ALL POSTS

Key Findings Threat actors claiming to be "Infrastructure Destruction Squad" or "Dark Engine" breached Venice's San Marco flood defense system in late March 2026 Attackers claim to have maintained administrative access and stated they could disable flood defenses and inundate coastal areas Group offered full root access to the system for $600 USD, demonstrating both severity of breach and low barrier to further exploitation Italian authorities confirmed critical systems prote

Key Findings Qilin ransomware group claims to have breached Die Linke, Germany's left-wing political party, and posted the claim on its Tor data leak site on April 1, 2026 Die Linke discovered the attack on March 27 and confirmed the incident but has not verified whether data was actually stolen The party's membership database was not compromised and no member data was accessed Qilin has provided no proof of the breach despite making the claim Qilin is one of the most prolifi

Key Findings At least 766 Next.js hosts across multiple geographic regions and cloud providers compromised through CVE-2025-55182 exploitation Threat cluster UAT-10608 attributed to the campaign by Cisco Talos Critical vulnerability (CVSS 10.0) in React Server Components and Next.js App Router enables remote code execution NEXUS Listener framework deployed post-compromise to harvest and exfiltrate credentials via web-based GUI Stolen data includes database credentials, SSH ke

Key Findings A dark web marketplace called Threat Market is listing 375 terabytes of alleged Lockheed Martin data for $600 million, with an alternative $374 million price tag The data was allegedly provided by a group claiming to be "APT IRAN" starting March 26, 2026 A separate Iran-linked group called Handala Hack Team claimed around the same time to have accessed personal data of Lockheed Martin engineers and employees No verification of the breach has been confirmed by Loc

Key Findings Iranian government-linked hacking group Handala claimed Friday to have compromised FBI Director Kash Patel's personal email account and released the data publicly The FBI confirmed awareness of the targeting but stated no government information was compromised and the exposed data is historical in nature Handala framed the breach as retaliation for U.S. seizure of its domains and a $10 million State Department reward for information on group members Leaked docume

Key Findings * Iran-linked Handala Hack Team claims cyberattacks against Stryker Corporation and Verifone on March 11 * Stryker confirms a network disruption; Verifone denies any breach * Handala claims to have wiped 200,000 systems and extracted 50 terabytes of data from Stryker * The group alleges the attack was retaliation for a missile strike on an Iranian school * Verification of claims is ongoing and independent confirmation is pending Background The Handala Hack Team,

Key Findings Hackers abused Anthropic's Claude AI model to develop exploits, create custom tools, and automate the exfiltration of over 150GB of data in a cyberattack targeting Mexican government systems. The attackers compromised 10 Mexican government agencies and a financial institution, starting with the tax authority in December 2025. Hackers sent over 1,000 prompts to Claude and used OpenAI's GPT-4.1 to analyze stolen data. By bypassing AI guardrails and framing actions

Key Findings A malicious NuGet package, codenamed "StripeApi.Net", was discovered impersonating the legitimate "Stripe.net" library from the financial services firm Stripe. The package was uploaded to the NuGet Gallery on February 16, 2026 by a user named "StripePayments". The package's NuGet page was designed to closely resemble the official Stripe.net package, using the same icon and a nearly identical readme. The package had an artificially inflated download count of over

Background The cybersecurity researchers at Veracode have discovered a new type of supply chain attack targeting the NPM ecosystem. The attack involves hiding a dangerous Pulsar Remote Access Trojan (RAT) inside seemingly innocuous PNG image files. Key Findings Hackers used a typosquatting technique to create a malicious NPM package named "buildrunner-dev" that closely resembles a legitimate tool called "buildrunner". Once installed, the package downloads a heavily obfuscated

Key Findings North Korean IT operatives are applying to remote positions using real LinkedIn accounts of individuals they are impersonating The goal is to secure jobs at Western companies and conduct espionage, data theft, and ransomware attacks The threat is tracked by the cybersecurity community as Jasper Sleet, PurpleDelta, and Wagemole The impersonated LinkedIn profiles often have verified workplace emails and identity badges to appear legitimate Once employed, the DPRK w

Key Findings The European Commission detected a cyber attack on its central mobile device management infrastructure on January 30, 2026. The attack may have exposed the personal details, including names and phone numbers, of some Commission staff members. However, the Commission's swift response contained the breach within 9 hours and ensured that no mobile devices were compromised. The attack is linked to critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti's

Key Findings: Germany summoned Russia's ambassador over alleged cyberattacks on its air traffic control authority and a disinformation campaign ahead of national elections. The German government has clear evidence linking an August 2024 cyberattack on Deutsche Flugsicherung, the country's air traffic control authority, to the Russia-nexus group APT28 (aka Fancy Bear). Germany also accused Moscow of attempting to influence and destabilize Germany's federal election through a d

Key Findings: A high-severity unpatched security vulnerability in Gogs (CVE-2025-8110) with a CVSS score of 8.7 is under active exploitation, affecting over 700 compromised instances accessible online. The vulnerability allows for file overwrite in the file update API, enabling an attacker to achieve arbitrary code execution through a four-step process. The malware deployed in the attacks is a payload based on Supershell, an open-source command-and-control (C2) framework ofte

Key Findings North Korea-linked actors behind the Contagious Interview campaign have uploaded 197 new malicious npm packages to distribute a new version of the OtterCookie malware. The Contagious Interview campaign, active since November 2023, targets software developers on Windows, Linux, and macOS, with a focus on those working in crypto and Web3. Attackers pose as recruiters on platforms like LinkedIn and use social engineering tactics, including fake job interviews and tr

Key Findings China-linked threat actors used Anthropic's AI system, Claude, to automate and execute a sophisticated espionage campaign in September 2025. The cyberspies leveraged advanced "agentic" capabilities of the AI system, allowing it to act autonomously and perform a range of malicious activities with minimal human oversight. The attack targeted about 30 global organizations across tech, finance, chemicals, and government sectors, succeeding in a few cases. This incide

Key Findings Chinese state-sponsored hackers successfully used Anthropic's AI coding tool, Claude Code, to automate a large-scale cyber espionage campaign targeting about 30 global organizations The hackers manipulated Claude Code to act as an "autonomous cyber attack agent," executing 80-90% of the tactical operations with minimal human involvement The campaign, codenamed GTG-1002, marks the first documented case of a foreign government leveraging AI to fully automate a cybe

Key Findings A set of nine malicious NuGet packages capable of dropping time-delayed payloads has been identified. The packages were published in 2023 and 2024 by a user named "shanhai666" and are designed to run malicious code after specific trigger dates in August 2027 and November 2028. The packages were collectively downloaded 9,488 times. The most dangerous package, "Sharp7Extend," targets industrial PLCs with dual sabotage mechanisms: immediate random process terminatio