Skip to main content

Emerging Threats

Courthouse interior with judge's bench and row of chairs under natural daylight.

Ex-Con Ransomware Negotiator Sentenced for BlackCat Attacks

A former ransomware negotiator, Angelo Martino, has been sentenced to 70 months in prison for his role in a string of BlackCat ransomware attacks that targeted multiple victims between 2023 and 2025. Martino's guilty plea brings to justice a key player in the notorious ALPHV ransomware gang.

Analyst 207
Law enforcement officials gather around a table with a world map and computer screens displaying data.

Interpol Disrupts Global Cybercrime Network, Arrests 5,800

In a major crackdown on global cybercrime, Interpol's Operation First Light has led to the arrest of 5,800 individuals and the seizure of $293 million, highlighting the power of international cooperation in the fight against online scams. This huge success shows that when countries work together, they can make a real difference in keeping people safe from cyber threats.

Analyst 207
Government building interior with podium and judge's bench, symbolizing law enforcement and justice.

Ransomware Negotiator Sentenced for Duping Clients in $75.3 Million Extortion Scheme

A trusted ransomware negotiator turned double agent, Angelo Martino betrayed his clients, funneling their confidential info to BlackCat affiliates and lining his pockets with a share of their ransoms, leaving a trail of devastated businesses in his wake. His deceit raked in $75.3 million for him and his co-conspirators.

Analyst 207
Government office interior with concerned officials in a public records room.

US County Pays $1M to Cyber Extortionists Amid Data Leak Threat

A US county recently made a shocking decision to pay $1 million to cyber extortionists, despite lacking concrete proof that the hackers had deleted the stolen data, after a month-long negotiation that began with a hefty demand of $3 million. The extortion group, Kairos, had threatened to leak sensitive information, prompting the county to make a counteroffer that was ultimately outweighed by the threat.

Analyst 207
Cluttered home office workspace with disrupted laptop and scattered papers.

OpenMandriva Linux Project Hit by Sabotage Attempt

Davide Beatrici, a leading developer of the Mumble app, has denied allegations of sabotage against the OpenMandriva Linux Project, claiming his actions were deliberate but not malicious. He admitted to deleting key repositories and pushing a package, but insists his moves were targeted, not hurtful.

Analyst 207
A developer's clutter-free workstation with laptop, notebook, and coffee cup, set against a blurred background with a hint…

npm Package Infects Developers with Cryptocurrency Wallet Stealer

A malicious npm package, downloaded a staggering 50,000 times weekly, was briefly infected with code that stole cryptocurrency wallet private keys and sensitive seed phrases, putting countless developers at risk. The attack was launched after a contributor's GitHub account was compromised, allowing the hackers to spread the poisoned code across multiple projects.

Analyst 207
Cluttered office workstation with laptop and peripherals, dimly lit with blurred screens.

Microsoft Exposes GigaWiper Backdoor's Triple Threat

Microsoft has uncovered a highly destructive backdoor, dubbed GigaWiper, which poses a triple threat to Windows systems, allowing attackers to silently spy and destroy machines in three different ways. This multi-purpose threat doesn't just crash systems - it gives attackers the power to choose how and when to render a machine irrecoverable.

Analyst 207
Cluttered home office desk with a lit computer terminal.

GitHub Accounts Used to Map Corporate Orgs in Stealthy Campaigns

Cyber attackers are using sneaky tactics, leveraging old or compromised GitHub accounts, to secretly map out corporate organizations and steal sensitive data. They're exploiting loopholes with automated tools and stolen tokens to quietly gather intel from GitHub APIs.

Analyst 207
Modern briefing room with podium, large window, and abstract wall emblems.

Cloud Bucket Hijacking Exposes Data Streams to Silent Compromise

In a major global sting operation, INTERPOL's Operation First Light 2026 led to the arrest of 5,811 individuals and the seizure of $293 million in illicit assets, highlighting the growing threat of transnational social engineering and money-laundering schemes. This coordinated effort involved 97 countries and territories, and resulted in the identification of over 142,000 victims and 15,606 suspects.

Analyst 207
Person sitting at desk, looking concerned while on phone call.

Helix Group Exploits SharePoint with Advanced Vishing Tactics

Helix Group hackers are using clever voice phishing tactics, often impersonating managers, to trick victims into handing over account access. They use a simple yet effective playbook, starting with a convincing phone call that sets the stage for a device-code phishing scheme.

Analyst 207
Blurred laptop screen with phishing email on a desk in a brightly-lit office setting.

Forg365 Phishing Platform Exploits AI to Target Microsoft 365 Accounts

Meet Forg365, a sneaky new phishing platform that uses AI to make it easy for hackers to target Microsoft 365 accounts and steal sensitive info. This phishing-as-a-service operation offers a range of tools, including AI-generated lures, to help cybercriminals launch convincing attacks.

Analyst 207
Rows of computer equipment racks and monitors in a server room, with a blank laptop screen in the foreground.

AI-Generated Malware Targets Active Directory Environments

Criminals are now leveraging AI to create malicious software, as seen in a recent case where an attacker used an AI-assisted PowerShell script to infiltrate an Active Directory environment. This emerging threat, dubbed "vibe coding," allows attackers to generate software by simply prompting a large language model in plain language.

