Cybercrime

April 30, 2026

In December 2025, Kaspersky researchers detected a wave of malicious emails designed to look like official correspondence from the Indian tax service. A few weeks later, in January 2026, a similar campaign began targeting Russian organizations. Kaspersky have attributed this activity to the Silver Fox threat group. Both waves followed a nearly identical structure: phishing emails ...

April 30, 2026

Through ongoing analysis of ShadowPad implants targeting South and Southeast Asia, TrendAI Research has uncovered a series of new related campaigns that are tracked under a temporary intrusion set (a provisional cluster of related activity pending formal attribution) designated SHADOW-EARTH-053, which we assess to be aligned with China’s broader strategic interests. Trend Micro telemetry indicates that ...

April 30, 2026

More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date. Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 ...

April 29, 2026

Logistics technology company Pitney Bowes, which makes franking machines for US postage, is the latest scalp claimed by ShinyHunters and its ongoing spree of pay-or-leak attacks against major organizations. Data breach tracker Have I Been Pwned (HIBP) confirmed the breach on April 27, with 8.2 million unique email addresses included in the dump alongside names, phone ...

April 28, 2026

Medtronic, one of the biggest medical device manufacturers in the world, has confirmed suffering a cyberattack in which crooks “accessed data in certain Medtronic corporate IT systems.” In a security notification published on its website, Medtronic said the attack does not affect its customers or products, and also stressed it will continue operating as usual, without ...

April 28, 2026

Organizations hit by the wave of Trivy and Lite LLM supply-chain compromises that paid Vect in hopes of recovering their data likely did not get much back, according to Check Point Research. That’s because the ransomware Vect uses isn’t actually ransomware at all, but a wiper that destroys any file larger than 128KB. Vect’s leak site ...

April 27, 2026

A home security biz getting digitally burgled is not a great look – but that’s exactly where ADT finds itself. The company has confirmed a cyber intrusion following an extortion attempt by the ShinyHunters crew, which claims to have made off with more than 10 million records. US-based ADT is one of the world’s largest providers ...

April 27, 2026

Xu Zewei (徐泽伟), 34, of the People’s Republic of China was extradited to the United States this weekend and appeared today in U.S. District Court in Houston on a nine-count indictment related to his involvement in computer intrusions between February 2020 and June 2021. Certain of those computer intrusions allegedly are part of the HAFNIUM computer ...

April 24, 2026

Infosec outfit SentinelOne found malware that tries to induce errors in engineering and physics simulation software and therefore represents an attempt at sabotage, and suggests it was created years before the Stuxnet worm that aimed to destroy Iran’s uranium enrichment centrifuges. The company’s Vitaly Kamluk discussed the malware in a talk at the Black Hat Asia ...

April 23, 2026

Health information belonging to 500,000 people in the United Kingdom has been stolen and offered for sale on the Chinese website Alibaba, the UK’s technology minister Ian Murray has confirmed. The medical data comes from participants of UK Biobank, the world’s most comprehensive dataset of biological, health, and lifestyle information, compiled from volunteers and used by ...