Security Insights

Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

A photoreal editorial close-up of a tangled cluster of consumer routers, IP cameras, and small set-top boxes sitting on
Threats
5 min read
30 Jun 2026

RustDuck Botnet Has Been Building a DDoS Swarm Since February 2026 — and It's Evolving Faster Than It's Growing

QiAnXin's XLab team has identified a Rust-written, two-stage botnet called RustDuck quietly enlisting home routers, IP cameras, Android TV boxes, and exposed Linux servers into a DDoS-for-hire operation. The headline isn't the size of the swarm. It's how fast the code is changing.

A close-up photoreal shot of hands hovering over a laptop keyboard in a dimly lit office, the glow of a browser address
Threats
4 min read
30 Jun 2026

Fake Perplexity Chrome Extension Sent Every Address Bar Keystroke to an Attacker Server

Microsoft's threat research team caught a malicious Chrome extension impersonating Perplexity AI — one that silently intercepted omnibox input, character by character, before users ever saw a search result.

A photoreal editorial scene of a glowing laptop screen displaying green terminal code in a dimly lit developer workspace
Threats
4 min read
29 Jun 2026

Hijacked npm Packages Abuse VS Code Tasks to Drop Cross-Platform Python Infostealer

JFrog researchers found attackers who compromised two legitimate npm maintainer accounts and built a Go module cluster to deliver a Python stealer — hiding execution inside VS Code workspace task definitions rather than the lifecycle hooks most tools actually scan.

A photorealistic editorial scene showing a close-up of a smartphone lying face-up on a cold metal table in a sparse, dim
Threats
5 min read
28 Jun 2026

Russia Used Cellebrite Against an Activist, Five Eyes Sounded an AI Alarm, and Scattered Spider Pleaded Guilty — Here Is What Defenders Should Do Next

Four security developments from one week paint a coherent picture: surveillance tools reach beyond their intended users, AI threats are operational not theoretical, Mac endpoints carry real risk, and social-engineering crews face real prison time.

Photoreal editorial scene: a darkened server room bathed in cold blue light, rows of network hardware with blinking ambe
Threats
4 min read
28 Jun 2026

ASIO: State Hackers Stole IT Staff Credentials at Australian Critical Infrastructure Site

Australia's domestic intelligence chief confirmed a foreign state actor had harvested valid login credentials from privileged IT accounts inside a critical infrastructure operator — and was positioned for sabotage, not passive surveillance.

Photoreal editorial scene: a darkened government server room in Southeast Asia, rows of illuminated rack-mounted servers
Threats
5 min read
28 Jun 2026

New TinyRCT Backdoor Targets Southeast Asian Energy and Government Networks in Stealthy Chinese-Speaking Campaign

Palo Alto Networks Unit 42 has identified a previously unknown implant — TinyRCT — deployed by an intrusion cluster called CL-STA-1062 against state-owned energy enterprises and government ministries across Southeast Asia.

Photoreal editorial scene: a dimly lit government office at night, a serious professional in civilian clothes staring at
Threats
4 min read
27 Jun 2026

Russia Ran Fake Messenger Support Scams Against Officials Across Three Continents, SSU and FBI Say

GRU and FSB-linked operators impersonated tech-support staff and trusted contacts to hijack Signal, Telegram, and WhatsApp accounts belonging to soldiers, politicians, and activists in Ukraine, Europe, and the United States.

A photoreal editorial scene of a darkened government operations center in Asia at night, multiple monitors displaying ne
Threats
4 min read
27 Jun 2026

SharkLoader: A Custom-Built Stager Is Planting Cobalt Strike Beacon on Asian Government Networks

Kaspersky researchers tracking a campaign called StrikeShark have identified a previously undocumented loader family dropping Cobalt Strike Beacon on a diplomatic organization in Indonesia and government targets in Taiwan — a targeting profile that points squarely to state-sponsored espionage.

