From Cybercrime to Countermeasures: How Governments, Enterprises, and Defenders Are Adjusting

Cybercrime leaves no hiding place. In Athens, police dismantled a mobile base station operating from a car that made cyber operations fit in a parking spot. U.S. investigators rolled out mobile digital forensics trucks designed to bring lab-grade analysis to crime scenes that have limited cell service. 

A hacker who breached U.S. Supreme Court systems took to Instagram, proving again that cybercrime seeks attention as eagerly as access. Ransomware groups continue to walk through unlocked doors, with phishing, remote access, and impersonation exploiting the fragile human element in the security chain.

German Police Name Russian Black Basta Leader, Issue International Manhunt

German authorities have identified Oleg Evgenievich Nefekov, a Russian national, as the alleged founder and leader of the Black Basta ransomware group. Federal police added him to the EU’s most-wanted list and confirmed an active Interpol Red Notice. Nefekov directed affiliate recruitment, and ransom negotiations against roughly 700 organizations since 2022. Authorities believe Nefekov is currently in Russia after escaping custody following an arrest in Armenia in 2024.

Supreme Court Hacker Posts Federal Data on Instagram

Court filings reveal that Nicholas Moore, a 24-year-old from Tennessee, breached systems at the U.S. Supreme Court, AmeriCorps, and the Department of Veterans Affairs using stolen credentials. Moore pleaded guilty after investigators found he publicly posted the stolen data on Instagram under the handle @ihackthegovernment. Moore now faces up to one year in prison and fines.

Remote Access, Phishing, and Rapid Exploits Now Drive Ransomware Attacks

Phishing and social engineering continue to rank among the most common ransomware attack vectors, with campaigns expanding beyond traditional email. Attackers now target employees through phone calls, messages, and internal collaboration platforms such as Microsoft Teams. By impersonating IT staff or vendors, they create a sense of urgency and legitimacy. Victims are persuaded to approve access requests or install remote-access tools. This enables attackers to gain initial access without exploiting software flaws.

Pass’Sport Data Breach Exposes 6.4 Million Accounts in France

A data breach tied to France’s Pass’Sport program exposed personal data linked to 6.4 million accounts. The leak originated from information systems under the Ministry of Sports, not the family benefits agency. The dataset included names, contact details, addresses, and internal Pass’Sport identifiers. Authorities launched a cybersecurity response and notified regulators following confirmation of the breach.

Secret Service Deploys Mobile Digital Forensics Truck for On-Scene Investigations

The U.S. Secret Service Atlanta Field Office deployed a mobile Digital Analysis Response Truck. The vehicle enables on-site forensic analysis during child exploitation and fraud investigations. Agents can identify and extract data from multiple devices directly at search locations saving investigation time and suspect identification. The SUV-based platform allows access to rural areas unreachable by traditional forensic vans.

Evelyn Stealer Targets Software Developers Through Visual Studio Code Extensions

A malware campaign dubbed Evelyn Stealer is targeting software developers through malicious VSC extensions. The attack uses compromised extensions to deliver a multi-stage infostealer payload. A disguised DLL downloader retrieves and injects the final malware via process hollowing. The malware steals credentials, system data, and cryptocurrency wallet information. Researchers warn compromised developer systems can expose broader organizational infrastructure.

UStrive Security Flaw Exposed Student and Mentor Data

A security flaw in UStrive exposed non-public user data through a misconfigured GraphQL endpoint. Authenticated users could access other users’ personal information via backend queries. Roughly 238,000 student and mentor records were accessible at discovery time. UStrive says it patched the issue after responsible disclosure.

Black Kite Report Flags Growing Supply Chain Cyber Risks

A Black Kite report warns of escalating third-party cyber risks in retail and wholesale sectors. Credential exposure from infostealers affects most major retailers and many wholesalers. Ransomware increasingly targets vendors and indirect supply chain connections. Limited visibility into fourth- and Nth-party relationships remains a key weakness. Security teams urge continuous monitoring and faster vulnerability remediation in 2026.

Mobile Base Station to Police Car: Smishing Arrest in Athens

Greek police arrested two foreign nationals accused of running a rogue mobile base station from a vehicle in Athens. The device forced nearby phones to downgrade to 2G, enabling SMS phishing without user interaction. Authorities said the attackers impersonated banks and courier services to steal payment card data. They used a vehicle-mounted antenna to impersonate legitimate mobile network infrastructure. The setup enabled mass SMS delivery without relying on telecom provider authentication controls.

PcComponentes Incident Linked to Credential Stuffing Using Historical Infostealer Logs

PcComponentes said a recent security incident did not involve a breach of its internal systems. The activity was a credential stuffing attack targeting individual user accounts. Some of the compromised credentials originated from malware infections dating back to 2020 and 2021. By accessing valid accounts, the attacker scraped personal user information without system intrusion.

Denmark Advises Officials to Disable Bluetooth Devices Amid Espionage Concerns

Danish authorities instructed government officials to disable Bluetooth on work and personal devices. The guidance follows intelligence assessments due to risks of wireless surveillance. Bluetooth vulnerabilities can enable interception or remote exploitation without user interaction. The advisory aims to reduce exposure of sensitive government communications. 

LastPass Backup Phishing Campaign Uses Fake Maintenance Alerts to Steal Vault Access

A phishing campaign impersonating LastPass is targeting users with fake emails. It is claiming urgent system maintenance requiring immediate vault backups. The messages pressure recipients to act within 24hrs to trigger rushed responses. Clicking the embedded links redirects victims through an AWS-hosted URL before landing on a fraudulent domain mimicking LastPass. Users are then prompted to enter their master passwords, which would grant attackers full access to stored credentials, payment details, and secure notes. LastPass said it never requests master passwords or urgent backups via email. 

