EU-UK sanctions target Russia over Europe-wide ‘vast cyber campaign’

The European Union and the UK have announced coordinated sanctions against Russia after accusing Moscow’s FSB intelligence agency of carrying out a cyber attack in December targeting Poland’s energy grid and orchestrating a wider campaign of digital sabotage across Europe. Read More …

Ukrainians are using VPNs to cause havoc in Russia by changing fuel station statuses on maps in a bid to cause chaos and confusion

A coordinated online campaign has reportedly encouraged users to alter fuel station information on digital maps across Russia, creating confusion among drivers. The activity involves changing station statuses by marking locations with available fuel as empty or showing closed stations Read More …

Supermarket chain Lidl warns customers after data leak

Unknown individuals managed to gain access to customer data held by the supermarket chain Lidl. The German company informed affected customers of this via email this week. Thus far, the supermarket chain has declined to say how many customers were Read More …

No Manners Here: The Ruthless Rise of The Gentlemen Ransomware

The Gentlemen (aka Storm-2697) is a Ransomware-as-a-Service (RaaS) program active since at least July 2025. Public reporting indicates that the operators were likely active months earlier as an affiliate (known as ArmCorp) of Qilin RaaS, which Unit 42 tracks as Read More …

Florida ransomware negotiator convicted for helping ransomware gang extort US companies

Florida man Angelo Martino has been sentenced to more than five years in prison for conspiring with hackers to deploy ransomware during his job as a ransomware negotiator for a U.S. cybersecurity company. The U.S. Department of Justice confirmed the sentence on Read More …

An unnamed US county paid $1M extortion demand to cybercriminals

A US county reportedly paid $1 million to Kairos, an extortion gang that claimed to have stolen more than 2 TB of data, but the county never received independently verifiable proof that the stolen files had been deleted – just Read More …

GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware

In October 2025, Microsoft Threat Intelligence identified destructive wiping activity and uncovered a sophisticated Go programming language (Golang)-based backdoor we now track as GigaWiper, a versatile implant that combines robust command-and-control (C2) capabilities with multiple destructive payloads, including disk wiping, Read More …

6.9 million driver’s license numbers stolen from AssuranceAmerica

Insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of up to 6.9 million people. AssuranceAmerica provides car and rental insurance to customers across 14 US states through a network of over 9,500 Read More …

Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation

In April 2026, Unit 42 researchers identified a financially motivated campaign delivering Vidar stealer and the XMRig cryptocurrency miner to consumer and small- and medium-sized business victims worldwide. Attackers lure victims via malvertising to pages for downloading files that impersonate Read More …

CAI cloud worm gives competitors’ malware the boot, then steals secrets and mines for coin

There’s no honor among thieves as a new worm steals from other infectious software. It pilfers “multiple” victims’ credentials and mines for cryptocurrency while killing competitors’ processes, including similar secret-harvesting malware. It’s called Cloud AI Infrastructure Attack Framework (CAI), and Read More …