Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. [...]
A threat actor tracked as JadePuffer exploited CVE-2025-3248, a critical missing-authentication flaw in the Langflow LLM framework, to gain code execution on an internet-exposed instance and used the LLM itself to conduct reconnaissance, harvest credentials, and pivot to other systems. The attacker dumped Langflow's Postgres database, targeted a production MySQL server and an Alibaba Nacos configuration platform via a known default JWT signing key, and ultimately used the compromised access for lateral movement and ransomware deployment, marking an agentic AI-driven ransomware attack per Sysdig.
Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection, lateral movement, remote access, reco
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse of such commercial surveillance tools in
Stelios Kouloglou, formerly a member of the European Parliament's committee investigating abuses of commercial spyware, was twice infected with Pegasus while serving, researchers said.
Kaspersky identified a previously undocumented threat actor, Armored Likho, conducting cyber espionage and financially motivated attacks against government agencies and the electric power sector in Russia, Brazil, and Kazakhstan. The group uses obfuscated modular remote access trojans and infostealers designed to evade dynamic analysis, along with a tool called Go2Tunnel for remote access and network tunneling, and shows possible overlap with the Eagle Werewolf threat cluster tracked since 2023. Attacks include compromising Telegram channels to distribute malware such as AquilaRAT to targets including drone-development organizations.
Warning Over “Industrialized” Cyber-Attacks After Ransomware Gang Partners With TeamPCP Infosecurity Magazine
An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia, Kazakhstan, and Brazil.
In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information. The post Medtronic Data Breach Impacts 3.8 Million People appeared first on SecurityWeek.
NetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks. The post Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices appeared first on SecurityWeek.
Anubis Ransomware Hits 91 Victims: Citrix Bleed 2 Bypasses MFA Before Encryption Tech Times
A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider. "The campaign remains active, and new mali
Novo Nordisk Breach: $25M Ransom, 1.3TB Claimed [2026] tech-insider.org
Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs secu
A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in the same small stretch of kernel code where Anthropic's mos
Crime Stoppers experienced a data breach, prompting police to issue a warning to the public. Specific details on the scope of affected data or individuals were not provided in the available information.
What you need to know about the American Consumer Credit Counseling data breach settlement Claim Depot
Lemonade's $10.5M data breach settlement: See if you qualify and learn how to protect your identity CNBC
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the legit
Noteworthy stories that might have slipped under the radar: Anonymous-linked Canadian hacker jailed, researcher drops zero-days in open source projects, Venezuelans sentenced in the US over ATM jackpotting. The post In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM
Aspire Health settles data breach class action lawsuit for $400,000: Who can claim and how to file for a cash payout Claim Depot
A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. [...]
INC Ransomware Gang Targets the Legal Sector KnowBe4 Blog
Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?
Indian authorities are investigating a data breach at Tata linked to a leak of information about the unreleased Apple iPhone 18 Pro. The scope and cause of the breach are under investigation.
Data loss and cyber-attacks continue to rank as top concerns for C-suite executives, according to Intelligent Insurer. The report underscores sustained executive-level anxiety about cyber risk, though specific survey data was not detailed.
A report examines a 2026 supply-chain security incident involving Vercel, characterized as a case of "shadow AI" risk, where unsanctioned AI tooling contributed to a breach. Specific technical details of the incident were not included in the available summary.
Apple Steps Up Release of Security Updates in Response to AI Hacking Threats CPO Magazine
Cyber experts issue alert after two ransomware groups team up on ‘unprecedented’ threat campaign IT Pro
Indian authorities are investigating a data leak involving Tata that reportedly exposed confidential information related to Apple iPhone manufacturing or design. Further details on the scope and cause of the leak were not specified in the report.
Indian authorities are investigating a data breach at Tata Electronics that reportedly exposed confidential information related to Apple's upcoming iPhone 18 Pro, according to AnewZ. Further details on the scope of the leak were not included in the available report.
Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments. The post Alleged Scattered Spider Hacker Extradited to US appeared first on SecurityWeek.
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legi
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek.
Personal info of 70,000 people compromised in data breach involving SLA’s vendor IBM Yahoo News Singapore
Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. A steady stream of automated scanners tries to log in, hour after hour, from addresses all over the world. The common picture of what comes next has an attacker landing a shell, looking around the system, an
In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With open and simmering conflicts around the world, attacks can come from actors that would never have targeted your company before.
Organizations collect more cyber risk data than ever, with many still struggling to build a unified view of their exposure. The latest State of Threat Management report from Filigran found that security teams continue to work across disconnected tools, leaving important context spread across multipl