Why pure extortion is replacing traditional ransomware
Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups ar...
Security Affairs
20 articles
Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets
Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwrite...
Authorities arrest 23-year-old accused of running the Kimwolf botnet
Canadian authorities arrested a 23-year-old Ottawa man accused of running the Kimwolf DDoS botnet. The US is now seeking extradition.
U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog
U.S.
One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure
Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity.
U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog
U.S.
Global law enforcement operation takes First VPN offline
Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major internat...
Apple Blocks Over 2 Million Apps in 2025 Fraud Crackdown
Apple 2025 fraud report shows major App Store protections: over 2M apps rejected, 1B fake accounts blocked, and billions in fraud prevented. Apple ‘s annual ...
Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix
Attackers bypassed MFA on patched SonicWall Gen6 VPNs because admins missed extra manual steps required to fully fix the flaw. There is a particular kind of ...
Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload
Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released...
Discord adds end-to-end encryption to voice and video calls by default
Discord now enables end-to-end encryption by default for all voice and video calls, making conversations inaccessible even to the platform itself. No announc...
PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately.
Microsoft issues YellowKey mitigation, no patch yet
Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN.
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free
Carding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the...
A malicious VS code extension just breached GitHub ‘s internal repositories
One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated.
DirtyDecrypt: PoC Released for yet another Linux flaw
DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root.
Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash
A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwi...
Drupal is rolling out an emergency security update on May 20. You cannot miss it
Drupal Is Pushing an Emergency Security Update Tomorrow. If You Run a Drupal Site, This Is Not One to Miss.
Microsoft dismantled malware-signing network Fox Tempest
Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said...
Poland shifts away from Signal following cyberattacks on officials’ accounts
Poland told officials to stop using the popular instant messaging app Signal after cyberattacks targeted government accounts. Poland has instructed governmen...