top of page

ALL POSTS

Global Law Enforcement Dismantles First VPN Used by 25 Ransomware Groups in Historic Takedown

Key Findings First VPN Service, a criminal VPN operating since 2014, was dismantled in a coordinated international operation led by France and the Netherlands At least 25 ransomware groups used the service to conduct attacks, including network reconnaissance, data theft, fraud, and denial-of-service operations The takedown involved 16 countries and resulted in the seizure of 33 servers across 27 countries and the shutdown of associated domains First VPN marketed itself specif

FBI Alert: Kali365 Phishing Kit Rapidly Targeting Microsoft 365 Users

Key Findings FBI issued public service announcement about Kali365, a phishing-as-a-service platform targeting Microsoft 365 users since April 2026 Platform bypasses multi-factor authentication by abusing OAuth device code authorization flows Kali365 lowers technical barriers for cybercriminals by providing AI-generated phishing lures, automated templates, and real-time tracking dashboards Captured OAuth tokens grant persistent access to Microsoft 365 accounts, enabling data t

Megalodon Supply Chain Attack Compromises 5,561 GitHub Repositories in Six-Hour Blitz

Key Findings 5,718 malicious commits pushed to 5,561 GitHub repositories within a six-hour window on May 18, 2026 Attackers used forged identities (build-bot, auto-ci, ci-bot, pipeline-bot) and throwaway GitHub accounts to hide their tracks Malicious GitHub Actions workflows embedded base64-encoded bash payloads designed to exfiltrate sensitive credentials and secrets Two attack variants identified: SysDiag (broad reach, triggers on every push/pull request) and Optimize-Build

Attackers Bypass MFA on SonicWall VPNs Due to Flawed Prior Patch

Key Findings SonicWall Gen6 SSL-VPN devices remain vulnerable to MFA bypass despite firmware patches because administrators are missing six required manual remediation steps CVE-2024-12802 exploitation observed in-the-wild between February and March 2026, leading to ransomware-related intrusions across multiple organizations Attackers successfully brute-forced VPN credentials and bypassed MFA, reaching internal file servers in some cases within 30 minutes Gen6 devices reached

Kimwolf Botmaster 'Dort' Arrested and Charged in U.S. and Canada

Key Findings 23-year-old Jacob Butler of Ottawa arrested Wednesday on suspicion of operating Kimwolf, a massive IoT botnet that infected millions of devices Kimwolf launched over 25,000 DDoS attacks measuring up to 30 terabits per second, the highest recorded volume, causing financial losses exceeding $1 million for some victims Butler faces charges in both the United States and Canada, with potential 10-year prison sentence if extradited and convicted in U.S. court March 202

CISA Adds Microsoft and Adobe Vulnerabilities to Known Exploited Vulnerabilities Catalog

Key Findings CISA added seven vulnerabilities to its Known Exploited Vulnerabilities catalog, including Microsoft Defender flaws currently under active exploitation Two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498) are being actively exploited in the wild CVE-2026-41091 allows attackers to escalate privileges to SYSTEM level with a CVSS score of 7.8 Five additional legacy vulnerabilities from 2008-2010 were added to the catalog, affecting Windows, Int

Microsoft's Abandoned MSHTA Tool Becomes Weapon for Fileless Malware Campaigns

Key Findings MSHTA, a retired Windows tool originally built for Internet Explorer, remains enabled by default on modern Windows systems and is now actively exploited for fileless malware attacks Threat actors abuse MSHTA as a Living-off-the-Land binary to execute malicious code directly in memory while masking activity as legitimate administrative tasks Multiple malware families including CountLoader, Emmenhtal Loader, PurpleFox, and ClipBanker leverage MSHTA to deliver info-

AI-Powered Exploitation Surge: Hackers Leverage Machine Learning in Nearly a Third of Recent Breaches, Verizon DBIR Warns

Key Findings AI-assisted vulnerability exploitation caused 31% of all breaches, overtaking stolen credentials as the primary initial access method for the first time in DBIR's 19-year history Generative AI has compressed the vulnerability exploitation window from months to just hours, collapsing traditional defense timelines Mobile-based social engineering attacks via voice and text achieve 40% higher success rates than email phishing Shadow AI tool usage among employees trip

Microsoft Releases RAMPART and Clarity: Open-Source Tools for Securing AI Agents in Development

Key Findings Microsoft released two open-source tools, RAMPART and Clarity, designed to shift AI security testing from post-deployment to the development phase RAMPART is a Pytest-native framework that continuously tests AI agents for vulnerabilities including cross-prompt injection attacks and data exfiltration throughout the development pipeline Clarity functions as an AI-powered "thinking partner" that guides developers through design decisions and their security implicati

Microsoft Releases YellowKey BitLocker Bypass Mitigation Without Patch Available

Key Findings Microsoft released mitigations for YellowKey BitLocker bypass vulnerability but no patch yet CVE-2026-45585 affects Windows 11 versions 24H2, 25H2, 26H1 and Windows Server 2025 on x64 systems Exploit requires physical access to machine and specially crafted FsTx files Mitigation involves disabling autofstx.exe in WinRE and switching to TPM+PIN authentication Chaotic Eclipse publicly released working exploit code, violating coordinated disclosure practices Backgro

