Identity & Access

Threat actor advertises Session ID hijacking service for $5,000 USD in Monero.

Montana Empire AI-assisted phishing kit targets postal service customers with card and ID theft.

Russian Forest Blizzard group hijacks home routers for DNS-based espionage targeting 5,000+ devices globally.

US disrupts Russian APT28 espionage operation using hacked routers for DNS hijacking and AitM attacks.

Kaspersky 2025 financial threat report shows infostealers surge while banking malware declines, with phishing shifting

FBI neutralizes Forest Blizzard espionage network compromising 18,000 routers across 120+ countries.

Snowflake customers targeted in data theft after SaaS integrator Anodot breached and tokens stolen.

Threat actor McLovin offers 4.6M Robinhood Gold member records for sale.

Threat actor OnarDev claims to sell dataset of 2M Coinbase users for $500.

Russia's GRU-linked Forest Blizzard hacks routers to mass-harvest Microsoft Office authentication tokens from 18,000

Threat actor JINKUSU advertises OMNITRIX IMAP service for unauthorized email monitoring and manipulation.

APT28 exploits MikroTik and TP-Link routers in global DNS hijacking campaign for credential theft.

Law enforcement disrupts FrostArmada, APT28 campaign hijacking routers to steal Microsoft 365 credentials.

Cloud Security Forecast 2026 identifies identity and permission patterns as predictable drivers of cloud compromise.

Forest Blizzard compromises SOHO routers for DNS hijacking and AiTM attacks on Microsoft services.

APT28 exploits routers to hijack DNS and conduct credential-stealing man-in-the-middle attacks.

Spain's AEPD fines Vodafone €200K for SIM-swap fraud enabling unauthorized bank access.

Wynn Resorts confirms 21,000 employees affected by ShinyHunters data breach targeting HR systems.

DPRK-linked Kimsuky group uses GitHub as C2 in multi-stage LNK-based attacks on South Korean targets.

KBank Vietnam breach exposes 10.1M credit records with national IDs, salaries, and credit scores.

KBank Vietnam breach exposes 10.1M credit records with national IDs and salary data.

UAT-10608 exploits React2Shell flaw in Next.js apps for automated credential theft.

North Korean hackers (UNC4736) stole $285M from Drift Protocol after six-month social engineering campaign.

Threat actor Jinkusu advertises deepfake and voice manipulation tool for KYC bypass.

Syrian government X accounts hijacked in March, revealing systemic cybersecurity failures and credential reuse.

North Korean UNC1069 compromised Axios npm maintainer via social engineering to publish malicious package versions.

US financial firm with $2B+ revenue's root firewall access allegedly sold by initial access broker.

LinkedIn secretly scans 6,000+ Chrome extensions and collects device data via hidden JavaScript.

Hims & Hers suffers data breach via compromised Zendesk support tickets after ShinyHunters exploits Okta SSO accounts.

Incogniton anti-detect browser promoted on cybercrime forum with free tier.

Threat actor AckLine sells RDWeb access to unnamed Netherlands software company on cybercrime forum.

North Korean hackers abuse GitHub to spy on South Korean firms using LNK files and PowerShell.

MONEYLIN threat actor leaks ~1TB of identity documents from 45+ countries on cybercrime forum.

Former infrastructure engineer pleads guilty to locking 254 servers in failed extortion plot.

Unit 42 uncovers campaign targeting military entities using NATO exercise and defense conference lures.

Threat actor claims to sell unauthorized admin access to U.S. X-Cart e-commerce store.

Iranian threat actors shift from custom wiper malware to identity abuse and MDM weaponization.

Iranian cyber ops shift to living-off-land techniques targeting enterprise management infrastructure.

Threat actors embed AI across attack lifecycle, achieving 450% higher phishing click-through rates and industrialized

SPIDER ransomware group shifts tactics from network infiltration to credential-based intrusions.

Microsoft warns of WhatsApp-delivered VBS malware installing backdoors on Windows PCs.

Threat actors exploit vacant homes as mail drop addresses to intercept sensitive correspondence for fraud and identity

Storm infostealer sold as subscription service bypasses Chrome encryption, targets browsers and crypto wallets.

DFIR Report documents MEOWBACKCONN malware campaign using fake Teams installer.

Cisco patches critical IMC authentication bypass enabling unauthenticated Admin access.

Unit 42 tracks phishing campaign impersonating Palo Alto Networks recruiters targeting senior professionals.

Phishing campaign impersonates Palo Alto Networks using scraped LinkedIn data to target senior professionals.

LinkedIn phishing campaign uses fake notifications and lookalike domains to steal credentials.

Vulta Intelligence launches credential lookup service indexing 14.2B stolen records via Telegram bot and web dashboard.

Vulta Intelligence launches credential lookup service indexing 14.2B records via Telegram bot.