Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems

Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems

Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over

From a research-driven pilot, the Cybersecurity Communities of Support (CyCOS) is about to be handed over to CIISec

Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies

ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe

AI-Generated npm Malware Leaks Its Own GitHub Token

Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

Attackers Move Past Typosquatting to Realistic Package Impersonation

Most malicious open source packages now mimic real code rather than rely on typosquatting

Microsoft Condemns "Uncoordinated" Zero Day Disclosures

Microsoft warned the disclosure of several unpatched vulnerabilities without notice has put “customers at unnecessary risk”

New Threat Actor Jinx-0164 Targets Crypto Developers on macOS

New actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malware

Infosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study Reveals

ISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reacting to a significant cyber incident

GCHQ Chief Urges Action as AI Reshapes Cyber Threats

GCHQ director urges urgent business cyber action as AI and quantum reshape the threat

CrowdStrike, Google Take Down Glassworm Botnet

Operators of the malicious Glassworm botnet have been targeting software developers since at least early 2025

Infosecurity Europe: Why Burnout in Cybersecurity Demands Risk-Based Response

Cybermindz warns that cybersecurity burnout is a growing risk, urging organizations to move beyond wellness initiatives and adopt a measurable, risk-based approach to workforce stress

All Major LLMs Exposed to Multi-Turn Manipulation, Warn Researchers

Thousands of Fake FIFA Domains Target World Cup Fans

Group-IB uncovered Ghost Stadium phishing and 4300 fake FIFA World Cup domains targeting fans

68% of UK Firms Plan to Increase Cyber Spending as AI Risks Rise

UK firms plan higher cyber spending as AI adoption raises security concerns

PureLogs Variant Steals Data via Purchase Order Lures

FortiGuard Labs detailed a PureLogs campaign using JavaScript, PowerShell and process hollowing

Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targets

BTMOB Android RAT Spreads Through No-Code Builder Tooling

BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures

India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws

CERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelines

Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign

Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning

FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens

The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI