hacking past. The international sweep resulted in detentions across Cyprus, Greece, and Belgium, with authorities vowing to bring the alleged perpetrators to justice.

Analyst 207
Cluttered electronics lab with IoT devices and computer equipment scattered across workbenches.

TuxBot Evolution Shows AI-Assisted IoT Botnet Development

Researchers just uncovered a cutting-edge IoT botnet framework, TuxBot v3 Evolution, that leverages AI to streamline its development - but surprisingly, the AI also slipped in a crucial safety disclaimer that was left intact. This innovative framework combines old-school botnet tactics with modern tools, making it a potent threat.

Analyst 207
Dental clinic back office with computer workstation and equipment.

Google's Gemini CLI Exploited in Botnet Operation

A Russian-speaking hacker, known as "bandcampro", cleverly exploited Google's open-source Gemini CLI AI tool to create a small but powerful botnet, taking control of eight systems at a dental clinic and breaching the OpenDental database. The AI tool even helped the hacker troubleshoot problems and optimize operations in real-time, making it a highly effective accomplice in the cyber attack.

Analyst 207
Person at desk with laptop and hardware wallet, laptop screen blurred, wallet app shows suspicious recovery page.

OkoBot Malware Targets Hardware Wallets with Seed Phrase Phishing

Beware of OkoBot malware, a sneaky threat that's been targeting hardware wallet users since April 2025, tricking hundreds of victims in over 25 countries into divulging their seed phrases through clever phishing tactics. This malicious software can even infiltrate legitimate wallet apps like Ledger and Trezor, replacing their interfaces with fake recovery pages.

Analyst 207
Government officials gather in a briefing room for a warning about exploited Microsoft SharePoint server vulnerabilities.

CISA Warns of Actively Exploited SharePoint Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of three SharePoint vulnerabilities, including CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, that are being actively exploited by attackers. These flaws, affecting on-premises SharePoint Server installations, pose a significant threat, with one remote code execution flaw rated 8.8 in severity.

Analyst 207
Compromised software development environment with laptop and papers, hinting at a supply-chain intrusion.

Malicious AsyncAPI Packages Target npm Users with Credential-Stealing Malware

On July 14, a supply-chain intrusion briefly introduced trojanized AsyncAPI packages into the npm ecosystem, putting users at risk of credential-stealing malware. Five malicious releases in the @asyncapi namespace were downloaded hundreds of thousands of times during a four-hour window.

Analyst 207
A typical office cubicle with a laptop and stack of blank greeting cards on the desk.

Phishing Campaign Exploits eCards to Deploy Legitimate RMM Tools

A massive six-month phishing campaign, dubbed SeasonalInvite, used fake electronic greeting cards to trick victims into installing legitimate remote monitoring and management software on their devices. Over 959 domains were used in this scam, which went undetected from January to June 2026.

Analyst 207
Rows of computer equipment and cables in a bright, modern lab with a laptop screen in the foreground.

AI-Powered Tool Discovers Zero-Day in WordPress Plugin

Meet the AI-powered tool that just discovered a zero-day vulnerability in a popular WordPress plugin, and learn how its automated pipeline can detect and exploit weaknesses in code. This game-changing technology can extract sensitive data, like password hashes and secret tokens, from live databases.

Analyst 207
Windows laptop on a desk with a blank screen, surrounded by papers and a pen, conveying a sense of vulnerability.

Microsoft Faces New Zero-Day Exploit Disclosure Amid Ongoing Security Dispute

A security researcher has unveiled a proof-of-concept exploit, called LegacyHive, that targets a vulnerability in Windows User Profile Service, allowing for a potential elevation of privileges. This newly disclosed exploit requires just a standard user credential and a third username to launch.

Analyst 207
Office worker sits at desk with laptop, showing subtle concern on face.

Ransomware Attacks Surge Through Compromised Logins

Ransomware attacks are surging, with a staggering 79% of incidents linked to compromised identities and legitimate user logins, making it the most common entry point for hackers. This marks a significant shift away from traditional software flaw exploitation, now accounting for just 18% of initial attacks.

