#persistent-threat-actors
#persistent-threat-actors

US news

Law enforcement is trying to combat abusive AI. Experts say easier said than done

20 hours ago

Triad Nexus Evades Sanctions to Fuel Cybercrime

Triad Nexus is a cybercrime network responsible for over $200 million in losses through scams and money laundering, using various techniques to evade sanctions.

fromwww.npr.org

US news

Law enforcement is trying to combat abusive AI. Experts say easier said than done

20 hours ago

Triad Nexus Evades Sanctions to Fuel Cybercrime

Triad Nexus is a cybercrime network responsible for over $200 million in losses through scams and money laundering, using various techniques to evade sanctions.

This simple email trick saves me from annoying marketing spam (and it's free to do)

Using a dedicated shopping email can effectively reduce spam and clutter in your primary inbox.

Man stole thousands from delivery workers to invest in bogus delivery app | amNewYork

Mauricio Sevilla pleaded guilty to defrauding food delivery workers out of $7,500 in a fake investment scheme for a non-existent app.

fromArs Technica

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect defrauded Americans of $8 million through a fraudulent payment processing scheme over four years.

NYC startup

fromwww.amny.com

10 hours ago

Man stole thousands from delivery workers to invest in bogus delivery app | amNewYork

Mauricio Sevilla pleaded guilty to defrauding food delivery workers out of $7,500 in a fake investment scheme for a non-existent app.

fromArs Technica

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect defrauded Americans of $8 million through a fraudulent payment processing scheme over four years.

DOJ: Man Who Attacked Sam Altman's House Threatened to Kill Other Tech CEOs | KQED

A Texas man faces charges for attempted murder of OpenAI CEO Sam Altman after violent attacks at his home and company headquarters.

#cybersecurity

Silicon Valley

The Dumbest Hack of the Year Exposed a Very Real Problem

fromYahoo Tech

Privacy technologies

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

fromSecuritymagazine

Information security

Pro-Iranian Actor Claims L.A. Metro Cyberattack

Privacy professionals

First they went after medtech, then Kash Patel. Iranian hackers' next target is likely 'low-hanging fruit' in water, energy, and tourism, experts say | Fortune

fromFast Company

Why the Iran cyberattack everyone warned about hasn't really happened yet

Iran-linked hackers have conducted minor cyberattacks in the U.S. but have focused on other regions with more significant incursions.

22 hours ago

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

A cluster of 108 malicious Chrome extensions collects user data and injects ads, compromising browser security.

Silicon Valley

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.

Privacy technologies

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

fromSecuritymagazine

Information security

Pro-Iranian Actor Claims L.A. Metro Cyberattack

First they went after medtech, then Kash Patel. Iranian hackers' next target is likely 'low-hanging fruit' in water, energy, and tourism, experts say | Fortune

Iran-linked hackers are targeting high-profile figures and critical infrastructure in the U.S. and Israel to sow disruption.

fromFast Company

Why the Iran cyberattack everyone warned about hasn't really happened yet

Iran-linked hackers have conducted minor cyberattacks in the U.S. but have focused on other regions with more significant incursions.

22 hours ago

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

A cluster of 108 malicious Chrome extensions collects user data and injects ads, compromising browser security.

more#cybersecurity

EU data protection

fromComputerWeekly.com

UK reliance on US big tech companies is 'national security risk', claims report | Computer Weekly

The UK is at risk due to over-reliance on US tech companies for critical infrastructure, impacting national security.

Apple

5 days ago

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Cryptocurrency

International Operation Targets Multimillion-Dollar Crypto Theft Schemes

Operation Atlantic targets multimillion-dollar cryptocurrency theft, freezing $12 million in stolen assets and identifying over $45 million in stolen funds.

fromTechCrunch

6 days ago

Hack-for-hire group caught targeting Android devices and iCloud backups | TechCrunch

A hack-for-hire group is targeting journalists and officials in the Middle East and North Africa using phishing and spyware tactics.

World politics

2 weeks ago

We Are At War

Rising geopolitical tensions are increasingly intertwined with cyber operations and the politicization of technology.

Ransomware scum, other crims exploit 4 old Microsoft bugs

Four Microsoft vulnerabilities are actively exploited, including one from 2012, prompting CISA to urge federal agencies to patch them within two weeks.

DevOps

2 weeks ago

Documentation can contain malicious instructions for agents

Context Hub may enhance API usage but poses risks of software supply chain attacks through unverified documentation.

#microsoft

fromZero Day Initiative

13 hours ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

fromZero Day Initiative

13 hours ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The FBI and Indonesian National Police dismantled a global phishing operation using the W3LL toolkit, preventing over $20 million in fraud.

3 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Information security

Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

21 hours ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The FBI and Indonesian National Police dismantled a global phishing operation using the W3LL toolkit, preventing over $20 million in fraud.

3 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Information security

Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

Kraken insider extortion reveals remote work security blind spot

Kraken experienced an insider security breach affecting 2,000 client accounts, highlighting vulnerabilities in remote-first working models.

fromBitcoin Magazine

Crypto Exchange Kraken Faces Extortion Attempt After Insider Access Incidents Involving Support Staff

Kraken experienced two insider-related security incidents but confirmed no systems were breached and no client funds were at risk.

fromFinbold

18 hours ago

Kraken insider extortion reveals remote work security blind spot

Kraken experienced an insider security breach affecting 2,000 client accounts, highlighting vulnerabilities in remote-first working models.

fromBitcoin Magazine

Crypto Exchange Kraken Faces Extortion Attempt After Insider Access Incidents Involving Support Staff

Kraken experienced two insider-related security incidents but confirmed no systems were breached and no client funds were at risk.

Information security

Fake Claude Website Distributes PlugX RAT

Information security

Fake Linux Foundation leader using Slack to phish devs

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Information security

Sophisticated CrystalX RAT Emerges

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.

fromAxios

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.

Artificial intelligence

fromFuturism

AI Tools Are Supercharging Hackers

AI systems are increasingly weaponized for cybercrime, enabling hackers to exploit vulnerabilities at scale with minimal technical expertise, as demonstrated by recent attacks on Mexican government networks and global firewall systems.

fromTechCrunch

FBI announces takedown of phishing operation that targeted thousands of victims | TechCrunch

The FBI dismantled a global phishing operation, W3LL, targeting over 17,000 victims and facilitating over $20 million in fraud.

fromTechCrunch

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

APT37 employs social engineering on Facebook to deliver RokRAT via a compromised PDF viewer.

fromArs Technica

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Mythos outperformed previous models in TLO tests, showing capability in attacking vulnerable systems but still facing limitations in complex scenarios.

15 hours ago

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

A new ad fraud scheme uses SEO techniques and AI-generated content to deceive users into enabling browser notifications for scams.

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

JanelaRAT malware targets financial institutions in Latin America, stealing sensitive data and employing advanced infection techniques.

#ai

Information security

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.

Android trojan linked to Cambodia following anomalous DNS spike

A banking Trojan operating from Cambodia registers 35 new domains monthly, targeting users in 21 countries and exploiting fake apps for fraud.

5 days ago

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

6 days ago

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Contagious Interview campaign targets Go, Rust, and PHP ecosystems with malicious packages that function as malware loaders.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

2 weeks ago

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

3 weeks ago

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

4 weeks ago

Security Firm Executive Targeted in Sophisticated Phishing Attack

A C-level executive at Outpost24 was targeted by a sophisticated phishing attack using the Kratos phishing-as-a-service kit that exploited legitimate services like Cisco and Nylas to bypass security defenses.

4 weeks ago

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Storm-2561 uses SEO poisoning and GitHub hosting to distribute trojans impersonating VPN software, stealing credentials through signed malware that evades detection.

fromComputerWeekly.com

Spyware suppliers exploit more zero-days than nation states | Computer Weekly

Historically, traditional state-sponsored cyber espionage groups have been the most prolific attributed users of zero-day vulnerabilities. [But] over the last few years, the increase of zero-day exploitation attributed to CSVs and their customers has demonstrated the growing ability of these vendors to provide zero-day access to a wider range of threat actors than ever before.

Information security

Researchers hack malware gang via its own weak spot

An XSS flaw in StealC’s web panel allowed takeover of operator sessions, revealing millions of stolen cookies, passwords, and YouTube-based malware distribution.

Why cyberattacks don't require advanced hacking

Poor cyber hygiene, weak identity security, overdue IT maintenance, and incomplete logging make organizations vulnerable to financially motivated attacks such as ransomware and email fraud.

Cyber Insights 2026: Cyberwar and Rising Nation State Threats

Entering the cyber world is stepping into a warzone. Cyber is considered a war zone, and what happens there is described as cyberwar. But it's not that simple. War is conducted by nations (political), not undertaken by criminals (financial). Both are increasing in this war zone we call cyber, but the political threat is growing fast. Cyberwar is a complex subject, and a formal definition is difficult.

Information security

Supply chain breaches fuel cybercrime cycle, report says

Cybercriminals are industrializing supply chain attacks into a self-reinforcing ecosystem combining package compromise, credential theft, identity attacks, and ransomware.