Breaches
ShinyHunters, one of the most prolific data breach and extortion groups of the past five years, has posted a message to their official Telegram channel claiming that a "second leader has been arrested." The brief update also confirmed that the group's X (formerly Twitter) account has
Threats
Palo Alto Networks' Unit 42 has published a major investigation into a newly identified cyberespionage group it tracks as TGR-STA-1030, also known as UNC6619. The group — assessed with high confidence to be state-aligned and operating out of Asia — has compromised at least 70 organizations across 37 countries over the
Threats
LockBit 5.0 has introduced cross-platform ransomware payloads capable of hitting Windows, Linux, and VMware ESXi environments in a single campaign, according to analysis of 19 samples published by LevelBlue. The release marks a significant technical evolution for the RaaS operation, with specialized routines designed to maximize damage across enterprise
Threats
ShadowSyndicate, a cybercrime cluster first identified in 2023, has been caught using a server transition technique designed to obscure operational continuity across its infrastructure — but OPSEC failures have given researchers visibility into the group's C2 network. Group-IB confirmed two additional SSH fingerprints linked to ShadowSyndicate operations in February
Alerts
CISA has been silently updating its Known Exploited Vulnerabilities (KEV) catalog when it confirms that vulnerabilities are being exploited by ransomware groups — without notifying defenders when those changes occur. Glenn Thorpe, senior director of security research and detection engineering at GreyNoise, documented the gap by downloading daily KEV snapshots for
Threats
FortiGuard Incident Response has documented a new tool in Interlock ransomware's arsenal — a bring-your-own-vulnerable-driver (BYOVD) process killer that abuses a zero-day vulnerability in a gaming anti-cheat kernel driver to terminate EDR and AV processes before ransomware deployment. The activity was observed during an intrusion against a North American
Threats
Sysdig's Threat Research Team has published a detailed analysis of a cloud intrusion in which a threat actor went from stolen credentials to full AWS administrative access in under 10 minutes — with strong indicators that large language models were used throughout the operation to automate reconnaissance, generate exploitation
Alerts
The Django project has issued security releases across all supported versions — Django 6.0.2, 5.2.11, and 4.2.28 — addressing six vulnerabilities, three of which are high-severity SQL injection flaws that could allow attackers to execute arbitrary SQL commands against backend databases. All three SQL injection CVEs
Breaches
Step Finance, one of the most widely used DeFi dashboard and analytics platforms on Solana, has disclosed that attackers stole approximately $40 million in digital assets after compromising devices belonging to company executives. The breach was detected on January 31 during APAC hours. Step Finance described the attacker as a
Threats
Daylight Security has published findings from a real-world intrusion in which BlueNoroff — the financially motivated subgroup of North Korea's Lazarus Group — used live social engineering over Microsoft Teams to compromise a macOS endpoint, steal Keychain credentials, and stage data for exfiltration. The entire attack was operator-driven in real
Alerts
A critical vulnerability in OpenClaw — the viral open-source AI assistant trusted by over 100,000 developers — allows attackers to achieve full remote code execution on a victim's machine through a single webpage visit. No user interaction beyond loading the page is required. CVE-2026-25253 (CVSS 8.8) affects all
Threats
A months-long offensive investigation by Red Asgard's threat research team has produced one of the most detailed public examinations of North Korea's Contagious Interview campaign infrastructure ever published. The findings — spanning four malware families, approximately 20 previously undocumented C2 servers, a novel binary protocol, and unauthenticated