Venezuela Domain Surge Points to Campaigns Exploiting Geopolitical Uncertainty

Threat researchers recorded 829 suspicious domain registrations tied to U.S. actions in Venezuela between December 2025 and January 2026. A sharp spike occurred in January, with over 500 domains registered over three days. PreCrime Labs at BforeAI said the activity aligns with opportunistic actors rather than state-sponsored operations. Most domains were linked to merchandise stores, real estate, energy, and cryptocurrency. Researchers said such infrastructure is commonly used for phishing, disinformation, and PII harvesting. 

Pwn2Own Automotive Contest Exposes 37 Zero-Day Flaws Across Vehicle Technologies

Security researchers demonstrated 37 vulnerabilities during the opening days of Pwn2Own Automotive 2026. Multiple teams achieved root-level access on fully patched systems using chained exploits. They also successfully exploited EV chargers and in-vehicle systems from several vendors. More than $500,000 in rewards were issued, with vendors given 90 days to release fixes before public disclosure.

Spanish Transport Officials Targeted in Doxing After Train Crash

A hacker using the alias Vindex allegedly leaked personal data of three senior Spanish transport officials. The attacker blamed the officials for the fatal Adamuz train crash in Córdoba. The data was published on a criminal forum as an apparent act of political retaliation. Spain’s National Police have launched a cyberterrorism investigation into the incident.

DDoS Attack Disrupts Luxembourg Government Websites

Several Luxembourg government websites were taken offline following a DDoS attack on Tuesday. Websites hosted under the .public.lu domain became inaccessible between 7:58 a.m. and 8:39 a.m. It included guichet.lu, an online portal for public administrative services. The Centre des technologies de l'information de l'Etat, which manages Luxembourg’s government IT infrastructure, confirmed the disruption. 

ShinyHunters Claim Okta Vishing Attacks, Publish Data

Okta warned of active vishing campaigns targeting employees to steal Okta SSO credentials using custom phishing kits. Attackers combine phone calls with real-time phishing pages to intercept credentials and MFA approvals. The ShinyHunters group has claimed responsibility for the campaign and said it published alleged stolen data after failed extortion attempts. Named victims include Crunchbase, SoundCloud, and Betterment, according to ShinyHunters. 

INC Ransomware’s Backup Mistake Let Defenders Turn the Attack Around

A security lapse in infrastructure used by the INC ransomware group enabled researchers to recover stolen data linked to U.S. organizations. Cyber Centaurs said it identified attacker-controlled Restic repositories while investigating a separate ransomware incident. Restic was not used for exfiltration in that case, leftover scripts and credentials exposed reusable attacker infrastructure. The researchers reported finding encrypted datasets associated with 12 victims across healthcare, manufacturing, professional services, and technology sectors. 

Unsecured Database Exposed 149M Stolen Credentials Collected via Infostealer 

Cybersecurity researcher Jeremiah Fowler uncovered a publicly exposed database containing roughly 149M stolen credentials. The unprotected database held emails, usernames, passwords, and direct login URLs, totaling about 96GB of data. The records appeared to originate from infostealer malware and keylogging activity targeting users worldwide. Credentials were linked to social media, streaming platforms, financial services, crypto accounts, and government-related domains. The database lacked ownership information and remained accessible for weeks. After multiple reports, the hosting provider suspended access. 

Ransomware Leader Pleads Guilty After Years of Attacks From Inside U.S.

A Russian ransomware operator pleaded guilty in the U.S. after years of attacks against at least 50 victims, while living in the United States. He faces up to 25 years in prison. Ianis Aleksandrovich Antropenko, admitted to running a ransomware conspiracy over roughly four years, using multiple malware and coordinating with both U.S. and overseas accomplices. It caused at least $1.5M in victim losses. Authorities seized over $3.4 million in cryptocurrency, cash, and luxury assets.

Jeff Bezos’s Blue Origin Outlines Plan for Satellite Communications Network

Jeff Bezos’s Blue Origin has announced plans to build a 5,400-satellite constellation focused on high-capacity space-based communications. The company describes the project as a long-term effort to deliver advanced connectivity for government and enterprise customers. The network is designed to support large-scale data transmission. Deployment is expected to take place over several years, subject to regulatory approvals.

Rhaetian Railway Confirms Cyberattack Exposed Vereina Ticket Shop Customer Data

Rhaetian Railway (RhB) confirmed that hackers breached the Vereina car shuttle’s online ticket shop and accessed customer names, email addresses, billing details, and account credentials. The ticket shop has been taken offline, with online sales suspended until at least the end of February. 

Europe Launches Independent Vulnerability Database as CVE Backstop

A new European vulnerability database created by Luxembourg’s incident response team has officially gone live. The platform is intended to serve as a CVE-compatible reference for tracking software and hardware security flaws. It pulls data from more than 25 advisory sources across commercial and open-source ecosystems.  

HHS Oversight Office Flags Persistent Cybersecurity Gaps

The HHS Office of Inspector General has warned that the U.S. Department of Health and Human Services continues to face cybersecurity challenges. The report points to fragmented governance and inconsistent controls across HHS divisions and programs. Oversight is further complicated as the department relies on thousands of contractors and external partners.

Closing the Gaps That Attackers Exploit

Public institutions from France’s Ministry of Sports to Switzerland’s rail network grappled with breaches that disrupted services, while hacktivists retaliated by doxxing Spanish transport officials after a train crash. 

Legacy systems, staffing shortages, and limited resources raised concerns that existing HIPAA privacy and security rules may not adequately address modern cyber risks. Europe’s launch of a vulnerability database marked a push toward earlier detection and shared responsibility in addressing security flaws.

As organizations look to space-based communications for resilience, governments are weighing how to better protect children and students from data exposure and online manipulation.