Microsoft is publishing for the first time their research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”.
This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations. The geographical targeting to a near-global scale of this campaign expands Seashell Blizzard’s scope of operations beyond Eastern Europe.
Read more…
Source: Microsoft
Related:
- Why iPhone users should update and restart their devices now
January 13, 2026
If you were still questioning whether iOS 26+ is for you, now is the time to make that call. Why? On December 12, 2025, Apple patched two WebKit zero‑day vulnerabilities linked to mercenary spyware and is now effectively pushing iPhone 11 and newer users toward iOS 26+, because that’s where the fixes and new memory ...
- Threat Brief: MongoDB Vulnerability (CVE-2025-14847)
January 13, 2026
On Dec. 19, 2025, MongoDB publicly disclosed MongoBleed, a security vulnerability (CVE-2025-14847) that allows unauthenticated attackers to leak sensitive heap memory by exploiting a trust issue in how MongoDB Server handles zlib-compressed network messages. This flaw occurs prior to authentication, meaning an attacker only needs network access to the database’s default port to trigger it. Read more… Source: ...
- Man to plead guilty to hacking US Supreme Court filing system
January 13, 2026
A resident of Springfield, Tennessee, is expected to plead guilty to hacking the U.S. Supreme Court’s electronic document filing system dozens of times over several months. Prosecutors say between August and October 2023, Nicholas Moore, 24, “intentionally accessed a computer without authorization on 25 different days and thereby obtained information from a protected computer,” according to ...
- Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response
January 12, 2026
AsyncRAT has emerged as a notable Remote Access Trojan (RAT) used by threat actors for its robust capabilities and ease of deployment. It gained favor for its extensive feature set, which includes keylogging, screen capturing, and remote command execution capabilities. Its modular architecture, typically implemented in Python, provides flexibility and ease of customization, making it a ...
- New Zealand: Second health provider, Canopy Health, hit in major cyber attack
January 12, 2026
Patients caught up in the CanopyHealth data breach are furious that it took the company six months to tell them about it. On Monday, it was revealed the leading private provider doing breast cancer diagnosis and treatment took six months to notify some patients or the public of a major cyber attack on its systems. In ...
- Europol: 34 arrests in Spain during action against the ‘Black Axe’ criminal organisation
January 9, 2026
The Spanish National Police (Policía Nacional), in close cooperation with the Bavarian State Criminal Police Office (Bayerisches Landeskriminalamt) and with the support of Europol, has conducted an operation against the international criminal organisation ‘Black Axe’. The action resulted in 34 arrests and significant disruptions to the group’s activities. Black Axe is a highly structured, hierarchical group ...