A new ransomware strain known as 'Sicarii' has emerged, marked by its poorly designed code and a peculiar identity that suggests a connection to Hebrew culture, which may be misleading. This ransomware is particularly concerning because it cannot be decrypted, leaving victims unable to recover their files without paying the ransom. The strain first appeared last year, and while it may not be as sophisticated as other ransomware variants, its continued presence poses a risk to various organizations. Users and companies need to remain vigilant and consider implementing robust backup solutions to mitigate the impact of such attacks. The odd branding could lead to confusion about the true origins of this malware, making it a unique case in the evolving landscape of ransomware.
Latest Cybersecurity Threats
Real-time threat intelligence from trusted sources
A newly discovered flaw in telnet servers exposes vulnerabilities in many legacy systems and Internet of Things (IoT) devices still using this outdated protocol for remote access. Despite telnet being largely replaced by more secure options, it remains in use across hundreds of thousands of devices, making them susceptible to potential attacks. Researchers have pointed out that this forgotten attack surface could allow unauthorized access to sensitive systems, putting data and operations at risk. Organizations relying on these systems need to assess their use of telnet and consider transitioning to more secure protocols to mitigate these risks. This situation underscores the importance of keeping security practices updated, even for older technologies that may still be in operation.
Hackread – Cybersecurity News, Data Breaches, AI, and More
ShinyHunters, a notorious hacking group, is targeting over 100 organizations through a combination of vishing (voice phishing) and fake login pages. They are working with other groups to bypass Single Sign-On (SSO) security measures to gain unauthorized access to sensitive company data. This tactic not only compromises individual accounts but potentially exposes entire networks to further attacks. The extent of the breach could impact numerous sectors, leading to significant data loss and financial repercussions for the affected companies. Organizations need to be vigilant about their security protocols and educate employees on recognizing phishing attempts to mitigate these risks.
WhatsApp has introduced a new feature called 'Strict Account Settings' aimed at enhancing user privacy and protecting against spyware. This toggle allows users to tighten their account security beyond the existing end-to-end encryption already offered by the app. The move comes as concerns grow over the potential for spyware to compromise personal data on messaging platforms. Users will now have more control over who can see their information and how their accounts can be accessed. This is significant as it reflects a broader trend in tech companies prioritizing user privacy amid rising cyber threats.
SCM feed for Latest
India is currently dealing with a sophisticated espionage campaign that utilizes the Blackmoon trojan. This attack begins with a ZIP file that conceals malicious files, allowing attackers to infiltrate systems. The campaign poses a significant risk to sensitive information and national security, as it targets various sectors within the country. Cybersecurity experts are urging organizations in India to remain vigilant and enhance their security measures to protect against such advanced threats. This incident underscores the ongoing risks of cyber espionage and the need for robust defense strategies.
BleepingComputer
Nike is currently looking into a potential data breach after the World Leaks ransomware group leaked 1.4 terabytes of files that they claim to have stolen from the company. This incident raises concerns about the security of sensitive information held by one of the largest sportswear brands in the world. The leaked files could potentially contain customer data, company secrets, or other critical information, which might lead to further extortion attempts or data misuse. Nike's investigation is crucial not only for the company's reputation but also for the safety of its customers and business partners. As the situation unfolds, it highlights the ongoing threat posed by ransomware gangs targeting major corporations.
Infosecurity Magazine
A critical vulnerability has been identified in Grist-Core, a platform used for data management and collaboration. This security flaw allows attackers to escape the sandbox environment, leading to remote code execution through a malicious formula. Essentially, this means that someone could potentially run arbitrary code on the systems where Grist-Core is deployed, which poses a significant risk to users. Organizations using this software need to act quickly to protect their data and systems from exploitation. The details about the specific versions affected have not been disclosed, but the urgency of the situation suggests that immediate attention is required to prevent potential breaches.
