HIGH

Weekly Update 505

Troy Hunt • May 24, 2026

CRITICAL

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

The Hacker News • May 20, 2026

HIGH

GitHub Confirms Hack Impacting 3,800 Internal Repositories

SecurityWeek • May 20, 2026

CRITICAL

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

The Hacker News • May 20, 2026

HIGH

Exposing Fox Tempest: A malware-signing service operation

Microsoft Security Blog • May 19, 2026

HIGH

Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool

Infosecurity Magazine • May 19, 2026

HIGH

Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud

Trend Micro Research • May 19, 2026

HIGH

How Storm-2949 turned a compromised identity into a cloud-wide breach

Microsoft Security Blog • May 18, 2026

HIGH

Shai-Hulud Worm Clones Spread After Code Release

Dark Reading • May 18, 2026

CRITICAL

Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)

Tenable Research • May 15, 2026

CRITICAL

Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

Dark Reading • May 14, 2026

CRITICAL

Thus Spoke…The Gentlemen

Check Point Research • May 13, 2026

MEDIUM

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

The Register Security • May 13, 2026

MEDIUM

UAT-8302 and its box full of malware

Malpedia •

CRITICAL

New PCPJack worm steals credentials, cleans TeamPCP infections

BleepingComputer • May 07, 2026

CRITICAL

UAT-8302 and its box full of malware

Cisco Talos • May 05, 2026

CRITICAL

Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite

Malpedia •

MEDIUM

Edu tech firm Instructure discloses cyber incident, probes impact

BleepingComputer • May 01, 2026

CRITICAL

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

The Hacker News • May 01, 2026

MEDIUM

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

Dark Reading • Apr 30, 2026

HIGH

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Ars Technica Security • Apr 29, 2026

HIGH

TeamPCP-linked VECT 2.0 ransomware unintentionally destroys files larger than 128 KB

SC Media • Apr 29, 2026

HIGH

Checkmarx Confirms Data Stolen in Supply Chain Attack

SecurityWeek • Apr 29, 2026

MEDIUM

Inside an OPSEC Playbook: How Threat Actors Evade Detection

BleepingComputer • Apr 28, 2026

HIGH

BlackFile Group Targets Retail and Hospitality with Vishing Attacks

Infosecurity Magazine • Apr 27, 2026

MEDIUM

TGR-STA-1030: New Activity in Central and South America

Unit 42 • Apr 24, 2026

CRITICAL

FIRESTARTER Backdoor

CISA All Advisories • Apr 23, 2026

CRITICAL

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

Cisco Security • Apr 23, 2026

HIGH

French govt agency confirms breach as hacker offers to sell data

BleepingComputer • Apr 21, 2026

MEDIUM

Detection strategies across cloud and identities against infiltrating IT workers

Microsoft Security Blog • Apr 21, 2026

INFO

Untangling a Linux Incident With an OpenAI Twist

Huntress • Apr 17, 2026

HIGH

Nightmare-Eclipse Tooling Seen in Real-World Intrusion

Huntress • Apr 20, 2026

INFO

Rockstar Games gets a taste of grand theft data amid ShinyHunters threat of 'Pay or leak'

The Register Security • Apr 13, 2026

CRITICAL

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

The Hacker News • Apr 13, 2026

HIGH

Medusa Ransomware Attack

FortiGuard Threat Signal • Apr 10, 2026

HIGH

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

Microsoft Security Blog • Apr 07, 2026

MEDIUM

Decoding NightSpire: Ransomware IOCs Aren't Set in Stone

Huntress • Apr 07, 2026

CRITICAL

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

The Hacker News • Apr 07, 2026

HIGH

Detecting CI/CD Supply Chain Attacks with Canary Credentials

Reddit r/netsec • Apr 07, 2026

HIGH

Hackers exploit React2Shell in automated credential theft campaign

BleepingComputer • Apr 05, 2026

HIGH

A threat actor who goes by the name "Mr. Raccoon" has claimed to hack Adobe support via 3rd party Indian BPO firm

Reddit r/netsec • Apr 03, 2026

CRITICAL

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

SecurityWeek • Apr 03, 2026

HIGH

A threat actor who goes by the name "Mr. Raccoon" has claimed to hack Adobe support via 3rd party Indian BPO firm