Analyst 207
Empty desks and chairs in a brightly-lit office with a blurred computer terminal in the background.

Cyberattacks Exploit Summer Staffing Gaps

Cyberattacks surge by 40% during holiday periods, with summer being a prime target due to lighter staffing and slower business operations that create the perfect storm for cybercriminals to exploit. When teams are on vacation, attackers see an opportunity to probe for vulnerabilities and test response times.

Analyst 207
Cluttered office desk with laptop, monitor, and papers, in a large room with fluorescent lighting.

GodDamn Ransomware Exploits Signed Driver to Disable Endpoint Defenses

Ransomware attackers have taken a disturbing new tactic, using a malicious kernel driver signed by Microsoft to disable endpoint defenses and wreak havoc on systems. The PoisonX driver, identified as g11.sys, is a game-changer in ransomware operations, making it harder for security teams to detect and respond to threats.

Analyst 207
Law enforcement officer surrounded by seized electronic devices in a brightly-lit, formal setting.

Interpol Crackdown on Cybercrime Yields 5,800 Arrests Worldwide

In a major global sting operation, authorities in Eswatini seized 240 electronic devices, foreign currency, and a stunning replica of a Brazilian police station - complete with fake uniforms and equipment - as part of Interpol's Operation First Light 2026, which has led to 5,800 arrests worldwide. This massive crackdown on cybercrime was made possible through collaboration between 97 countries and territories, with support from Europol, Aseanapol, and GGCPol.

Analyst 207
Cluttered software development workspace with laptop, monitor, and papers.

Malicious AI Agents Infiltrate Open Source Repositories

A recent ESET study uncovered a staggering number of malicious AI agents hiding in plain sight within open-source repositories, with tens of thousands of suspicious instances and thousands more flagged as outright malicious. This alarming trend suggests a rapidly escalating threat landscape, with cyber attackers leveraging AI to plan, execute, and scale their attacks.

Analyst 207
Dimly lit government office with blurred computer screen and hint of ID card.

AssuranceAmerica Breach Exposes 6.9 Million Driver Records

On March 17, 2026, AssuranceAmerica detected a security breach that put 6.9 million driver records at risk, allegedly caused by a malicious attack on one of its employees on March 16, 2026. The company has begun notifying affected individuals about the breach.

Analyst 207
Dimly lit room with scattered devices and tangled cables suggests makeshift indoor operation.

Malicious 7-Zip Installers Fuel Residential Proxy Botnet

A shocking 773,087 unique IP addresses linked to SmartProxy were found in a public IP dataset, hinting at a massive residential proxy botnet. This staggering overlap raises serious concerns about the scope of a malicious operation dubbed Lurking Lizard.

Analyst 207
University server room with rows of computer equipment and subtle hints of a security breach.

Chinese Spies Exploit Roundcube Flaw to Breach University Servers

A recent series of university server breaches, attributed to a group called UNK_MassTraction, has exposed vulnerabilities in North American higher-education institutions, with potentially dozens more affected. The breach, linked to a flaw in Roundcube, is believed to be an ongoing campaign.

Analyst 207
Blurred laptop screen on a desk in a university hallway with students walking in the background, conveying a sense of…

Hackers Breach Mount Royal University, Expose Sensitive Data

Mount Royal University recently fell victim to a cyberattack that compromised sensitive data, with hackers accessing and stealing files from the university's network before deleting them. The breach, which occurred on June 17, has disrupted multiple university systems and may take weeks to fully recover from.

Analyst 207
Developer workstation with laptop and coding items, hinting at vulnerability with faint shadow and ajar window.

Malicious SDKs Target Paysafe, Skrill Users with Credential Theft

Beware of malicious software development kits (SDKs) masquerading as legitimate Paysafe, Skrill, and Neteller tools, designed to secretly steal your credentials. Researchers uncovered 17 fake packages on popular platforms, putting users at risk of credential theft.

Analyst 207
University hallway with generic furnishings and decor, daytime scene.

Hackers Exploit Roundcube Flaw to Target Academic Researchers

A new wave of cyber attacks linked to China is targeting academic researchers in the US and Canada, specifically those in physics, engineering, and national security-related fields, by exploiting a vulnerability in Roundcube webmail servers. The campaign, tracked as 'UNK_MassTraction', has been ongoing since May and has already hit several universities.

Analyst 207
Person sitting at desk with concerned expression, looking at phone near open laptop.

Phishing Campaign Targets Microsoft 365 Users with Voice-Based Entra Passkey Scam

Beware of scammers impersonating Microsoft 365, tricking users into enrolling a fake Entra passkey by mimicking the real enrollment portal and leveraging voice calls to urge action. This sneaky phishing campaign has been targeting multiple sectors since April, putting unsuspecting users at risk.

Analyst 207
Large office building with subtle tech infrastructure and blurred office workers in foreground.

Accenture Breach Exposes Source Code, Heightens Supply Chain Risk

Accenture's recent data breach, where 35GB of sensitive data including source code was stolen, shines a spotlight on the hidden risks of working with major consulting and services firms. As a trusted partner to businesses and governments worldwide, Accenture's breach heightens concerns about supply chain vulnerabilities.

Analyst 207