Skip to main content

Emerging Threats

Dimly lit server closet with cluttered computer equipment and cables.

The Gentlemen Ransomware Expands Reach with Lucrative Affiliate Model

Meet The Gentlemen, a ransomware group that's rapidly risen to notoriety with a game-changing affiliate model that dishes out a whopping 90% payout to its partners. This lucrative approach has helped them scale from a small operation to one of 2026's most active ransomware-as-a-service programs in record time.

Analyst 207
Technician troubleshoots highlighted server in data center amidst concern.

Progress Disrupts ShareFile Storage Over Unspecified Security Threat

Progress Software has urgently advised ShareFile customers to take their Windows servers offline due to a credible external security threat, acting swiftly to protect user data despite having no evidence of unauthorized access. The company is working closely with security experts to resolve the issue and restore services.

Analyst 207
Developer workstation with code on laptop screen and GitHub/npm interface in background.

GitHub Compromise Injects Malicious npm Packages with Wallet-Key-Stealing Code

A malicious actor hijacked a trusted GitHub account and used it to inject wallet-key-stealing code into 18 npm packages, including Injective Labs' SDK, by exploiting the project's pipeline. This sneaky move allowed the attacker to spread the backdoor through a series of seemingly legitimate updates.

Analyst 207
System administrator working in server room with laptop displaying system interface.

Microsoft Uncovers GigaWiper Backdoor with Ransomware, Wiping Capabilities

Microsoft has uncovered a highly destructive backdoor, dubbed GigaWiper, which combines ransomware and wiping capabilities, marking a concerning shift in the evolution of wiper malware. This modular threat can both extort and destroy, posing significant real-world consequences.

Analyst 207
Formal courthouse interior with documents and law enforcement items under daylight.

Ryuk Ransomware Operative Pleads Guilty, Faces 15-Year Sentence

A 34-year-old Armenian man, Karen Serobovich Vardanyan, has pleaded guilty to masterminding a brazen ransomware scheme that raked in around $15 million by infiltrating hundreds of computer networks and deploying Ryuk ransomware. Vardanyan's guilty plea comes after his extradition from Ukraine, where he was arrested in April 2025.

Analyst 207
Windows server hardware in a data center with urgent atmosphere.

Progress Warns ShareFile Customers of Credible Security Threat

Progress Software has alerted ShareFile customers to a credible external security threat targeting their Storage Zone Controllers, prompting an urgent directive to take immediate action. To protect themselves, customers are advised to shut down their Windows servers hosting these controllers right away.

Analyst 207
Dutch National Police officer stands in formal briefing room with agency emblem and cityscape in background.

Dutch Police Expose Suspects in Odido Hacking Case

The Dutch National Police have cracked the Odido hacking case, revealing that suspects impersonated an IT employee in a phone call with customer service, tricking the company into divulging sensitive info through phishing. This clever ruse led to a massive data theft in February.

Analyst 207
Courthouse interior with subtle crypto symbols, conveying institutional enforcement.

Bulgarian Money Launderer Accused of Stealing Seized Crypto

Rossen G. Iossifov, already serving 121 months for a money laundering scheme, now faces new charges for allegedly trying to steal $290,000 in government-seized cryptocurrency while behind bars. He and his co-conspirators are accused of moving the digital assets to prevent seizure, according to a federal indictment in Kentucky.

Analyst 207
Close-up of Tangem crypto-wallet card on lab bench with laser device in background.

Laser Attack Exploits Tangem Wallet's Unpatchable Flaw

A newly discovered exploit allows attackers to reset the password on Tangem crypto-wallet cards using a precisely timed laser pulse, giving them full control over the wallet and its contents. This physical attack, which requires specialized equipment and possession of the card, leaves all existing Tangem cards vulnerable and unfixable by software.

Analyst 207
Cluttered workspace with laptop and technical instruments in a modern research facility.

Microsoft Exposes GigaWiper Malware's Dual Espionage, Destructive Capabilities

Microsoft researchers have uncovered a highly sophisticated malware, GigaWiper, that masterfully combines espionage and destructive capabilities, allowing threat actors to operate efficiently and wreak havoc on infected systems. This multi-purpose backdoor enables attackers to quietly gather intel while packing a punch with its suite of destructive options.

Analyst 207
Brightly-lit server in a data center with a network operations setting.

Hackers exploit auth bypass in Gitea Docker image

Hackers are actively exploiting a critical flaw in the Gitea Docker image, using a single header to bypass authentication and gain access - and security teams are only just catching on. In fact, researchers detected the first real-world hit just 13 days after the vulnerability was disclosed.

Analyst 207
Modern surveillance camera on a streetlamp captures pedestrians and vehicles in a crowded city street.

AI Surveillance Poses Profound Threat to Social Progress

Imagine a world where AI surveillance systems don't just watch, but also notice, record, and punish even the smallest infractions - essentially becoming automated enforcers that can fine you on the spot. China is already demonstrating the power and pitfalls of this technology, using it to publicly shame and penalize citizens who step out of line.

Analyst 207
Modern office interior with a clean desk and laptop workstation.

