Latest Intelligence
US Seizes $2.8 Million From Zeppelin Ransomware Operator
The US has indicted Ianis Antropenko, a ransomware operator associated with Zeppelin, and has seized over $2.8 million in cryptocurrency from his wallet. This action highlights ongoing efforts to combat ransomware activities and hold perpetrators accountable. Read Original »
Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
Researchers have found a malicious package named termncolor in the PyPI repository that exploits a dependency called colorinal to execute malicious operations. This multi-stage malware operation enables persistence and code execution, raising concerns about supply chain security. Read Original »
Wazuh for Regulatory Compliance
Organizations that manage sensitive data or personally identifiable information (PII) must comply with various regulatory standards and frameworks. This is particularly critical for sectors such as healthcare, finance, government contracting, and education. Read Original »
Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value Targets
Chinese APT UAT-7237 has been conducting long-term attacks on Taiwanese web hosting firms to gain access to high-value targets. This ongoing threat highlights the vulnerabilities within Taiwan's web infrastructure. Read Original »
Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824
The article discusses the evolution of the PipeMagic backdoor, detailing its operators' tactics, techniques, and procedures (TTPs) from the RansomExx incident in 2022 to subsequent attacks in Brazil and Saudi Arabia, culminating in the exploitation of CVE-2025-29824 in 2025. This highlights the ongoing threat posed by this backdoor and its operators. Read Original »
Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event)
CodeSecCon is a virtual event aimed at uniting developers and cybersecurity professionals to innovate the processes of application development, security, and maintenance. This event is positioned as a key opportunity for professionals to engage with the evolving landscape of software security. Read Original »
ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure
Cybersecurity researchers have revealed the details of the ERMAC 3.0 banking trojan, highlighting its advanced capabilities in form injection and data theft. This version targets over 700 applications related to banking, shopping, and cryptocurrency, indicating a significant evolution in its infrastructure. Read Original »
Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware
The Russian group EncryptHub is exploiting a patched vulnerability in Microsoft Windows, specifically the Microsoft Management Console (MMC) framework, to deploy Fickle Stealer malware. This campaign combines social engineering tactics with the exploitation of the CVE-2025-26633 vulnerability, also known as MSC EvilTwin. Read Original »
New Quantum-Safe Alliance Aims to Accelerate PQC Implementation
The Quantum-Safe 360 Alliance has been established to assist organizations in transitioning to post-quantum cryptography before the 2030 deadline. This initiative will provide essential roadmaps, technology, and services to facilitate this critical change in cybersecurity. Read Original »
RealDefense Opens $10M Fund to Help OEMs Monetize Installs With SmartScan Cybersecurity SDK
RealDefense has launched a $10 million fund aimed at assisting Original Equipment Manufacturers (OEMs) in monetizing their installations through the use of the SmartScan Cybersecurity SDK. This initiative highlights the growing importance of cybersecurity solutions in the OEM sector. Read Original »
New Crypto24 Ransomware Attacks Bypass EDR
The emergence of Crypto24 ransomware represents a significant threat as it showcases advanced technical skills and knowledge that allow it to bypass endpoint detection and response (EDR) systems. This escalation in capabilities indicates a growing sophistication among cybercrime groups. Read Original »
Colt Telecommunications Struggles in Wake of Cyber Incident
Colt Telecommunications is currently dealing with the aftermath of a cyber incident, prompting the company to take some of its systems offline as a precautionary measure during the investigation. The situation highlights the ongoing challenges faced by telecommunications companies in safeguarding their systems against cyber threats. Read Original »
Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools
An advanced persistent threat actor, tracked as UAT-7237, has been targeting web infrastructure in Taiwan using customized open-source hacking tools to gain long-term access to high-value environments. This activity has been ongoing since at least 2022. Read Original »
Using Security Expertise to Bridge the Communication Gap
The article emphasizes the importance of security-focused leadership in improving product quality and achieving better business outcomes. It highlights the need for effective communication between security experts and other stakeholders to bridge gaps in understanding. Read Original »
Water Systems Under Attack: Norway, Poland Blame Russia Actors
The article highlights the increasing targeting of water and wastewater systems by nation-state actors, particularly focusing on recent attacks attributed to Russian actors in Norway and Poland. This trend has raised concerns about the security of critical infrastructure across multiple countries. Read Original »