Belarus-Linked Ghostwriter Pushes Multi-Stage Phishing Malware at Ukrainian Agencies

Canada Arrests 23-Year-Old Alleged Botnet Operator Behind 2M-Device Malware Network.

Popular Hacker VPN Taken Offline in International Takedown.

Pentagon, NSA Form Task Force to Vet AI for Top‑Secret Networks.

First VPN, a criminal VPN used by at least 25 ransomware groups, has been dismantled.

Several German university hospitals announced that after a cyberattack on the company "Unimed," a provider of medical billing services, their patients' data was stolen.

Anthropic company announced that the Claude Mythos cloud AI model has successfully identified more than 10,000 important vulnerabilities in widely used software.

Unit 42 reports a surge in cyber espionage by “Screening Serpens,” targeting the U.S., Israel, and UAE. The campaign highlights growing sophistication in state-aligned threat activity and renewed focus on strategic intelligence gathering across key geopolitical regions.

The hacktivist group “Handala” will disclose the identities of individuals allegedly involved in the attack on the “Global Sumud Fleet”. The group asserted that those responsible have been tracked and warned that “nothing remains hidden” from its operations.

#TGITM @TheGhostITM

Disclosure of the identities of 69 Israeli Navy officers by Handala

The hacker group Handala announced the disclosure of the names and full information of 69 Israeli Navy officers and placed them on their wanted list. This action followed the attack on the global "Sumud" convoy (carrying humanitarian aid and peace activists).

#TGITM @TheGhostITM

Handala expressed strong support for the Sumud convoy and the "sea fighters," offering a reward of $100,000 for each of the 69 officers.

In a message addressed to Israel’s Minister of Internal Security, Itamar Ben-Gvir, the group warned:
"Know that no crime on land or at sea will go unanswered. You and all the bloodthirsty criminals in this cabinet will be pursued by the shadows of resistance wherever you are. After every thunder, expect a storm of our wrath."

#TGITM @TheGhostITM

Pro-Russian hacktivist group NoName057(16) claims it breached the SCADA system of a Ukrainian water treatment facility, allegedly gaining control over pumps, chemical dosing, and tank levels.

Security researchers have identified a new malware strain, “TrapDoor,” targeting crypto and AI developers via trojanized software packages. The malware is designed to steal credentials and wallet keys, and may manipulate AI coding tools into executing malicious commands.

Reports indicate Iran’s Supreme Cyberspace Council has approved a measure to reestablish international internet connectivity, pending final authorization. The move could signal a shift in policy following prolonged restrictions on external network access.

Hackers breached 700+ Ghost CMS websites to serve ClickFix malware attacks.

The attackers exploited critical flaw CVE-2026-26980 to steal admin API keys and inject malicious JavaScript into legitimate sites, including university, AI, blockchain, and fintech platforms.

Visitors were shown fake CAPTCHA pages that tricked them into running malware.

Lazarus deployed a new memory-only RAT against crypto and financial organizations.

The RemotePE malware executes entirely in memory with no filesystem artifacts, using DPAPI loaders, ETW patching, and Hell’s Gate techniques to evade detection and maintain stealthy access.

TrapDoor supply chain attack hits npm, PyPI, and Crates-io.

34 malicious packages across 384 versions were used to steal crypto wallets, SSH keys, cloud credentials, and developer secrets from crypto, DeFi, Solana, and AI environments.

The malware abused npm hooks, Python imports, and Rust build scripts for execution and persistence.

Cybersecurity experts warn that satellites and space-based infrastructure are becoming prime targets for cyber and electronic warfare. Attacks on ground stations, signal interference, and AI-enabled operations are raising new concerns over the resilience of global communications systems.

Iranian President Masoud Pezeshkian directed the Ministry of Communications to restore international internet access, effectively aiming to terminate a near-total nationwide blackout that has lasted 87 days, according to state media reports.