Analyst 207
Researcher in dimly lit setting examines laptop screen displaying potential security exploit.

Nightmare Eclipse Unveils Windows Zero-Day Exploit

A security researcher is sounding the alarm about a newly unveiled Windows zero-day exploit, dubbed LegacyHive, which targets the Windows User Profile Service and could allow for a full system compromise. The proof-of-concept exploit, published by a zero-day hunter known as NightmareEclipse, is just a glimpse of the potential damage this vulnerability could cause.

Analyst 207
Cluttered developer workstation with laptop, papers, and coffee cups.

OkoBot Malware Targets Crypto Users Worldwide

Meet OkoBot, a sneaky malware framework that's got crypto users worldwide in its crosshairs, with over 20 malicious payloads and implants that can be assembled in different ways to wreak havoc. It spreads through clever tactics like ClickFix attacks and fake GitHub packages masquerading as legitimate software.

Analyst 207
Cluttered electronics lab with computer parts and networking equipment.

TuxBot Exposes IoT Botnet Framework With LLM-Assisted Development

Meet TuxBot, a cutting-edge IoT botnet framework that's equipped with a powerful arsenal of tools, including 1,496 username/password pairs for Telnet brute-forcing and a highly adaptable bot that can target a wide range of devices. This sophisticated framework is capable of automating attacks and can be easily customized to wreak havoc on a massive scale.

Analyst 207
Cluttered computer workstation with coding books and notes, laptop screen blank.

Compromised AsyncAPI Packages Deliver Multi-Stage Botnet Malware

Malicious actors have compromised several AsyncAPI packages, delivering a sophisticated multi-stage botnet malware that uses a command framework with six independent communication channels. The affected packages include @asyncapi/generator-helpers, @asyncapi/generator-components, @asyncapi/generator, and @asyncapi/specs in specific versions.

Analyst 207
Government official stands before large screen displaying warning message about exploited system vulnerabilities.

CISA Warns of Actively Exploited SharePoint Flaws

Don't let your SharePoint servers become an easy target: over 800 Internet-exposed servers remain unpatched against actively exploited vulnerabilities, including CVE-2026-32201 and CVE-2026-45659. Act now to protect your systems from potential attacks.

Analyst 207
Federal courthouse interior with subtle law enforcement presence.

US Charges Russian Nationals for Bulletproof Hosting Services

US authorities have charged three Russian nationals with operating illicit bulletproof hosting services that enabled cybercrime, affecting victims across 21 states, including banks, schools, hospitals, and media companies. The accused, Aleksandr Volosovik, Yulia Pankova, and Kirill Zatolokin, allegedly facilitated a range of malicious activities through their services.

Analyst 207
Network equipment room with racked device, cables, and blurred management console.

SonicWall Zero-Days Exploited, Enable Admin Command Execution

SonicWall is urging immediate action to fix two zero-day vulnerabilities in its Secure Mobile Access (SMA) 1000 series appliances, which are being actively exploited by attackers to execute admin-level commands. These critical flaws, tracked as CVE-2026-15409 and CVE-2026-15410, could compromise your system's security if not patched right away.

Analyst 207
Empty government network operations room with rows of computer servers and scattered papers.

DHS Breach Exposes Flaws in Cyber Detection Process

A recent cyber incident at the Department of Homeland Security went undetected for weeks, despite raising red flags in not one, but two separate assessments that were initially dismissed as harmless. The breach, which occurred on the Homeland Security Information Network (HSIN), highlights alarming flaws in the cyber detection process.

Analyst 207
Server room with rows of out-of-focus servers, symbolizing disrupted VPN service.

Treasury Disrupts Ransomware Networks with Sanctions on VPN Service

The US Treasury Department has cracked down on a notorious VPN service, 1VPNS, and its alleged administrators, sanctioning them for enabling ransomware groups to launch devastating attacks on US companies and institutions. This move disrupts the cybercriminal ecosystem, cutting off a key tool used to hide attack origins, deploy malware, and manage stolen data.

Analyst 207