Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on the first day of what was expected to be a six-week trial.
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a "residential proxy" provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR].
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is now publicly available.
Official Instagram accounts belonging to the Obama White House and the Chief Master Sergeant of the U.S. Space Force were defaced with pro-Iranian content after attackers exploited a flaw in Meta's AI support chatbot to reset passwords. Instructions for the attack were being shared on Telegram.
Dutch authorities arrested the co-owners of two related Internet hosting companies that provided IT infrastructure used by Russia for cyberattacks, influence operations, and disinformation campaigns targeting the European Union. The companies had taken control of technical infrastructure previously belonging to Stark Industries Solutions, an ISP already sanctioned by the EU for facilitating cyber operations by Russian intelligence agencies.
A contractor working for the U.S. Cybersecurity and Infrastructure Security Agency (CISA) intentionally published AWS GovCloud access keys and classified agency secrets to a public GitHub account, prompting Congressional lawmakers to demand answers as CISA attempts to contain the breach and revoke compromised credentials.
Canadian authorities arrested a 23-year-old Ottawa resident on suspicion of creating and operating Kimwolf, a widely distributed IoT botnet used in a series of major DDoS attacks over the past six months. The suspect faces criminal charges in both Canada and the United States, including previous campaigns targeting journalists and security researchers.
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.
A cybercrime group defaced the login page of the Canvas education platform with a ransom demand, disrupting classes at school districts and universities across the United States and threatening to leak data from an estimated 275 million students and faculty at nearly 9,000 institutions.
KrebsOnSecurity reported that a Brazilian cybersecurity firm specializing in DDoS protection has been compromised and used to launch botnet-powered distributed denial-of-service attacks against rival network operators in Brazil. The company's CEO attributed the malicious activity to a security breach, claiming a competitor may have infiltrated their systems to damage their reputation.
Tyler Robert Buchanan, a 24-year-old British national and senior Scattered Spider member, pleaded guilty to wire fraud conspiracy and aggravated identity theft for his role in a 2022 SMS phishing campaign that breached at least a dozen major tech companies and stole tens of millions of dollars in cryptocurrency.
Microsoft released patches for 167 vulnerabilities across Windows and related software on a single day, including a SharePoint Server zero-day and a Windows Defender flaw called BlueHammer. Separately, Google Chrome fixed its fourth zero-day of 2026, and Adobe pushed an emergency update to address an actively exploited vulnerability in Adobe Reader that enables remote code execution.
Russian military intelligence-linked hackers are exploiting known vulnerabilities in older internet routers to harvest authentication tokens from Microsoft Office users across over 18,000 networks. The campaign operates without deploying malicious software, allowing state-backed actors to conduct stealthy credential theft at scale.
German investigators have unmasked a 31-year-old Russian national, Daniil Maksimovich Shchukin, as the operator behind the GandCrab and REvil ransomware groups, linking him to at least 130 cyberattacks and extortion cases in Germany between 2019 and 2021.
A financially motivated hacking group is deploying a worm that spreads through misconfigured cloud services and destroys data on any infected system set to Iran's time zone or using Farsi as its default language, apparently exploiting the current Iran conflict to amplify disruption.
U.S., Canadian, and German authorities jointly dismantled four large botnets โ Aisuru, Kimwolf, JackSkid, and Mossad โ that had hijacked more than three million routers and web cameras to launch some of the most powerful distributed denial-of-service attacks on record.
A hacktivist group tied to Iranian intelligence has claimed responsibility for a destructive data-wiping cyberattack on Stryker, the Michigan-based global medical technology giant. More than 5,000 employees were sent home from the company's largest hub in Ireland, while a recorded message at Stryker's U.S. headquarters warned of an ongoing building emergency.
Microsoft released security updates addressing 77 vulnerabilities in Windows and related software during this month's Patch Tuesday. No zero-day vulnerabilities were disclosed this month, though some patches may warrant priority deployment depending on organizational risk profiles and affected systems.