GitHub's 3,800 Internal Repositories Compromised Through Malicious VS Code Extension

Key Findings GitHub's internal repositories were compromised after an employee device was infected with a malicious Visual Studio Code extension Approximately 3,800 internal repositories were exfiltrated in the attack TeamPCP, a financially motivated hacking group, claimed responsibility and is selling the stolen data for around $95,000 GitHub confirmed it detected, contained and isolated the breach; no customer data outside internal repositories was affected Critical credent

DirtyDecrypt: PoC Exploit Released for Linux Kernel LPE Vulnerability

Key Findings DirtyDecrypt (CVE-2026-31635, CVSS 7.5) is a Linux kernel local privilege escalation vulnerability with working proof-of-concept code now publicly available on GitHub The flaw stems from a missing copy-on-write guard in the rxgk_decrypt_skb() function, allowing attackers to write data directly to privileged process memory or sensitive files like /etc/shadow and /etc/sudoers Only distributions with CONFIG_RXGK enabled are affected, including Fedora, Arch Linux, an

Microsoft Dismantles Fox Tempest Malware-Signing Network

Key Findings Microsoft's Digital Crimes Unit dismantled Fox Tempest, a malware-signing-as-a-service operation that created over 1,000 fraudulent certificates The service enabled threat actors to sign malware with short-lived Microsoft certificates, making malicious files appear legitimate Fox Tempest charged between $5,000 and $9,000 for access to its signing platform, with higher tiers offering priority service The operation supported major ransomware families including Rhys

Drupal Emergency Security Update Alert: May 20 Critical Patch Required for All Sites

Key Findings Drupal Security Team releasing emergency core security update May 20, 5-9 p.m. UTC across all supported branches Vulnerability is severe enough that exploits could be developed within hours or days of patch release Update affects Drupal 11.3.x, 11.2.x, 10.6.x, and 10.5.x with best-effort patches for 11.1.x and 10.4.x End-of-life versions (Drupal 8 and 9) receiving manual patch files only, with no guarantees Drupal 7 is not affected by this vulnerability Backgroun

INTERPOL Operation Ramz: Major Cybercrime Crackdown Across MENA Results in 201 Arrests

Key Findings INTERPOL coordinated Operation Ramz across 13 MENA countries from October 2025 to February 2026, resulting in 201 arrests and 382 additional suspects identified Nearly 8,000 intelligence records were shared between participating nations, marking the largest coordinated cybercrime effort INTERPOL has led in the region Authorities identified 3,867 victims and seized 53 servers involved in phishing, malware, and cyber scam operations Private sector partners includin

Reaper Malware Exploits Spoofed Microsoft Domain in macOS Password Theft Campaign

Key Findings SentinelLABS discovered a new macOS infostealer variant called Reaper that bypasses Apple's recent security patches in macOS Tahoe 26.4 Attack chain begins with fake download pages for WeChat or Miro using typo-squatted domain mlcrosoft.co.com Malware uses Script Editor with hidden commands disguised as ASCII art to trick users into executing malicious code Reaper steals passwords, browser data, cryptocurrency wallets, and financial documents before establishing

State-Sponsored Hackers Exploit Cloudflare Infrastructure in Targeted Malaysian Cyber Espionage Operation

Key Findings Suspected Malaysian government-backed operation maintained hidden command and control infrastructure for years using sophisticated obfuscation techniques Threat actors abused Cloudflare storage and CDN services to host malware, phishing material, and exfiltrated data while leveraging the platform's trusted reputation Infrastructure designed with selective access controls and adaptive response mechanisms to evade standard internet scanning and detection tools Atta

IT Threat Evolution in Q1 2026: Comprehensive Statistics Report

Key Findings More than 2.67 million mobile attacks prevented in Q1 2026, down from 3.24 million in Q4 2025 Trojan-Banker malware dominated mobile threats with 10.86% share of detections 306,070 malicious installation packages discovered, with 162,275 tied to mobile banking Trojans Kaspersky blocked over 343 million web-based attacks in Q1 2026 2,938 new ransomware variants detected, with 77,319 unique users targeted Clop ransomware returned to top position with 14.42% of DLS

MiniPlasma Windows 0-Day: SYSTEM Privilege Escalation on Fully Patched Systems

Key Findings Chaotic Eclipse released a proof-of-concept exploit for MiniPlasma, a Windows privilege escalation zero-day that grants SYSTEM privileges on fully patched systems The vulnerability exists in cldflt.sys (Windows Cloud Files Mini Filter Driver) within the HsmOsBlockPlaceholderAccess routine Originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020 and assigned CVE-2020-17103, the flaw was supposedly patched in December 2020

Grafana Rejects Ransom Demand Following Source Code Theft in GitHub Breach

Key Findings Grafana Labs suffered a breach allowing attackers to download source code after compromising a GitHub token No customer data exposure or impact to customer systems was found during investigation An attacker demanded ransom in exchange for not releasing the stolen code Grafana rejected the extortion demand, citing FBI guidance against paying ransoms Compromised credentials have been revoked and new security safeguards implemented The company plans to release addit

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page