A close-up editorial photograph of a person's hands holding a smartphone displaying a blurred messaging app settings scr
Threats
5 min read
26 Jun 2026

GRU Phishing Campaign Targets Signal's Backup Recovery Key — And the Key Never Expires

The FBI and CISA have updated their advisory on Russian intelligence operators targeting Signal users, warning that attackers have shifted tactics from linked-device hijacking to stealing the Backup Recovery Key — a credential that grants permanent, silent access to a user's full message history.

A lone executive in a dark suit walks through a modern glass-walled corporate security operations centre at dusk, multip
Threats
4 min read
26 Jun 2026

Philip Martin Joins Uber as CISO, Bringing Crypto and Defence Credentials to a Chair With History

The former Coinbase security chief takes over at Uber — a company whose breach record, regulatory scrutiny, and expanding data footprint make the hire one of the more consequential CISO appointments in recent memory.

A close-up, photoreal editorial shot of a laptop screen displaying a browser window with a puzzle-piece extension icon g
Threats
5 min read
26 Jun 2026

Featured Chrome Extension 'Adblock for YouTube' Carries Hidden Remote-Execution Capability — 10 Million Users at Risk

A widely installed ad-blocking extension holds code that can fetch and run arbitrary JavaScript on any page a user visits. No malicious payload has been observed yet. That 'yet' is the problem.

A photoreal editorial scene inside a dimly lit corporate server room at night, a hooded figure reflected faintly in a ra
Threats
5 min read
25 Jun 2026

Mistic Backdoor: How an Access Broker Is Selling Footholds to Qilin, Akira, and Black Basta

A threat group called Woodgnat has deployed a custom in-memory backdoor since at least April 2025, quietly auctioning enterprise access to some of the most active ransomware gangs operating today.

Photoreal wide-angle editorial shot of a server room at night, rows of rack-mounted firewall and network appliances with
Threats
4 min read
23 Jun 2026

FortiBleed: How a Credential-Stuffing IAB Probed 430,000 FortiGate Firewalls

A financially motivated initial access broker has been running brute-force and credential-stuffing attacks against internet-exposed FortiGate appliances since February 2026 — and the TTPs are textbook, repeatable, and preventable.

A photorealistic editorial scene: a glowing smartphone screen displaying an anonymous chat message with a file attachmen
Threats
5 min read
23 Jun 2026

WhatsApp DMs Are Delivering VBScript Droppers That Install Legitimate RMM Tools on Victims' Machines

An active, multi-continent campaign sends malicious Visual Basic Script files over WhatsApp to sideload commercial remote-monitoring software — and most endpoint controls never fire.

A photorealistic editorial scene of a software engineer in a dimly lit server room staring at a monitor displaying a pip
Threats
5 min read
22 Jun 2026

ShapedPlugin Pro Plugins Shipped Backdoor Code Through the Vendor's Own Update Channel

Attackers compromised ShapedPlugin's build and distribution pipeline, silently delivering malicious code to paying customers who did everything right.

Photoreal editorial scene: a dimly lit operations center in a Southeast Asian city at night, multiple large monitors dis
Threats
5 min read
22 Jun 2026

INTERPOL's 2025/2026 Assessment: Phishing, Ransomware, and AI Fraud Are Overwhelming Asia-Pacific Defenses

A new INTERPOL threat report finds cybercrime accelerating across Asia and the South Pacific, with phishing driving initial access, ransomware hitting under-resourced nations hardest, and generative AI removing the last natural barriers to mass fraud.

A photorealistic editorial scene of a dimly lit living room at night, a cheap plastic Android TV streaming box glowing w
Threats
5 min read
19 Jun 2026

Popa Botnet Tied to NASDAQ-Listed Residential Proxy Firm Alarum Technologies

Researchers from Synthient and Qurium traced four years of Android TV box traffic-relaying back to infrastructure connected to NetNut, the residential proxy service owned by Israel's Alarum Technologies — raising hard questions about where legitimate proxy networks end and silent botnets begin.

