Skip to main content

Tag: nation state actors

81 articles

Rows of equipment racks in a brightly-lit IT facility with a single, out-of-focus figure in the foreground.

CISA Mandates Patching of Exploited Oracle Flaw by Saturday

Federal cyber authorities are sounding the alarm: a high-risk flaw in Oracle E-Business Suite, already being exploited by hackers, must be patched by Saturday to prevent takeover of vulnerable systems. Over 1,000 Internet-exposed instances are at risk, with more than half located in the United States.

Analyst 207
Formal law enforcement setting with natural daylight through tall windows.

Dutch Police Disrupts €100 Million Investment Fraud Ring

Dutch police have cracked down on a massive €100 million investment fraud ring, arresting multiple suspects, including a 46-year-old Israeli-Polish national with a notorious hacking past. The international sweep resulted in detentions across Cyprus, Greece, and Belgium, with authorities vowing to bring the alleged perpetrators to justice.

Analyst 207
Five cuffed individuals stand in a row in a neutral-colored institutional hallway.

UK Authorities Charge Five in Russian Coms Fraud Crackdown

In a major crackdown on Russian Coms Fraud, UK authorities have charged five individuals linked to a notorious platform that enabled scammers to hide their identities and swindle victims by impersonating trusted institutions. The platform, shut down in 2024, had been facilitating these deceitful calls since 2020.

Analyst 207
Man sits somberly in a courtroom or government agency setting, hands clasped or holding a document.

Armenian National Pleads Guilty to Ryuk Ransomware Conspiracy

Karen Serobovich Vardanyan, an Armenian national, has pleaded guilty to conspiracy charges for his role in a massive Ryuk ransomware scheme that raked in over $15 million in ransom payments from US-based organizations. The guilty plea marks a major win in the fight against cybercrime, as Vardanyan admitted to his part in the global extortion plot.

Analyst 207
Formal courthouse interior with documents and law enforcement items under daylight.

Ryuk Ransomware Operative Pleads Guilty, Faces 15-Year Sentence

A 34-year-old Armenian man, Karen Serobovich Vardanyan, has pleaded guilty to masterminding a brazen ransomware scheme that raked in around $15 million by infiltrating hundreds of computer networks and deploying Ryuk ransomware. Vardanyan's guilty plea comes after his extradition from Ukraine, where he was arrested in April 2025.

Analyst 207
Person sitting at desk, speaking on phone with concerned expression, blurred computer screen in background.

Hackers Exploit Microsoft Entra Passkey Enrollment in Voice Phishing Attacks

Hackers are using voice phishing attacks to trick Microsoft 365 users into enrolling a new Entra passkey, targeting multiple sectors including food and beverage, technology, and healthcare. They're registering domains with the word "passkey" to convincingly pose as legitimate Microsoft representatives.

Analyst 207
Defendant Angelo Martino sits in a federal courtroom, hands cuffed, with a somber expression.

Ransomware Negotiator Sentenced for Aiding BlackCat Extortions

A ransomware negotiator turned double agent, Angelo Martino, has been sentenced to 70 months in prison for betraying his clients and working with BlackCat to drive up ransoms for personal gain. Martino's shocking deceit involved selling out his clients' confidential negotiating positions to the very cybercriminals he was hired to thwart.

Analyst 207
Large office building with subtle tech infrastructure and blurred office workers in foreground.

Accenture Breach Exposes Source Code, Heightens Supply Chain Risk

Accenture's recent data breach, where 35GB of sensitive data including source code was stolen, shines a spotlight on the hidden risks of working with major consulting and services firms. As a trusted partner to businesses and governments worldwide, Accenture's breach heightens concerns about supply chain vulnerabilities.

Analyst 207
Cramped warehouse storage area with industrial computer equipment and tangled cables.

Ransomware Gang Exploits Supply Chain Attacks in New Partnership

Ransomware gangs are now operating like businesses, forming partnerships to supercharge their attacks - and a new alliance between Vect and TeamPCP is a prime example, combining massive credential theft with devastating ransomware-as-a-service operations. This unprecedented pairing puts organizations directly in the crosshairs.

Analyst 207
Law enforcement activity outside a federal building, suggesting a cybercrime case.

US Extradites Alleged Scattered Spider Member

In a major cybercrime crackdown, US authorities have extradited a 19-year-old suspect, Peter Stokes, for allegedly being part of the notorious Scattered Spider gang that has wreaked havoc on US companies, extorting employees and causing millions in losses. Stokes, a dual US-Estonian citizen, was arrested in Finland with incriminating evidence and is now in federal custody awaiting cybercrime charges.

Analyst 207
Dimly lit server room with a single bright laptop screen displaying a login interface.

FortiBleed exposes link between ransomware gangs

A major breakthrough in the fight against ransomware has been uncovered, revealing a direct link between ransomware gangs and the recent FortiBleed attack. Researchers have found a single operator working with multiple ransomware groups, using infrastructure tied to FortiBleed.

Analyst 207
Person working on laptop at bank desk with papers, surrounded by calm environment and natural daylight.

Ousaban Trojan Targets Iberian Bank Users with Sophisticated PDF Lures

Meet the Ousaban Trojan, a sneaky malware targeting banking customers in Spain and Portugal with clever PDF tricks. This sophisticated threat steals logins, hijacks sessions, and even takes remote control of infected computers.

Analyst 207
Dimly lit network closet with scattered outdated devices and cables.

