Cybercrime
-
FBI investigates breach affecting wiretap management system
The FBI is probing a breach that affected an unclassified system used to manage wiretaps and surveillance warrants. The agency began investigating on February 17 after spotting abnormal logs, and said it addressed suspicious activity.
-
Iran-linked MuddyWater embeds Dindoor backdoor in multiple U.S. corporate networks
Iran-linked MuddyWater deployed a Dindoor backdoor across multiple U.S. corporate networks, including banks and an airport, and used cloud utilities in suspected data exfiltration attempts, with success unconfirmed.
-
China-linked group targets South American telecoms with Windows Linux and edge implants
A Cisco Talos technical analysis found a China-linked APT has targeted South American telecommunications since 2024 using three implants for Windows Linux and edge devices aimed at reconnaissance and brute force operations.
-
Self-propagating JavaScript worm vandalizes Meta-Wiki pages
Engineers restricted editing on March 5 2026 after a self-propagating JavaScript worm modified about 3,996 pages and replaced roughly 85 users’ common.js scripts. Injected code was removed and edits were reverted while investigation continues.
-
Suspected Iran-nexus actor impersonated Iraqi ministry to deploy novel malware
Zscaler ThreatLabz observed a January 2026 campaign that impersonated Iraq’s Ministry of Foreign Affairs to deliver SPLITDROP, TWINTASK, TWINTALK and GHOSTFORM using staged payloads, evasion and fileless execution.
-
New Russian-linked campaign uses BadPaw loader to deploy MeowMeow backdoor in Ukraine
A new cyber campaign targeted Ukrainian organizations using a .NET loader named BadPaw that deploys a MeowMeow backdoor after a phishing ZIP archive and HTA lure, with sandbox checks and persistence tactics.
-
Coordinated action disrupts Tycoon 2FA phishing service that targeted tens of thousands of organisations
A coordinated operation in early March 2026 disrupted Tycoon 2FA, a subscription phishing platform that generated tens of millions of emails monthly and enabled unauthorized access to nearly 100,000 organisations worldwide.
-
Microsoft warns OAuth redirect abuse used to deliver malware to government targets
Microsoft warned that phishing campaigns are abusing OAuth redirect features to deliver malware to government and public sector targets, using malicious OAuth apps, ZIP payloads, PowerShell and DLL sideloading. Organizations are advised to limit consent and review app permissions.
-
Star Citizen developer discloses January breach that exposed user account details
Cloud Imperium Games disclosed a January 21 2026 breach that gave attackers read only access to backup systems containing basic account details for an undisclosed number of users. No financial data or passwords were affected.
-
Microsoft warns of OAuth redirect abuse used to deliver malware to public sector
Microsoft warned that attackers are abusing OAuth redirect features to bypass phishing defenses and direct government and public sector users to attacker controlled domains that deliver malware or intercept credentials.