A close-up photoreal editorial shot of a human hand hovering over a mechanical keyboard, fingers poised to press keys, w
Threats
5 min read
17 Jun 2026

ClickFix Goes Mainstream: Three Loader Families Exploit the Same Social-Engineering Trick

BabaDeda, Lorem Ipsum, and Potemkin loaders all use the same clipboard-paste attack pattern — and education and finance organizations absorbed the bulk of April 2026 hits.

A photoreal editorial close-up of a glass jar sealed with a metal lid sitting on a server rack inside a dimly lit data c
Threats
5 min read
16 Jun 2026

Pickle in the Middle: Google Vertex AI SDK Flaw Gave Attackers Code Execution Inside Google's Cloud

A bucket-squatting vulnerability in the Google Cloud Vertex AI Python SDK let an unauthenticated attacker intercept ML model uploads and run arbitrary code inside Google's managed serving infrastructure — no project credentials required.

A software developer sits at a dual-monitor workstation in a dimly lit modern office at night, intensely reviewing code
Threats
5 min read
15 Jun 2026

North Korea's Contagious Interview Crew Targets Developers With Code-Review Phishing Bait

The DPRK-linked threat cluster known as Contagious Interview has added a deceptively simple new lure to its arsenal: a polite request to review some code.

A photorealistic close-up of a terminal screen glowing in a dark room showing lines of shell script code, with faint gre
Threats
5 min read
15 Jun 2026

400+ AUR Packages Hijacked to Drop Rust Credential Stealer and eBPF Rootkit

Attackers rewrote PKGBUILD scripts across more than 400 Arch User Repository packages, turning the normal build process into a credential-harvesting operation — with a kernel-level rootkit waiting for any build that ran as root.

A photoreal editorial scene shot in a dark server room: rows of black rack-mounted servers glow with faint blue and gree
Threats
4 min read
15 Jun 2026

Velvet Ant Hid Inside Linux Auth for Nearly a Decade by Backdooring PAM and OpenSSH

A China-nexus threat actor planted rogue authentication modules on victim networks and stayed undetected for close to ten years — by targeting the one layer most incident-response playbooks quietly trust.

A photoreal editorial scene showing a tangled mass of glowing fiber-optic cables being severed by a pair of heavy-duty b
Threats
5 min read
14 Jun 2026

Outsider Enterprise Dismantled: What the 'AI-Powered' Phishing Takedown Actually Tells Defenders

The FBI, Google, and Lumen's Black Lotus Labs jointly knocked a Chinese phishing-as-a-service operation offline after it registered nearly one million malicious domains. The AI angle is real — but narrower than headlines suggest.

Photoreal editorial scene: an empty school district IT server room at night, fluorescent lights flickering, a lone works
Threats
4 min read
13 Jun 2026

Former Iowa School IT Admin Sentenced to 21 Months for Post-Termination Network Intrusions

No malware, no nation-state tradecraft — just valid credentials that nobody revoked. A disgruntled ex-employee deleted accounts and disrupted classrooms for months before federal charges ended it.

A dimly lit developer workstation at night showing a terminal screen with cascading green text and package build output,
Threats
5 min read
12 Jun 2026

400+ Arch Linux AUR Packages Backdoored With Rust Credential Stealer and eBPF Rootkit

Attackers hijacked more than 400 community-maintained Arch User Repository packages this week, silently modifying build scripts to drop a Rust-based credential harvester — and, when the build ran as root, an eBPF rootkit capable of hiding itself from every standard Linux detection tool.

Photoreal editorial scene: a dimly lit university server room at night, rows of blinking rack-mounted servers casting bl
Threats
4 min read
11 Jun 2026

ShinyHunters Exploited an Oracle PeopleSoft Zero-Day for Two Weeks Before a Patch Existed

The extortion crew tracked as UNC6240 spent May 27 through June 9 inside university PeopleSoft environments — stealing student records, HR files, and financial data — while Oracle's advisory sat unpublished.

