Authorities in Europe and North America have successfully taken down a criminal VPN service known as First VPN, which was being used by 25 different ransomware groups to hide their activities, including data breaches and denial-of-service attacks. The operation was primarily led by law enforcement in France and the Netherlands, with support from other countries since December. This dismantling is significant because it disrupts the network that these cybercriminals relied on to carry out their attacks, making it harder for them to operate anonymously. By targeting the infrastructure that supports these ransomware operations, authorities hope to reduce the frequency and impact of future cyberattacks. This action underscores the ongoing international effort to combat cybercrime and protect organizations from ransomware threats.
Latest Cybersecurity Threats
Real-time threat intelligence from trusted sources
SCM feed for Latest
Malwarebytes has uncovered a phishing scam on Facebook that specifically targets users aged 40 and older. This scheme lures victims with fake offers for Aldi meat boxes, enticing them to provide personal information or financial details. The attackers are exploiting the trust users may have in social media platforms, making it crucial for older adults to be vigilant about suspicious offers. This incident serves as a reminder that scammers often tailor their tactics to exploit specific demographics, highlighting the need for increased awareness among users. Protecting personal information online is essential, especially when faced with seemingly harmless promotions.
SCM feed for Latest
State officials are urging Congress to reauthorize the State and Local Cybersecurity Grant Program (SLCGP), which has been crucial for local governments struggling with cybersecurity issues. Many of these governments lack the necessary staff and resources to effectively protect themselves against cyber threats. The SLCGP has provided essential funding and support, helping to strengthen cybersecurity defenses at the local level. Without the grant program, these municipalities may find it increasingly difficult to safeguard sensitive data and infrastructure from cyberattacks. This call to action underscores the ongoing need for federal support in enhancing local cybersecurity capabilities.
Schneier on Security
A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) accidentally exposed sensitive credentials in a public GitHub repository. This leak included access details for several highly privileged AWS GovCloud accounts and internal CISA systems, along with documentation on how the agency builds and deploys software. Security experts have labeled this incident as one of the most serious data leaks involving government information in recent years. The exposure raises significant concerns about the security of sensitive government operations and the potential for misuse of the leaked credentials. It underscores the importance of maintaining strict access controls and oversight for contractors handling sensitive data.
Hackread – Cybersecurity News, Data Breaches, AI and More
Researchers at SafeDep have identified a significant cybersecurity incident known as the Megalodon attack, which has compromised 5,561 GitHub repositories within a short span of six hours. The attack specifically targets continuous integration (CI) workflows, enabling attackers to steal cloud credentials. This incident raises serious concerns for developers and organizations using GitHub, as the theft of cloud credentials could lead to unauthorized access to sensitive resources and data. It's essential for users to be vigilant about the security of their repositories and ensure that their CI workflows are secure. The rapid spread of this attack emphasizes the need for robust security measures in software development environments.
The 2026 Data Breach Investigations Report (DBIR) from Verizon reveals that the healthcare sector is increasingly facing social engineering attacks, which are becoming more sophisticated. While ransomware and vendor breaches continue to be significant threats, the report indicates that the tactics used by attackers are changing, making it easier for them to trick healthcare organizations and their employees. This shift in strategy raises concerns about the security of sensitive patient data and the overall integrity of healthcare systems. As these social engineering tactics evolve, it is crucial for healthcare providers to enhance their security training and awareness programs to better protect against these types of attacks. The ongoing challenges highlight the need for vigilance in safeguarding against both traditional and emerging cybersecurity threats.
BleepingComputer
Drupal has issued a warning about a significant SQL injection vulnerability that is currently being targeted by hackers. This flaw, which was announced earlier in the week, poses a serious risk to websites running on the Drupal content management system. Attackers can exploit this vulnerability to gain unauthorized access to databases, potentially leading to data breaches or site compromises. Users and administrators of Drupal sites are urged to take immediate action to secure their systems, as the risk of exploitation is high. It is crucial for affected parties to stay vigilant and apply any available patches to mitigate this threat.
