Cybercrime
-
The Gentlemen ransomware linked to 478 claimed victims, new analysis says
A new analysis says The Gentlemen ransomware has claimed 478 victims since March 2025 and shifted in July to an independent model after using resources from other ransomware services.
-
Authorities dismantle AudiA6 crypto laundering service linked to ransomware proceeds
Authorities have dismantled the AudiA6 crypto laundering service, which investigators say moved more than $380 million for ransomware actors and other cybercriminals. The case led to arrests in Georgia and seizures across 11 countries.
-
Russia-Aligned Hackers Keep Exploiting WinRAR Flaw to Target Ukraine
Russia-aligned hacking groups have kept exploiting a patched WinRAR flaw against Ukrainian organizations, using crafted archives, hidden payloads and stolen browser data in campaigns that researchers said remained active into 2026.
-
Malicious PyPI packages tied to Hades attack wave, researchers say
Researchers said a new Hades supply chain campaign poisoned 37 wheel artifacts across 19 PyPI packages, using startup hooks to run Bun-based malware that sought cloud, repository and developer credentials.
-
Meta says it blocked NSO Group WhatsApp phishing attempts
Meta said it blocked spear-phishing attempts linked to NSO Group on WhatsApp and is asking a U.S. court to hold the spyware vendor in contempt over alleged violations of a permanent injunction.
-
Check Point warns of active exploitation of critical VPN flaw in IKEv1 setups
Check Point said attackers are exploiting a critical VPN flaw in older IKEv1 deployments, with activity dating back to May 7 and affecting a few dozen organizations globally. The bug can let an unauthenticated attacker bypass password checks and open a VPN session.
-
Silent Ransom Group targets U.S. law firms in fake IT support calls
The Silent Ransom Group is targeting U.S. law firms and professional services firms with fake IT support calls that can lead to data theft within hours, according to a Mandiant technical analysis.
-
New npm supply chain worms hit 50-plus packages, steal secrets
Two npm supply chain attacks spread a Rust information stealer and a worm across dozens of packages, targeting developer secrets, cloud credentials and AI tool configurations. Researchers said the malware used GitHub and npm features to keep propagating.
-
New Android spyware campaign targets Arabic-speaking users, ESET says
ESET says a new Android spyware campaign called Asin used fake utility, news and war map sites to target Arabic-speaking users. The operation remains unattributed, and its main objective has not been confirmed.
-
PCPJack hijacks 230 cloud servers for covert SMTP relay network
PCPJack hijacked 230 cloud servers tied to AWS, Google Cloud and Microsoft Azure to run a covert SMTP relay network, according to Hunt.io. The infrastructure used Sliver and Chisel tools and was still active when found.