RustDuck Botnet Evolves with Rust Rewrite to Evade Detection

Meet RustDuck, a sneaky botnet that's been evolving to evade detection since February 2026, tracked by researchers at QiAnXin's XLab. It gains a foothold by exploiting weak passwords, unpatched vulnerabilities, and targeting specific web software.

Analyst 207
Cramped office with people at desks surrounded by clutter and technology.

Ransomware Groups Adopt Corporate Structure to Extort Victims

Meet Black Basta, a ransomware group that operated like a corporate powerhouse, launching attacks on 520 victims across 39 industries and raking in at least $107 million in bitcoin payments. With a structured team, set schedules, and outsourced tasks, this syndicate's business model was surprisingly sophisticated.

Analyst 207
Dimly lit office cubicle with scattered papers, open laptop, and concerned coworkers in the background.

Huntress Insider Leak Exposes Potential Security Breach

A shocking security breach at Huntress has come to light, with a former analyst claiming that a colleague may have compromised the company's integrity by passing sensitive law enforcement communications to a notorious cybercriminal. The explosive allegations have left many questions unanswered about the breach and its potential impact.

Analyst 207
Law enforcement operation disrupts botnet infrastructure in a brightly-lit server room with rows of computer servers and…

Authorities dismantle Evil Corp's SocGholish botnet infrastructure

In a major win for cybersecurity, international authorities have joined forces to dismantle the notorious SocGholish botnet infrastructure, a multi-stage malware kit that had been exploited for ransomware campaigns and espionage since 2017. This coordinated effort has successfully disabled the malware's control points and seized related infrastructure.

Analyst 207
Hospital corridor with blurred patient room doors and a lone computer workstation.

INC Ransomware Targets 830+ Victims, Expands as Major RaaS Threat

The INC ransomware group has rapidly grown into a major threat, claiming over 830 victims since August 2023, with US organizations making up more than 65% of those affected. Sectors such as legal services, manufacturing, and healthcare are among the most targeted, as INC expands its reach as a prominent Ransomware as a Service (RaaS) operation.

Analyst 207
Cluttered computer workstation with laptop and cables in a small, cramped business office setting.

Hackers Exploit Tailscale for Persistent Access After C2 Takedown

Meet Poisson, a French-speaking hacker who left a digital trail of 339 commands over 33 days, revealing a clever exploit that allowed them to maintain persistent access to a small French automotive business even after a C2 takedown. The intruder's step-by-step playbook was surprisingly left in an open storage bucket, giving Cato Networks researchers a glimpse into their tactics.

Analyst 207
Government office interior with computer screen displaying abstract database representation.

ShinyHunters Breach Council of Europe in Oracle PeopleSoft Heist

The Council of Europe has fallen victim to a massive data breach, with hackers claiming to have stolen a whopping 297 GB of sensitive information, including HR records, payslips, and medical data, by exploiting a zero-day flaw in Oracle PeopleSoft. The ShinyHunters extortion group is behind the breach, boasting a haul of 429,000 files from the attack.

Analyst 207
Bustling Adriatic port with cargo yard and trucks, foreground shows blurred computer system.

Anubis Ransomware Targets Adriatic Port, Exposes Maritime Security Gaps

A ransomware attack by the Anubis group on the Adriatic Port Authority exposed significant gaps in maritime security, putting sensitive employee records and critical infrastructure at risk. The breach, which occurred on December 11, 2025, resulted in the loss of around 2% of the authority's data, with some information making its way to the dark web.

Analyst 207
Law enforcement officials stand in a brightly-lit press conference room with subtle hints of technology and cybersecurity…

FBI Disrupts AI-Powered Phishing Service with 1 Million URLs

In a major win for cyber safety, the FBI, Google, and Black Lotus Labs joined forces to dismantle Outsider Enterprise, a notorious phishing-as-a-service operation based in China that had been spreading fake text campaigns through 1 million URLs. This coordinated takedown seized key servers and accounts used by the threat actors.

Analyst 207
Defendant sits in federal court with blurred face, hands visible, in front of judge's bench and US flag.

Conti Ransomware Member Pleads Guilty to Cybercrimes

A longtime member of the notorious Conti ransomware group has pleaded guilty to cybercrimes in federal court, marking a major win for justice after the defendant's attacks caused millions of dollars in damage to people and businesses worldwide. Oleksii Oleksiyovych Lytvynenko, a 44-year-old Ukrainian national, admitted to developing malware and participating in Conti's ransomware campaign.

Analyst 207
Mobile phone on a plain surface with a blurred text message interface and a blurred cityscape in the background.

Google Disrupts Chinese Smishing Network Tied to AI-Generated Phishing Attacks

Google just took down a massive Chinese smishing network that used AI-generated phishing pages to scam millions of mobile users, and is now suing to dismantle the operation for good. The tech giant is teaming up with major carriers like AT&T, T-Mobile, and Verizon to block the fraudulent texts and shut down the Phishing-as-a-Service business.

Analyst 207
Formal proceedings setting with podium, laptop, and blurred emblem in daylight.

Ukrainian Hacker Pleads Guilty in Conti Ransomware Case

Meet Oleksii Lytvynenko, a Ukrainian hacker who just pleaded guilty to his role in the notorious Conti ransomware case, which targeted over 1,000 victims worldwide and raked in a staggering $150 million in ransom payments. He's now facing up to 20 years in prison for his involvement.

Analyst 207