Silver Fox Deploying Advanced Modular RAT via gRPC Streaming

Meet MODBEACON, a sneaky new Remote Access Trojan linked to the Silver Fox cybercrime group, capable of secretly fetching modules, executing commands, and communicating with attackers. This advanced threat uses a plugin-based architecture and encrypted gRPC streaming to stay one step ahead.

Analyst 207
Blurred laptop on minimalist desk in neutral room conveys vulnerability.

AI Agents Expose Identity Security Gap

The alarming truth is that security systems, designed with people in mind, are failing to protect against AI agents - and the consequences are stark. A single compromised machine identity can become a gateway to a vast array of sensitive information, as a recent breach involving an OAuth token and hundreds of organizations painfully illustrates.

Analyst 207
Laptop in office setting with blank screen, subtle signs of disruption nearby.

Ransomware Evolves, Exploits Microsoft Driver to Evade Defenses

The GodDamn ransomware group is stepping up its game, using a newly discovered malicious driver called PoisonX to cleverly evade defenses and continue its attacks. This latest tactic is part of an ongoing evolution of the Hyadina ransomware family, which has been wreaking havoc since 2022.

Analyst 207
Person sitting at desk, speaking on phone with concerned expression, blurred computer screen in background.

Hackers Exploit Microsoft Entra Passkey Enrollment in Voice Phishing Attacks

Hackers are using voice phishing attacks to trick Microsoft 365 users into enrolling a new Entra passkey, targeting multiple sectors including food and beverage, technology, and healthcare. They're registering domains with the word "passkey" to convincingly pose as legitimate Microsoft representatives.

Analyst 207
Server room with rows of equipment and one exposed server in the foreground.

Exposed Server Unveils WP-SHELLSTORM's Massive WordPress Backdoor Operation

For 22 days, a US-based server sat exposed on the public internet with no password, revealing a massive WordPress backdoor operation that targeted over 1.4 million domains. The astonishing discovery included scans, exploits, and command history, giving a rare glimpse into the playbook of a notorious hacking group.

Analyst 207
Cluttered workspace with laptop and papers, blurred cityscape in background.

Miinto Breach Exposes Customer Order Data to Unauthorized Access

Miinto recently suffered a data breach, allowing unauthorized access to its internal order management system, potentially exposing your order data. The company has notified affected customers and taken steps to address the issue, reporting it to the police and relevant data protection authorities.

Analyst 207
Hospital corridor with computer and papers on a desk in the foreground.

NHS Trust Investigates Email Data Breach Involving Maternity Patients

NHS Forth Valley is taking immediate action to investigate a data breach that exposed the personal details of around 150 women who used local maternity services, after a staff member accidentally sent the information to a personal email account. The breach has been contained, with the staff member confirming they've deleted the data, but an internal probe is underway to ensure no further risk.

Analyst 207
Defendant Angelo Martino sits in a federal courtroom, hands cuffed, with a somber expression.

Ransomware Negotiator Sentenced for Aiding BlackCat Extortions

A ransomware negotiator turned double agent, Angelo Martino, has been sentenced to 70 months in prison for betraying his clients and working with BlackCat to drive up ransoms for personal gain. Martino's shocking deceit involved selling out his clients' confidential negotiating positions to the very cybercriminals he was hired to thwart.

Analyst 207
Crypto wallet and related technology on a desk in a brightly-lit office space.

Attackers Drain $3.1 Million Using 'Ill Bloom' Crypto Wallet Flaw

A single coordinated attack exploited the Ill Bloom flaw on May 27, draining a staggering $3.1 million from 431 wallets in a single day. This shocking theft was made possible by a weak random-number generator in certain wallet software that created easily guessable recovery phrases.

Analyst 207
Courthouse interior with judge's bench and row of chairs under natural daylight.

Ex-Con Ransomware Negotiator Sentenced for BlackCat Attacks

A former ransomware negotiator, Angelo Martino, has been sentenced to 70 months in prison for his role in a string of BlackCat ransomware attacks that targeted multiple victims between 2023 and 2025. Martino's guilty plea brings to justice a key player in the notorious ALPHV ransomware gang.

Analyst 207
Law enforcement officials gather around a table with a world map and computer screens displaying data.

Interpol Disrupts Global Cybercrime Network, Arrests 5,800

In a major crackdown on global cybercrime, Interpol's Operation First Light has led to the arrest of 5,800 individuals and the seizure of $293 million, highlighting the power of international cooperation in the fight against online scams. This huge success shows that when countries work together, they can make a real difference in keeping people safe from cyber threats.

Analyst 207
Government building interior with podium and judge's bench, symbolizing law enforcement and justice.

Ransomware Negotiator Sentenced for Duping Clients in $75.3 Million Extortion Scheme

A trusted ransomware negotiator turned double agent, Angelo Martino betrayed his clients, funneling their confidential info to BlackCat affiliates and lining his pockets with a share of their ransoms, leaving a trail of devastated businesses in his wake. His deceit raked in $75.3 million for him and his co-conspirators.

Analyst 207