Reddit r/netsec • Apr 03, 2026

MEDIUM

An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases

Cisco Talos • Apr 02, 2026

HIGH

UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications

Cisco Talos • Apr 02, 2026

HIGH

Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069

Tenable Research • Apr 01, 2026

HIGH

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

Malpedia •

MEDIUM

Venom Stealer MaaS Platform Commoditizes ClickFix Attacks

Dark Reading • Apr 01, 2026

HIGH

FBI confirms hack of Director Patel's personal email inbox

BleepingComputer • Mar 29, 2026

HIGH

A cunning predator: How Silver Fox preys on Japanese firms this tax season

ESET WeLiveSecurity • Mar 27, 2026

HIGH

European Commission investigating breach after Amazon cloud hack

BleepingComputer • Mar 27, 2026

CRITICAL

New “Darksword” iOS exploit used in infostealer attack on iPhones

BleepingComputer • Mar 18, 2026

MEDIUM

The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico

Securelist • Mar 18, 2026

HIGH

Boggy Serpens Threat Assessment

Unit 42 • Mar 16, 2026

HIGH

“Handala Hack” – Unveiling Group’s Modus Operandi

Check Point Research • Mar 12, 2026

MEDIUM

Silence of the hops: The KadNap botnet

Malpedia •

HIGH

BlackSanta EDR-Killer Targets HR Teams in CV-Themed Campaign

Infosecurity Magazine • Mar 11, 2026

HIGH

Salesforce issues new security alert tied to third customer attack spree in six months

CyberScoop • Mar 11, 2026

HIGH

Overly permissive ‘guest’ settings put Salesforce customers at risk

CSO Online • Mar 11, 2026

HIGH

New ‘BlackSanta’ EDR killer spotted targeting HR departments

BleepingComputer • Mar 10, 2026

HIGH

Russian Threat Actor Sednit Resurfaces With Sophisticated Toolkit

Dark Reading • Mar 10, 2026

HIGH

Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stolen Data

Infosecurity Magazine • Mar 09, 2026

CRITICAL

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

The Hacker News • Mar 09, 2026

CRITICAL

Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited

SecurityWeek • Mar 08, 2026

HIGH

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Microsoft Security Blog • Mar 04, 2026

MEDIUM

Risky Business #827 -- Iranian cyber threat actors are down but not out

Risky Business • Mar 04, 2026

HIGH

AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning

CSO Online • Mar 04, 2026

CRITICAL

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries

The Hacker News • Mar 03, 2026

HIGH

Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations

Tenable Research • Mar 03, 2026

HIGH

From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

Malpedia •

INFO

Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign

Malpedia •

CRITICAL

Risky Business #826 -- A week of AI mishaps and skulduggery

Risky Business • Feb 25, 2026

LOW

3 Threat Groups Started Targeting ICS/OT in 2025: Dragos

SecurityWeek • Feb 17, 2026

MEDIUM

tripwire.com

Web Discovery • Feb 09, 2026

MEDIUM

The Lazarus group: North Korean scourge for +10 years | NCC Group

Web Discovery • Feb 12, 2026

MEDIUM

Cato CTRL™ Threat Research: Investigation of RMM Tools Leveraged by Ransomware Gangs in Real-World Incidents

Web Discovery • Feb 11, 2026

MEDIUM

Threat Advisory: VoidLink

Web Discovery • Feb 11, 2026

MEDIUM

New threat actor UAT-9921 deploys VoidLink against enterprise sectors

Web Discovery • Feb 11, 2026

INFO

The Dragonforce Cartel: LockBit–Qilin–DragonForce Alliance

Web Discovery • Feb 08, 2026

INFO

The Godfather of Ransomware? Inside DragonForce’s Cartel Ambitions

Web Discovery • Feb 08, 2026

MEDIUM

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

The Hacker News • Feb 13, 2026

LOW

0APT ransomware group rises swiftly with bluster, along with genuine threat of attack

CyberScoop • Feb 11, 2026

MEDIUM

New threat actor, UAT-9921, leverages VoidLink framework in campaigns

Cisco Talos • Feb 11, 2026

MEDIUM

Can’t stop, won’t stop: TA584 innovates initial access

Malpedia •

INFO

Labyrinth Chollima Evolves into Three North Korean Hacking Groups

Infosecurity Magazine • Jan 30, 2026