Cyber Crime News

Last fetched: 5:14 AM IST • Auto-updates every 2 hours

Developed by Team ET

Ransomware 10h ago • 8 sources

Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. [...]

Ransomware 1d ago • 4 sources

A threat actor tracked as JadePuffer exploited CVE-2025-3248, a critical missing-authentication flaw in the Langflow LLM framework, to gain code execution on an internet-exposed instance and used the LLM itself to conduct reconnaissance, harvest credentials, and pivot to other systems. The attacker dumped Langflow's Postgres database, targeted a production MySQL server and an Alibaba Nacos configuration platform via a known default JWT signing key, and ultimately used the compromised access for lateral movement and ransomware deployment, marking an agentic AI-driven ransomware attack per Sysdig.

Ransomware 1d ago • 3 sources

Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection, lateral movement, remote access, reco

APT / Nation-State 1d ago • 3 sources

A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse of such commercial surveillance tools in

APT / Nation-State 1d ago • 2 sources

Kaspersky identified a previously undocumented threat actor, Armored Likho, conducting cyber espionage and financially motivated attacks against government agencies and the electric power sector in Russia, Brazil, and Kazakhstan. The group uses obfuscated modular remote access trojans and infostealers designed to evade dynamic analysis, along with a tool called Go2Tunnel for remote access and network tunneling, and shows possible overlap with the Eagle Werewolf threat cluster tracked since 2023. Attacks include compromising Telegram channels to distribute malware such as AquilaRAT to targets including drone-development organizations.

Malware 1d ago • 2 sources

NetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks. The post Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices appeared first on SecurityWeek.

Ransomware 9h ago • 1 source

Anubis Ransomware Hits 91 Victims: Citrix Bleed 2 Bypasses MFA Before Encryption  Tech Times

Data Breach 12h ago • 1 source

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos

APT / Nation-State 13h ago • 1 source

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider. "The campaign remains active, and new mali

Data Breach 16h ago • 1 source

Novo Nordisk Breach: $25M Ransom, 1.3TB Claimed [2026]  tech-insider.org

Vulnerability 1d ago • 1 source

Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs secu

Vulnerability 1d ago • 1 source

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in the same small stretch of kernel code where Anthropic's mos

Data Breach 1d ago • 1 source

Crime Stoppers experienced a data breach, prompting police to issue a warning to the public. Specific details on the scope of affected data or individuals were not provided in the available information.

Data Breach 1d ago • 1 source

What you need to know about the American Consumer Credit Counseling data breach settlement  Claim Depot

Data Breach 1d ago • 1 source

Lemonade's $10.5M data breach settlement: See if you qualify and learn how to protect your identity  CNBC

APT / Nation-State 1d ago • 1 source

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the legit

Other 1d ago • 1 source

Noteworthy stories that might have slipped under the radar: Anonymous-linked Canadian hacker jailed, researcher drops zero-days in open source projects, Venezuelans sentenced in the US over ATM jackpotting. The post In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM

Data Breach 1d ago • 1 source

Aspire Health settles data breach class action lawsuit for $400,000: Who can claim and how to file for a cash payout  Claim Depot

Malware 1d ago • 1 source

A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. [...]

Ransomware 1d ago • 1 source

INC Ransomware Gang Targets the Legal Sector  KnowBe4 Blog

Other 1d ago • 1 source

Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?

Data Breach 1d ago • 1 source

Indian authorities are investigating a data breach at Tata linked to a leak of information about the unreleased Apple iPhone 18 Pro. The scope and cause of the breach are under investigation.

Other 1d ago • 1 source

Data loss and cyber-attacks continue to rank as top concerns for C-suite executives, according to Intelligent Insurer. The report underscores sustained executive-level anxiety about cyber risk, though specific survey data was not detailed.

Data Breach 1d ago • 1 source

A report examines a 2026 supply-chain security incident involving Vercel, characterized as a case of "shadow AI" risk, where unsanctioned AI tooling contributed to a breach. Specific technical details of the incident were not included in the available summary.

Other 1d ago • 1 source

Apple Steps Up Release of Security Updates in Response to AI Hacking Threats  CPO Magazine

Ransomware 1d ago • 1 source

Cyber experts issue alert after two ransomware groups team up on ‘unprecedented’ threat campaign  IT Pro

Data Breach 1d ago • 1 source

Indian authorities are investigating a data leak involving Tata that reportedly exposed confidential information related to Apple iPhone manufacturing or design. Further details on the scope and cause of the leak were not specified in the report.

Data Breach 1d ago • 1 source

Indian authorities are investigating a data breach at Tata Electronics that reportedly exposed confidential information related to Apple's upcoming iPhone 18 Pro, according to AnewZ. Further details on the scope of the leak were not included in the available report.

Arrest / Law Enforcement 1d ago • 1 source

Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments. The post Alleged Scattered Spider Hacker Extradited to US appeared first on SecurityWeek.

Malware 1d ago • 1 source

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legi

Vulnerability 1d ago • 1 source

The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek.

Data Breach 1d ago • 1 source

Personal info of 70,000 people compromised in data breach involving SLA’s vendor IBM  Yahoo News Singapore

Other 1d ago • 1 source

Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. A steady stream of automated scanners tries to log in, hour after hour, from addresses all over the world. The common picture of what comes next has an attacker landing a shell, looking around the system, an

Other 1d ago • 1 source

In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With open and simmering conflicts around the world, attacks can come from actors that would never have targeted your company before.

Other 1d ago • 1 source

Organizations collect more cyber risk data than ever, with many still struggling to build a unified view of their exposure. The latest State of Threat Management report from Filigran found that security teams continue to work across disconnected tools, leaving important context spread across multipl