Emerging Threats

The Gentlemen Ransomware Expands Reach with Lucrative Affiliate Model
Meet The Gentlemen, a ransomware group that's rapidly risen to notoriety with a game-changing affiliate model that dishes out a whopping 90% payout to its partners. This lucrative approach has helped them scale from a small operation to one of 2026's most active ransomware-as-a-service programs in record time.

Progress Disrupts ShareFile Storage Over Unspecified Security Threat
Progress Software has urgently advised ShareFile customers to take their Windows servers offline due to a credible external security threat, acting swiftly to protect user data despite having no evidence of unauthorized access. The company is working closely with security experts to resolve the issue and restore services.

GitHub Compromise Injects Malicious npm Packages with Wallet-Key-Stealing Code
A malicious actor hijacked a trusted GitHub account and used it to inject wallet-key-stealing code into 18 npm packages, including Injective Labs' SDK, by exploiting the project's pipeline. This sneaky move allowed the attacker to spread the backdoor through a series of seemingly legitimate updates.

Microsoft Uncovers GigaWiper Backdoor with Ransomware, Wiping Capabilities
Microsoft has uncovered a highly destructive backdoor, dubbed GigaWiper, which combines ransomware and wiping capabilities, marking a concerning shift in the evolution of wiper malware. This modular threat can both extort and destroy, posing significant real-world consequences.

Ryuk Ransomware Operative Pleads Guilty, Faces 15-Year Sentence
A 34-year-old Armenian man, Karen Serobovich Vardanyan, has pleaded guilty to masterminding a brazen ransomware scheme that raked in around $15 million by infiltrating hundreds of computer networks and deploying Ryuk ransomware. Vardanyan's guilty plea comes after his extradition from Ukraine, where he was arrested in April 2025.

Progress Warns ShareFile Customers of Credible Security Threat
Progress Software has alerted ShareFile customers to a credible external security threat targeting their Storage Zone Controllers, prompting an urgent directive to take immediate action. To protect themselves, customers are advised to shut down their Windows servers hosting these controllers right away.

Dutch Police Expose Suspects in Odido Hacking Case
The Dutch National Police have cracked the Odido hacking case, revealing that suspects impersonated an IT employee in a phone call with customer service, tricking the company into divulging sensitive info through phishing. This clever ruse led to a massive data theft in February.

Bulgarian Money Launderer Accused of Stealing Seized Crypto
Rossen G. Iossifov, already serving 121 months for a money laundering scheme, now faces new charges for allegedly trying to steal $290,000 in government-seized cryptocurrency while behind bars. He and his co-conspirators are accused of moving the digital assets to prevent seizure, according to a federal indictment in Kentucky.

Laser Attack Exploits Tangem Wallet's Unpatchable Flaw
A newly discovered exploit allows attackers to reset the password on Tangem crypto-wallet cards using a precisely timed laser pulse, giving them full control over the wallet and its contents. This physical attack, which requires specialized equipment and possession of the card, leaves all existing Tangem cards vulnerable and unfixable by software.

Microsoft Exposes GigaWiper Malware's Dual Espionage, Destructive Capabilities
Microsoft researchers have uncovered a highly sophisticated malware, GigaWiper, that masterfully combines espionage and destructive capabilities, allowing threat actors to operate efficiently and wreak havoc on infected systems. This multi-purpose backdoor enables attackers to quietly gather intel while packing a punch with its suite of destructive options.

Hackers exploit auth bypass in Gitea Docker image
Hackers are actively exploiting a critical flaw in the Gitea Docker image, using a single header to bypass authentication and gain access - and security teams are only just catching on. In fact, researchers detected the first real-world hit just 13 days after the vulnerability was disclosed.

AI Surveillance Poses Profound Threat to Social Progress
Imagine a world where AI surveillance systems don't just watch, but also notice, record, and punish even the smallest infractions - essentially becoming automated enforcers that can fine you on the spot. China is already demonstrating the power and pitfalls of this technology, using it to publicly shame and penalize citizens who step out of line.

