Tag: nation state actors
81 articles

Dark Web Exposes Early Warning Signs of Supply-Chain Attacks
Attackers are quietly buying and selling access to trusted integrations, developer accounts, and unattended credentials on the dark web, revealing early warning signs of supply-chain attacks. Monitoring underground forums for these subtle signals can help flag potential risks long before a breach makes headlines.

Google Sues Alleged Chinese Phishers Over AI-Powered Fraud Ops
Google is taking a stand against scammers, suing a Telegram-based group called "Outsider Enterprise" for allegedly sending millions of AI-powered scam texts and impersonating trusted brands. The lawsuit aims to put a stop to their large-scale fraud operations.

ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach 100 Orgs
ShinyHunters, a notorious data theft group, claims to have exploited a critical Oracle PeopleSoft zero-day vulnerability, CVE-2026-35273, to breach over 100 organizations, including the University of Nottingham. The group allegedly stole sensitive data, posting some of it on their leak site.

Gentlemen Ransomware Spreads Globally, Targets 478 Victims
Meet The Gentlemen, a notorious ransomware group with a sprawling affiliate program that's left 478 victims in its wake, exploiting modern vulnerabilities with alarming speed and flexibility. Led by a single Russian-language operator, LARVA-368, this cybercrime powerhouse has been wreaking havoc since March 2025.

Ransomware Gang 'The Gentlemen' Traced to Suspected Russian Operator
Meet The Gentlemen, a notorious ransomware gang that's rapidly growing in power thanks to its unusually generous 90/10 affiliate revenue split, outshining the industry standard 80/20 and attracting top talent from rival groups. This bold move has catapulted them to become the second most active ransomware group, with over 332 reported victims since mid-2025.

Operational Technology Cybersecurity Gaps Persist Despite Growing Maturity
Many industrial organizations are bolstering their operational technology security, but a significant gap remains: 23% of respondents only have visibility into half of their OT environment. This blind spot leaves them vulnerable to ransomware, nation-state actors, and other cyber threats.

Qilin Ransomware Breach Tally Grows with Essex Trust Confirmation
Two years after a devastating ransomware attack, the NHS breach count continues to grow, with an Essex trust now confirming that sensitive patient records were stolen by the notorious Qilin gang. The incident serves as a stark reminder that the impact of this cyberattack is still being felt, with hospitals working tirelessly to identify and warn affected patients.

Microsoft Revives Vulnerability Disclosure Debate with Researcher Crackdown
Microsoft is stirring up controversy in the vulnerability disclosure debate, clashing with a security researcher over the responsible handling of zero-day vulnerabilities. The tech giant's strong response, including threats of legal action, has sparked heated discussion on coordinated disclosure.

FIFA World Cup Scams Explode Ahead of 2026 Kickoff
As the 2026 FIFA World Cup approaches, scammers are kicking off their own game, with over 4,300 fraudulent domains and countless ticket scams, counterfeit merchandise, and banking malware already in circulation. With ticket requests exceeding 150 million and millions of fans eagerly awaiting kickoff, attackers are cashing in on scarcity and anxiety.

Ransomware Gang Pink Exploits Helpdesk Calls to Steal Credentials
Meet Pink, a notorious ransomware gang that's exploiting helpdesk calls to steal sensitive credentials using clever tactics like vishing and IT impersonation. They're using these stolen secrets to exfiltrate valuable data from enterprise cloud storage and productivity systems, leaving victims with a tough choice: pay up or face the consequences.

Chinese Hackers Deploy Atlas RAT in Europe With Heightened Cyberattacks
Chinese hackers have significantly ramped up cyberattacks in Europe, with a financially motivated group, tracked as TA4922, launching a high volume of unique campaigns targeting countries including Germany, Italy, and the UK. This surge in activity, which began in March, has been marked by unprecedented diversity in tactics and objectives, including fraud, data theft, and network breaches.

Hackers Exploit Instagram AI Chatbot to Hijack User Accounts
Hackers recently tricked Instagram's AI chatbot into handing over account controls, highlighting a critical vulnerability in AI agent authorization - a problem that's proving tougher to crack than authentication. By falsifying user locations and manipulating the chatbot, attackers were able to change account email addresses and passwords.