The extortion group known as WorldLeaks claims to have stolen 1.4TB of sensitive data from Nike, which includes around 188,347 files. Nike is currently investigating this alleged breach to assess the extent of the data compromise. This incident raises serious concerns about the security of corporate networks, particularly for large companies like Nike that handle a significant amount of sensitive information. If the claims are verified, it could lead to potential reputational damage and legal repercussions for the brand. Additionally, it highlights the ongoing threat posed by cybercriminals who are increasingly targeting major corporations to steal and exploit sensitive data.
BleepingComputer
Researchers have discovered a critical vulnerability in the vm2 library, a popular Node.js sandbox used to execute untrusted code. This security flaw, identified as CVE-2026-22709, enables attackers to escape the sandbox environment and execute arbitrary code on the host system. This poses a significant risk to applications that rely on this library for secure code execution. Developers using vm2 should take immediate action to protect their systems, as the implications could lead to unauthorized access and control over sensitive data. It's crucial for users to stay informed about this vulnerability and implement necessary safeguards to prevent exploitation.
Infosecurity Magazine
The PeckBirdy command-and-control framework has been identified as a tool used by cyber attackers targeting gambling and government sectors across Asia since 2023. Researchers have linked this framework to advanced persistent threats (APTs) that are aligned with Chinese interests, indicating a strategic focus on these industries. The attacks suggest a concerted effort to gather intelligence or disrupt operations within these sectors. As these attacks are ongoing, they pose a significant risk to the affected organizations, potentially leading to data breaches or operational disruptions. The implications of these cyber campaigns highlight the need for enhanced security measures in vulnerable industries.
Modern ransomware has evolved beyond just encrypting files; it now focuses on psychological tactics to extort money from victims. Ransomware groups are increasingly using the threat of exposing sensitive data to pressure organizations into paying up. This approach not only exploits the fear of data leaks but also the potential liability that could arise from such exposures. As a result, companies and individuals are facing new challenges in dealing with these sophisticated attacks. Understanding these tactics is crucial for organizations looking to bolster their defenses against this growing form of cyber extortion.
In 2025, numerous internet outages frustrated users across various platforms, with Cloudflare attributing these disruptions to a series of significant events affecting global networks. The incidents were primarily linked to a combination of increased internet traffic and technical difficulties that arose during peak usage times. As a result, many popular websites and services experienced downtime, impacting businesses and consumers alike. This situation serves as a reminder of the vulnerabilities in our interconnected online systems and the need for robust infrastructure to support growing demands. Users and companies alike should be aware of these potential disruptions and consider strategies to mitigate their impact.
Hackread – Cybersecurity News, Data Breaches, AI, and More
U.S. prosecutors have charged 31 additional suspects in a nationwide ATM jackpotting scheme, increasing the total number of defendants to 87 across several states. This scam involves criminals exploiting vulnerabilities in ATMs to dispense large amounts of cash illicitly. The coordinated effort highlights the growing problem of ATM-related fraud, which poses risks to financial institutions and customers alike. Law enforcement agencies are working to dismantle these operations, as they not only lead to significant financial losses but also undermine trust in automated banking systems. The case serves as a reminder of the ongoing challenges in cybersecurity, particularly concerning physical banking infrastructure.
SoundCloud has experienced a significant data breach, affecting nearly 30 million user accounts. Hackers accessed personal and contact information, raising concerns about user privacy and security. This breach underscores the vulnerability of online platforms to cyberattacks, highlighting the need for stronger security measures. Users whose accounts were compromised should be vigilant about potential phishing scams and consider changing their passwords. SoundCloud has not yet detailed how the breach occurred, leaving many questions about the effectiveness of their security protocols.
Hackread – Cybersecurity News, Data Breaches, AI, and More
Poland successfully thwarted a cyberattack involving Russian wiper malware aimed at its power and heating plants. This incident, which could have led to significant outages during the winter months, was detected and blocked by Polish officials before any damage occurred. The government has responded by tightening cybersecurity regulations to bolster defenses against potential future attacks. This incident underscores the ongoing tensions between Poland and Russia, particularly regarding cybersecurity threats to critical infrastructure. The prevention of this attack is crucial for maintaining energy stability during colder months, which could have severe implications for public safety and the economy.