Silver Fox Deploying Advanced Modular RAT via gRPC Streaming
Meet MODBEACON, a sneaky new Remote Access Trojan linked to the Silver Fox cybercrime group, capable of secretly fetching modules, executing commands, and communicating with attackers. This advanced threat uses a plugin-based architecture and encrypted gRPC streaming to stay one step ahead.

AI Agents Expose Identity Security Gap
The alarming truth is that security systems, designed with people in mind, are failing to protect against AI agents - and the consequences are stark. A single compromised machine identity can become a gateway to a vast array of sensitive information, as a recent breach involving an OAuth token and hundreds of organizations painfully illustrates.

Ransomware Evolves, Exploits Microsoft Driver to Evade Defenses
The GodDamn ransomware group is stepping up its game, using a newly discovered malicious driver called PoisonX to cleverly evade defenses and continue its attacks. This latest tactic is part of an ongoing evolution of the Hyadina ransomware family, which has been wreaking havoc since 2022.

Hackers Exploit Microsoft Entra Passkey Enrollment in Voice Phishing Attacks
Hackers are using voice phishing attacks to trick Microsoft 365 users into enrolling a new Entra passkey, targeting multiple sectors including food and beverage, technology, and healthcare. They're registering domains with the word "passkey" to convincingly pose as legitimate Microsoft representatives.

Exposed Server Unveils WP-SHELLSTORM's Massive WordPress Backdoor Operation
For 22 days, a US-based server sat exposed on the public internet with no password, revealing a massive WordPress backdoor operation that targeted over 1.4 million domains. The astonishing discovery included scans, exploits, and command history, giving a rare glimpse into the playbook of a notorious hacking group.

Miinto Breach Exposes Customer Order Data to Unauthorized Access
Miinto recently suffered a data breach, allowing unauthorized access to its internal order management system, potentially exposing your order data. The company has notified affected customers and taken steps to address the issue, reporting it to the police and relevant data protection authorities.

NHS Trust Investigates Email Data Breach Involving Maternity Patients
NHS Forth Valley is taking immediate action to investigate a data breach that exposed the personal details of around 150 women who used local maternity services, after a staff member accidentally sent the information to a personal email account. The breach has been contained, with the staff member confirming they've deleted the data, but an internal probe is underway to ensure no further risk.

Ransomware Negotiator Sentenced for Aiding BlackCat Extortions
A ransomware negotiator turned double agent, Angelo Martino, has been sentenced to 70 months in prison for betraying his clients and working with BlackCat to drive up ransoms for personal gain. Martino's shocking deceit involved selling out his clients' confidential negotiating positions to the very cybercriminals he was hired to thwart.

Attackers Drain $3.1 Million Using 'Ill Bloom' Crypto Wallet Flaw
A single coordinated attack exploited the Ill Bloom flaw on May 27, draining a staggering $3.1 million from 431 wallets in a single day. This shocking theft was made possible by a weak random-number generator in certain wallet software that created easily guessable recovery phrases.

Ex-Con Ransomware Negotiator Sentenced for BlackCat Attacks
A former ransomware negotiator, Angelo Martino, has been sentenced to 70 months in prison for his role in a string of BlackCat ransomware attacks that targeted multiple victims between 2023 and 2025. Martino's guilty plea brings to justice a key player in the notorious ALPHV ransomware gang.

Interpol Disrupts Global Cybercrime Network, Arrests 5,800
In a major crackdown on global cybercrime, Interpol's Operation First Light has led to the arrest of 5,800 individuals and the seizure of $293 million, highlighting the power of international cooperation in the fight against online scams. This huge success shows that when countries work together, they can make a real difference in keeping people safe from cyber threats.

Ransomware Negotiator Sentenced for Duping Clients in $75.3 Million Extortion Scheme
A trusted ransomware negotiator turned double agent, Angelo Martino betrayed his clients, funneling their confidential info to BlackCat affiliates and lining his pockets with a share of their ransoms, leaving a trail of devastated businesses in his wake. His deceit raked in $75.3 million for him and his co-conspirators.