FBI Disrupts Online Child Abuse Ring Linked to Violent Extremist Collective
The feds have taken down a predator, arresting a Tennessee man linked to a violent extremist collective for exploiting vulnerable children online. Zachary Sweeney, 30, faces up to 50 years in prison for his heinous crimes, including sexual exploitation and distributing child abuse material.

Threat Actors Exploit ChatGPT Sharing Feature to Deliver Malware
Malicious actors are exploiting ChatGPT's sharing feature to spread malware, using convincing fake outage messages to trick users into downloading malicious desktop applications. They even hijacked Google ads to make their scam look legit.

Carnival Cruise Data Breach Exposes 6 Million Customers
A recent data breach at Carnival Cruise, affecting 6 million customers, highlights the vulnerability of traditional security controls to social engineering tactics, where a single compromised employee device can lead to devastating consequences. This incident serves as a stark reminder of the human factor in cybersecurity, where threat actors exploit trust and impersonation to gain access to sensitive information.

Romanian Hacker Sentenced for Breaching Oregon Govt Network
A Romanian hacker has been sentenced to 56 months in prison for breaking into Oregon's state emergency-management network, stealing sensitive personal data, and selling it to buyers in the US. Catalin Dragomir, 46, pleaded guilty to aggravated identity theft and computer intrusion charges.

FBI Warns Law Firms of In-Person Extortion Tactics by Silent Ransom Group
The FBI is sounding the alarm for US law firms, warning them of a growing threat from the Silent Ransom Group, which targets the legal industry for its highly sensitive data and uses in-person extortion tactics. This group has been linked to a string of incidents, and the FBI is urging law firms to be vigilant.

FBI Warns of Kali365 Phishing Kit Targeting Microsoft 365 Users
The FBI is sounding the alarm on Kali365, a phishing kit that makes it easy for attackers to target Microsoft 365 users with AI-generated scams, automated templates, and real-time tracking. This powerful tool is lowering the bar for cybercriminals, allowing less tech-savvy attackers to launch sophisticated phishing campaigns.

Microsoft Disrupts Cybercrime Service Selling Code-Signing Certificates to Ransomware Gangs
Microsoft has disrupted a notorious cybercrime operation, dubbed Fox Tempest, that sold code-signing certificates to ransomware gangs, allowing them to disguise malware as legitimate Windows software. The operation, which created over 580 fake Microsoft accounts, has been linked to two individuals, John Doe 1 and John Doe 2, who allegedly traded in real, Microsoft-issued code-signing credentials.

Microsoft Disrupts Fox Tempest's Ransomware-Enabling Code-Signing Service
Microsoft's Digital Crimes Unit has successfully disrupted a notorious code-signing service used by cybercriminals, including the group behind Fox Tempest, to create fake IDs and gain easy access to systems. This operation has effectively shut down a key tool used by hackers to spread ransomware and malware.

BitLocker Zero-Day Exposes Windows Drives to Unauthorized Access
A security researcher, Chaotic Eclipse, has dropped a bombshell by releasing proof-of-concept code for two unpatched Windows vulnerabilities, citing frustration with Microsoft's handling of previous bug reports. This move exposes Windows drives to unauthorized access, even with TPM+PIN protection in place.

UK Water Utility Exposed: Hackers Hid Undetected for 20 Months
In a shocking revelation, hackers secretly lurked on South Staffordshire Water's corporate network for 20 months, evading detection until a performance issue sparked an investigation in July 2022. The stealthy attackers gained unauthorized access via a September 2020 phishing attack, harvesting credentials and even attempting to deploy ransomware before being finally uncovered.

ShinyHunters Targets Education Sector with School-by-School Ransom Push
ShinyHunters has launched a targeted ransom attack on the education sector, exploiting a vulnerability in Canvas Learning Management System to steal a staggering 275 million records from nearly 9,000 schools and universities. The timing couldn't be more critical, with exams already underway and academic years wrapping up.

NVIDIA Discloses GeForce NOW Breach Affecting Armenian Users
NVIDIA recently discovered a security breach affecting users of GeForce NOW in Armenia, which was caused by a compromised system operated by a third-party partner, not by NVIDIA's own network. The company is working closely with the partner to resolve the issue and notify affected users.