-
In April 2026, incident responders traced a sophisticated intrusion that abused compromised WordPress sites to deliver GULoader via an EtherHiding → ClickFix → UNC-chain. The real-world ClickFix incident produced convergent evidence from an ANY.RUN san…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ghostwriter (UNC1151) has escalated its long-standing phishing operations by deploying convincing fake Gmail login panels that harvest both passwords and two-factor authentication (2FA) codes, CERT Polska reports. The group historically focused on Poli…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An active campaign in which attackers are abusing Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow to take over Microsoft 365 accounts. Rather than capturing credentials with a fake login page, the threat actors persuade victims to c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise. The campaign also affects the TrustPulse and PushEngage plugins, both developed by Awesome Motive, si…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Rhysida and Interlock sit inside the same ransomware supply chain, but their latest observed behavior shows a more nuanced relationship than simple code reuse. IBM X-Force’s long-term analysis ties both groups to initial access brokers, private crypter…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
AI is reshaping foreign malign influence operations in subtle but consequential ways. Our analysis of pro-Russia and pro-China inauthentic accounts on X across 2024–2026 shows actors are not leveraging AI primarily to flood platforms with volume. Inste…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two new Ransomware-as-a-Service (RaaS) entrants publicly recruited affiliates, underscoring a rapid reconsolidation of the ransomware market and a sharpening competition for skilled operators. An actor using the handle hyflock123 posted a recruitment t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated, long-running cyberespionage campaign attributed to UNC6508, a People’s Republic of China (PRC)-nexus threat actor, that systematically targets North American academic, medical, and military research institutions. The campaign, ac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A single developer-known online as RockyBelling has assembled a highly modular PhaaS/MaaS ecosystem that affiliates worldwide use to launch highly targeted IRS and SSA-themed phishing campaigns that predominantly hit U.S. victims. SOCRadar research spa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has triggered widespread browser security warnings after allowing the TLS certificate for a critical Microsoft 365 connectivity testing domain to expire, raising concerns over certificate lifecycle management practices. The affected domain, c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
