Threat Intelligence

APT-C-23 resurfaces targeting Israel with Micropsia malware.

New campaign delivers Atomic Stealer to macOS via Script Editor in ClickFix variant attack.

Threat actor TRD selling databases of 2.1M NY residents and 918K Binance US users.

New Chaos malware variant targets misconfigured cloud deployments, adds SOCKS proxy capability.

Threat actor s1ic3r leaks 175MB of IC schematics and IP from Shanghai Fudan Microelectronics.

Shanghai Fudan Microelectronics breach leaks 175MB of IC schematics and internal documents.

Gunra ransomware gang claims 16 victims across multiple countries.

Bitter APT group conducts hack-for-hire spyware campaign targeting MENA journalists with ProSpy Android malware.

Masjesu botnet emerges as DDoS-for-hire service targeting IoT devices globally via Telegram.

North Korean state-sponsored hacker accidentally exposes stolen data and credentials.

FBI disrupts Russian GRU campaign hijacking routers via DNS attacks for espionage.

Actor coderx leaked 758MB database from Eastern Illinois University, citing retaliation for Iranian university attacks.

Threat actors claim to be selling financial data from SUFI, a Grupo Bancolombia financing company.

Salt Security report: 92% of orgs lack security maturity for AI agents despite 66% API growth surge.

Threat actor claims leak of AMAInterview.ai database with 24K+ users' personal data.

Montana Empire AI-assisted phishing kit targets postal service customers with card and ID theft.

Iranian threat actors disrupted US critical infrastructure by compromising exposed programmable logic controllers.

FBI reports $20.9 billion in cybercrime losses from 1M complaints in 2025, up 26% YoY.

Masjesu DDoS botnet targets IoT devices across Vietnam, Brazil, India, Iran, Kenya, and Ukraine.

Russian Forest Blizzard group hijacks home routers for DNS-based espionage targeting 5,000+ devices globally.

US disrupts Russian APT28 espionage operation using hacked routers for DNS hijacking and AitM attacks.

Anthropic's Claude Mythos AI model discovers thousands of zero-day vulnerabilities across major systems.

ClickFix campaign uses fake CAPTCHAs to deploy Node.js RAT malware via Tor to steal crypto.

Legitimate signed WinWord.exe used to load malicious AppvIsvSubsystems64.dll

Iran-linked hackers disrupt U.S. critical infrastructure by targeting internet-exposed PLCs.

US government warns of Iranian state-sponsored threat actors targeting industrial PLCs.

Iran-linked hackers disrupt US critical infrastructure via PLC and SCADA attacks.

FBI neutralizes Forest Blizzard espionage network compromising 18,000 routers across 120+ countries.

Threat actor leaks database of 33,000+ users from MHI supply chain event website.

Threat actor NormalLeVrai selling alleged Service Telecom database with 2.8M user records and source code.

DOJ and FBI conduct court-authorized disruption of GRU-controlled DNS hijacking network using compromised TP-Link

DOJ disrupts Russian military intelligence DNS hijacking operation via court order.

Microsoft attributes Medusa ransomware deployments to Storm-1175 exploiting N-day and zero-day vulnerabilities.

Iran-linked hackers sabotage US energy and water infrastructure via compromised industrial control devices.

CVE-2026-23398 Linux kernel ICMP DoS vulnerability disclosed with public PoC.

Snowflake customers targeted in data theft after SaaS integrator Anodot breached and tokens stolen.

Threat actor selling 1.2M French FICOBA banking records with IBANs, SSNs, and tax IDs from 15+ banks.

Threat actor sells 1.2M French banking records with IBANs, SSNs, and tax IDs from 15+ banks.

Anthropic launches Project Glasswing consortium with 45+ orgs to test Claude Mythos Preview's cybersecurity

Anthropic unveils Claude Mythos, a frontier AI model that identifies thousands of zero-day vulnerabilities but risks

FBI releases joint advisory on Iranian cyber actors exploiting PLCs in US critical infrastructure.

US agencies warn of Iranian APT targeting internet-exposed industrial control systems.

Iranian APT actors breach U.S. energy and water infrastructure OT devices, disrupt PLCs.

REF1695 group deploys Monero mining malware via fake non-profit installers since late 2023.

NyxarGroup allegedly selling stolen Colombian government personal data online.

Threat actor McLovin offers 4.6M Robinhood Gold member records for sale.

Threat actor OnarDev claims to sell dataset of 2M Coinbase users for $500.

Threat actor McLovin selling database of 810M Chinese delivery addresses for $1,000.

Russia's GRU-linked Forest Blizzard hacks routers to mass-harvest Microsoft Office authentication tokens from 18,000

Threat actor Florence selling root RCE access to Botswana health portal firewall for $300.