Dutch police arrests suspect linked to Ajax football club hack.

Romanian Hacker Sentenced to Prison in US for Selling Access to State Network.

CVE-2025-48459: Apache IoTDB – Unsafe Deserialization via Class.forName() to RCE.

Hackers targets US aviation sector with AI-assisted ‘MiniFast’ backdoor.

Dragonforce Ransomware group has added 2 new victims to their dark web portal.

FWMK Law Offices (Israel)
Ramos Rheumatology (US)

FBI Chief Kash Patel’s Clothing Store Hacked in ClickFix Infostealer Attack.

CVE-2024-52577 Apache Ignite RCE via Deserialization Exploit.

7-Zip CVE-2026-48095: NTFS Heap Overflow Can Trigger Through Renamed Files.

CVE-2026-9082 Drupal Core PostgreSQL SQL Injection Overview and Takeaways.

Charter confirms data breach after ShinyHunters extortion threat.

DragonForce Claims 585GB Data Breach of Israeli Law Firm FWMK, Issues 4-Day Ransom Deadline

FBI Warning Highlights “Silent” Ransomware Group Using Physical Infiltration Tactics Against Law Firms

Ransomware Tactics Escalate as Threat Actors Reportedly Pose as IT Staff for On-Site Network Access

Rare Shift Offline: Cybercriminal Group Targets Victims Through Face-to-Face Social Engineering

Charter Communications Confirms Data Leak Amid ShinyHunters Claim of 40 Million Stolen Customer Records

Dispute Over Breach Severity as ShinyHunters Alleges Exposure of Sensitive Subscriber Data

Legal Sector Under Growing Cyber Threat as Ransomware Groups Refine Hybrid Attack Methods

Banking malware is hiding in WebRTC traffic on Windows while Android RATs spread via fake Google Play pages.

Grandoreiro targets Portugal, Spain, and Mexico using DLL side-loading.

BTMOB targets Brazil with phishing, remote control, and banking theft features.

Malware that can’t be taken down?

Void Botnet — Rust loader using Ethereum smart contracts for seizure-resistant C2.

Built by TheVoidStl, sold on crime forums. ~1.5MB Windows binary with dual modes:

Blockchain: Commands via smart contract, bots poll RPCs (3-5 min)

MuddyWater hit 9 countries.

Hacking group targeted 9 organizations using signed Fortemedia and SentinelOne binaries to sideload malware, steal Chrome data, and quietly maintain access inside victim networks.

Attackers exploited CVE-2026-5426 in the KnowledgeDeliver LMS to gain unauthenticated RCE through hard-coded ASP-NET machineKeys, deploy the Godzilla (BLUEBEAM) web shell, and deliver Cobalt Strike Beacon on vulnerable internet-facing systems.