A photoreal editorial scene of a glowing smartphone screen displaying a chat interface with a suspicious unread message
Threats
5 min read
9 Jun 2026

Meta Accuses NSO Group of Violating WhatsApp Injunction With Fresh Spear-Phishing Campaign

A federal jury awarded Meta roughly $168 million in May after NSO's Pegasus spyware abused a WhatsApp voice-call flaw in 2019. Now Meta says NSO's operators are back — this time with social-engineering lures — and is asking a judge to hold the vendor in contempt.

A photoreal close-up of tangled fiber optic cables glowing blue and amber in a dark server room, with one cable visibly
Threats
4 min read
8 Jun 2026

Miasma Worm Burrows Into Microsoft's GitHub Presence, Tainting 73 Repositories Across Four Organizations

A self-replicating campaign is chaining stolen developer tokens into an ever-widening blast radius — and Microsoft's own GitHub organizations were not immune.

A photoreal editorial scene inside a quiet law firm office at dusk: a professional in business attire sits at a desk spe
Threats
5 min read
7 Jun 2026

Silent Ransom Group Calls Law Firms Directly — Then Drains Files Within Hours

A financially motivated extortion crew is impersonating IT staff over the phone, tricking employees into handing over remote access, and exfiltrating privileged client files before most firms even open a help ticket.

A photorealistic wide-angle shot of a dimly lit modern living room at night, a large smart television glowing with a str
Threats
5 min read
7 Jun 2026

Your Smart TV May Be Relaying Scraping Traffic Right Now — And You Probably Agreed to It

A reverse-engineering of Bright Data's iOS SDK reveals how consumer apps — including always-on televisions — quietly enlist household devices as exit nodes in a massive residential proxy network increasingly serving AI data demands.

Photorealistic close-up of a developer's hands typing on a mechanical keyboard in a dimly lit office at night, multiple
Threats
5 min read
5 Jun 2026

Two npm Supply-Chain Campaigns Run Simultaneously: A Rust-Based eBPF Stealer and a Self-Spreading Worm

JFrog researchers caught two parallel attacks inside the npm registry — one hiding inside the Linux kernel, the other replicating across 50-plus packages by hijacking maintainer credentials.

Photoreal editorial scene: a dimly lit server room with rows of illuminated rack-mounted servers casting blue and white
Threats
5 min read
5 Jun 2026

PCPJack Hijacks 230 Cloud Servers Across AWS, Azure, and Google Cloud to Build a Stealth SMTP Relay Grid

A threat actor quietly converted compromised business workloads on three major cloud platforms into a verified mail-relay network, refreshing its inventory every five minutes and burning victims' IP reputations in the process.

A photoreal editorial scene of a large open-plan corporate office in a European city at dusk, rows of monitors glowing w
Threats
4 min read
4 Jun 2026

TA4922 Expands Phishing Operations Into Europe and South Africa With ValleyRAT and Atlas RAT

A China-linked threat crew is cycling through commodity and custom malware at an unusually fast clip — and it has started targeting organizations far outside its traditional Asia-Pacific base.

A photoreal aerial view of a generic Southeast Asian city at dusk, digital network node lines faintly overlaid on the ci
Threats
5 min read
4 Jun 2026

DOJ 'Disruption Week' Targets Southeast Asia Pig-Butchering Networks — But the Real Story Is What Platforms Already Knew

A May 18 coordinated takedown froze $3.8 million in crypto and pulled millions of social-media and email accounts linked to Southeast Asian fraud compounds. The dollar figure is almost beside the point.

A photoreal editorial scene of a teenage boy sitting at a dimly lit gaming desk, staring at a monitor showing a Minecraf
Threats
5 min read
3 Jun 2026

Weedhack MaaS Campaign Has Compromised Over 3,800 Devices by Hijacking Minecraft's Modding Culture

A malware-as-a-service operation active since January 2026 is using YouTube tutorials and fake Minecraft clients to silently hand attackers full remote control of victims' machines — and the infection count keeps climbing.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress