- Hack-for-hire group caught targeting Android devices and iCloud backups
April 8, 2026
Security researchers say they have identified a hack-for-hire group targeting journalists, activists, and government officials across the Middle East and North Africa. The hackers used phishing attacks to access targets’ iCloud backups and messaging accounts on Signal, and deployed Android spyware capable of taking over the targets’ devices. This hacking campaign highlights a growing trend of ...
- Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
April 7, 2026
Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley. This activity has led to PLC disruptions across several U.S. critical infrastructure sectors through malicious interactions with the project file and manipulation of data on human machine interface (HMI) and supervisory ...
- Watch how job interviewer exposes North Korean fake IT worker
April 6, 2026
For the last few years, North Koreans have gotten remote jobs at hundreds of Western companies pretending to be from somewhere else, using fake resumes, and sometimes with the help of American collaborators. It’s been a major problem for years, as North Korea remains highly sanctioned by the U.S. and European governments because of the regime’s ...
- Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
April 6, 2026
The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates high-velocity ransomware campaigns that weaponize N-days, targeting vulnerable, web-facing systems during the window between vulnerability disclosure and widespread patch adoption. Following successful exploitation, Storm-1175 rapidly moves from initial access to data exfiltration and deployment of Medusa ransomware, often within a few days and, ...
- SparkCat malware returns to target Android and iOS users, hiding in innocent apps to try and steal your details
April 6, 2026
SparkCat, a mobile-first infostealer that targets people’s cryptocurrencies, is back with new upgrades that make it more difficult to spot. Cybersecurity researchers Kaspersky claim to have found multiple apps both in the Apple App Store and the Google Play Store delivering the malware. Apple and Google app repositories are generally safe, and knowing the size and ...
- Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
April 3, 2026
In late March 2026open on a new tab, Anthropic inadvertently released the internal Claude Code source material as part of an npm package that included a large internal source map file. Although the incident stemmed from a simple packaging mistake, threat actors were quick to capitalize on the resulting attention. Only 24 hours after the ...
- vSphere and BRICKSTORM Malware: A Defender’s Guide
April 2, 2026
Building on recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), this post explores the evolving threats facing virtualized environments. These operations directly target the VMware vSphere ecosystem, specifically the vCenter Server Appliance (VCSA) and ESXi hypervisors. To help organizations stay ahead of these risks, we will focus on the essential hardening strategies and mitigating controls ...
- UK manufacturers under cyber fire with 80% reporting attacks
April 1, 2026
Nearly 80 percent of British manufacturers say they’ve been hit by a cyber incident in the past year, as new research suggests disruption on the factory floor is no longer an exception but business as usual. According to security outfit ESET, 78 percent of UK manufacturers admit to suffering at least one cyber incident in the ...
- A laughing RAT: CrystalX combines spyware, stealer, and prankware features
April 1, 2026
In March 2026, Kaspersky researchers discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with three subscription tiers. It caught the researchers attention because of its extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, ...
- Iran targets M365 accounts with password-spraying attacks
March 31, 2026
Suspected Iran-linked threat actors are conducting password-spraying attacks against hundreds of organizations, primarily Middle Eastern municipalities, in campaigns that security researchers believe may have been aimed at supporting bomb-damage assessment following missile strikes. Tel Aviv-based Check Point Research on Tuesday said that the attackers used multiple source IP addresses to target numerous Microsoft 365 accounts, affecting ...