BleepingComputer
Ubiquiti has rolled out security updates to address three high-severity vulnerabilities in its UniFi OS. These flaws can be exploited by remote attackers without needing any special permissions, which raises significant security concerns for users. The vulnerabilities could potentially allow unauthorized access to sensitive systems, putting networks at risk. Ubiquiti’s prompt action to patch these issues is crucial, as it helps protect users from potential exploitation. Companies and individuals using UniFi OS should ensure they apply the updates as soon as possible to safeguard their devices.
The Cybersecurity and Infrastructure Security Agency (CISA) has introduced a new nomination form that allows researchers, vendors, and industry partners to report known exploited vulnerabilities. This initiative aims to enhance collaboration between CISA and the cybersecurity community by providing a direct channel for submitting vulnerabilities for consideration in the Known Exploited Vulnerabilities (KEV) catalog. While the new form streamlines reporting, organizations can still use email to submit vulnerabilities if they prefer. This move is significant as it encourages more proactive engagement from the cybersecurity community, which is essential for identifying and mitigating threats more effectively.
TrendAI has addressed a serious vulnerability in its Apex One security software, identified as CVE-2026-34926. This flaw is a directory traversal issue that could be exploited by attackers to gain unauthorized access to files on the system. The vulnerability specifically affects the on-premise version of Apex One, which is used by various organizations for endpoint security. Given that this vulnerability has been exploited in the wild, it poses a significant risk to users who have not yet applied the necessary updates. Companies using Apex One should prioritize applying the latest patches to safeguard their systems against potential breaches.
Grafana recently reported that hackers accessed its GitHub repositories, stealing code and other sensitive data. This breach occurred due to a compromised token linked to the TanStack supply chain attack, which was not rotated in time to mitigate the threat. As a result, attackers gained unauthorized access to Grafana's internal resources. This incident raises concerns about the security of software development processes and the potential risks associated with supply chain vulnerabilities. Companies using Grafana's software should be vigilant and review their security practices to prevent similar attacks in the future.
Help Net Security
A recent report from Visa reveals that scams are becoming increasingly prevalent, largely due to advancements in AI that enable criminals to impersonate trusted entities more convincingly. These scams often involve psychological manipulation, where attackers pressure victims into making unauthorized payments. The report notes that while token fraud and enumeration losses have decreased by 9.6% and 16% respectively, the overall threat from fraud is growing as criminals adapt their strategies. This shift emphasizes the need for consumers and businesses to remain vigilant and enhance their security measures. As the methods become faster and more sophisticated, the risk to everyday users and financial institutions is significant, making awareness and education around these threats crucial.
SCM feed for Latest
The article discusses several cybersecurity topics, including the FCC's actions, GitHub's security measures, and the implications of the NIS2 directive on supply chain security. Notably, it mentions MiniShai-hulud, a new threat actor reportedly targeting vulnerabilities in Itron devices. This situation raises concerns for organizations relying on Itron’s technology, as they could be at risk of data breaches or disruptions. The article emphasizes the need for companies to enhance their security measures in light of these evolving threats. Overall, it serves as a reminder for businesses to stay vigilant and proactive in their cybersecurity strategies.
Lawmakers from both sides of the political aisle are expressing concerns that the budget cuts to the Cybersecurity and Infrastructure Security Agency (CISA) are excessive, especially given the increasing cyber threats posed by countries like China. Representatives Don Bacon and James Walkinshaw pointed out that these cuts come at a time when the need for robust cybersecurity measures is more critical than ever. As CISA plays a vital role in protecting civilian networks, the reduction in its funding could leave the nation more vulnerable to cyberattacks. This bipartisan agreement underscores the urgency for Congress to reevaluate the agency's budget and ensure it has the necessary resources to defend against evolving threats. Without adequate support, the effectiveness of CISA in safeguarding essential infrastructure may be compromised.
Former President Trump has decided to delay an executive order aimed at enhancing security measures surrounding artificial intelligence. The proposed order would have required federal agencies, including the NSA and the Treasury Department, to evaluate new AI models for potential cybersecurity and national security risks within a 90-day timeframe. This postponement raises concerns about the government's ability to address the growing complexities of AI technology in relation to security. As AI continues to evolve, the need for clear guidelines and assessments becomes increasingly urgent to protect sensitive data and national interests. The implications of this delay could impact how swiftly the government can adapt to emerging threats posed by advanced technologies.