Key TakeawaysMassive Data Compromise: An international cybercrime operation breached nearly 30,000 customer accounts targeting a California-based online retailer.Significant Financial Impact: Threat actors executed $721,000 in…

Key TakeawaysInternal access investigation: GitHub is examining reports of unauthorized access to its internal repositories.Unverified breach claims: The TeamPCP threat group alleges it compromised approximately…

Key TakeawaysData exposure: A CISA contractor allegedly leaked AWS GovCloud keys and internal credentials via a public GitHub repository.Validated cloud access: Security researchers confirmed the…

Key TakeawaysNew macOS Stealer: Reaper targets Apple users by spoofing major tech brands, including Apple, Microsoft, and Google, to steal credentials.Sophisticated Evasion Tactics: The malware…

Key TakeawaysMassive data breach: Hackers compromised the records of at least 1.8 million individuals.Extended unauthorized access: Attackers accessed the network from November 2025 to February…

Key TakeawaysOperational Disruption: Law enforcement apprehended over 200 individuals and decommissioned more than 50 malicious servers.Victimology and Suspect Profiles: The 13-nation operation identified almost 4,000…

Key TakeawaysAttack volume drops: Total mobile attacks decreased, but unique user targeting remained stable.Banking Trojans surge: Malicious installation packages increased by half quarter-over-quarter.Emerging mobile threats:…

Key TakeawaysRapid cloning: The first Shai-Hulud worm clones appeared days after TeamPCP released the source code.Malicious packages: Security researchers identified four malicious NPM packages with…

Key TakeawaysIRGC propaganda: A law enforcement operation identified and disrupted the IRGC's online presence used to spread propaganda, recruit supporters, and raise funds.Operation span: The…

Key TakeawaysConfirmed token compromise: Grafana officially disclosed that an unauthorized party accessed its GitHub environment.Codebase extortion attempt: The unnamed threat actors successfully downloaded the company's…

Manny Ataebi – Cerby Manny Ataebi has been appointed as Chief Marketing Officer at identity security company Cerby after spending the last three years in…

The week’s incidents show cybercrime becoming faster and quieter, with supply chain attacks targeting developer ecosystems because compromising one package can spread malware to thousands…

Key TakeawaysCanada Bill C-22 surveillance law: Windscribe may exit Canada if forced to log user metadata for compliance.Industry reaction: Signal and Windscribe oppose bill, citing…

Key TakeawaysUtah age verification VPN liability law: Websites held responsible when users bypass age checks using VPN location masking.Enforcement difficulty: VPN detection remains unreliable, as…

Key TakeawaysAndroid 16 VPN vulnerability: Researchers claim apps can bypass VPN tunnels and expose users’ real IP addresses.Google response: Google reportedly marked the Android 16…

Key TakeawaysIndictment returned: A federal grand jury charged two Pakistani men and one Indian man in relation to dark web narcotics trafficking.Dark web operations: Defendants…

Key TakeawaysTargeted Phishing Attack: Russian hackers targeted over 13,500 Signal users in an extensive espionage operation.Automated Compromise System: The ApocalypseZ infrastructure facilitated bulk account hijacking…

Key TakeawaysTargeted sectors: Operations focused on South Korean entities, alongside defense targets in Brazil and Germany.Malware variants: Threat actors deployed HelloDoor, httpMalice, MemLoad, httpTroy, AppleSeed,…

Key TakeawaysNew campaign: ESET researchers have identified Ghostwriter conducting targeted operations against Ukrainian governmental entities.Malicious payload delivery: Threat actors deployed PicassoLoader and a Cobalt Strike…

Key TakeawaysData security: OpenAI states that there is no evidence that user data or intellectual property was accessed.Impacted devices: Two corporate employee devices were affected…