Cybercrime
-
FBI, Indonesian Police Disrupt Global Phishing Network Using W3LL Toolkit
The FBI and Indonesian police dismantled infrastructure tied to a global phishing operation using the W3LL toolkit, seized domains and detained an alleged developer. Officials said the scheme targeted more than 17,000 victims in 2023 and 2024.
-
New VENOM phishing attacks target Microsoft logins of senior executives
A new phishing-as-a-service platform called VENOM has been targeting Microsoft credentials of senior executives since at least last November, using personalized lures, QR codes and methods that can capture session tokens.
-
Cisco Talos warns attackers are abusing GitHub and Jira notifications for phishing
Cisco Talos says attackers are abusing GitHub and Jira notification systems to send phishing emails that pass standard authentication checks and may look trusted to corporate users.
-
Atomic Stealer campaign abuses macOS Script Editor in ClickFix variation
A new macOS malware campaign is using Script Editor in a ClickFix-style attack to deliver Atomic Stealer, avoiding Terminal prompts and relying on fake Apple-themed pages that push users to run malicious code.
-
Masjesu botnet emerges as DDoS-for-hire service targeting IoT devices
Researchers say the Masjesu botnet has been sold as a DDoS-for-hire service since 2023, targeting IoT devices across multiple architectures while using stealth tactics, self-propagation and hard-coded control channels.
-
Dutch healthcare software vendor ChipSoft hit by ransomware attack
Dutch healthcare software vendor ChipSoft was hit by a ransomware attack on April 7, knocking its website offline and forcing some hospitals to take systems offline. The company serves about 80 percent of hospitals in the Netherlands.
-
North Korea-linked campaign spreads across five open-source ecosystems
A North Korea-linked campaign has spread malicious packages across five open-source ecosystems, with a technical analysis saying more than 1,700 packages have been linked to the activity since January 2025.
-
US agencies warn of Iranian-linked attacks on internet-facing PLCs
US agencies warned that Iran-linked hackers are targeting internet-facing PLCs in critical infrastructure, including water and energy systems, and have caused display manipulation, device disruption and financial loss in some cases.
-
Over 1,000 exposed ComfyUI instances targeted in crypto mining botnet campaign
A Censys technical analysis says more than 1,000 exposed ComfyUI instances are being scanned and infected in a campaign that installs crypto miners, a proxy botnet and persistence tools through unsafe custom nodes.
-
Iran-Linked Password-Spraying Campaign Hits Microsoft 365 Accounts in Middle East
An Iran-linked threat actor is suspected of targeting Microsoft 365 accounts in Israel and the United Arab Emirates in March 2026, affecting more than 300 organizations in Israel and over 25 in the U.A.E. across three attack waves.
