ShinyHunters Claims 1 Petabyte Data Theft From Telus Digital in Multi-Month BPO Breach
Business process outsourcing (BPO) giant Telus Digital has confirmed a major cybersecurity incident after the…
ShinyHunters Claims 1 Petabyte Data Theft From Telus Digital in Multi-Month BPO Breach
Business process outsourcing (BPO) giant Telus Digital has confirmed a major cybersecurity incident after the notorious ShinyHunters extortion group claimed to have stolen nearly one petabyte of data from the company and its customers. The breach, which involved unauthorized access to internal systems over an extended period, highlights a dangerous evolution in attacker strategy—where threat…
Google Patches Two Chrome Zero-Days Actively Exploited in the Wild, CISA Adds to KEV Catalog
Google has released emergency security updates to address two high-severity vulnerabilities in Chrome that are being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both flaws to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to patch by March 27, 2026. The Vulnerabilities The two critical flaws…
Pro-Iranian Hackers Expand Targeting of US Critical Infrastructure as Cyber Chaos Escalates
Pro-Iranian hackers are expanding their operations beyond the Middle East and increasingly targeting critical infrastructure in the United States, according to cybersecurity experts and recent incidents. The attacks represent a significant escalation in Iran’s cyber warfare capabilities and pose growing risks to American defense contractors, power stations, and water plants. Handala Claims Major US Attack…
Google Patches Two Actively Exploited Chrome Zero-Days: CVE-2026-3909 and CVE-2026-3910
Google has released emergency security updates to fix two high-severity vulnerabilities in Chrome that are being actively exploited in the wild. These are the second and third Chrome zero-days patched in 2026, highlighting the continued targeting of browser vulnerabilities by threat actors. The Vulnerabilities The two zero-days—CVE-2026-3909 and CVE-2026-3910—target core components of the Chrome browser:…
Storm-2561 Weaponizes SEO Poisoning to Deploy Trojanized VPN Clients and Steal Enterprise Credentials
Microsoft Defender Experts have uncovered a sophisticated credential theft campaign orchestrated by the financially motivated threat actor Storm-2561. The campaign exploits search engine optimization (SEO) poisoning to redirect enterprise users searching for legitimate VPN software to malicious websites that distribute trojanized VPN clients. How the Attack Works Active since May 2025, Storm-2561 targets users searching…
Infostealer Infection Unmasks DPRK Operative Behind Polyfill.io Supply Chain Attack and US Crypto Exchange Infiltration
In a stunning example of operational security failure, a North Korean cyber operative was unmasked after infecting their own machine with a LummaC2 infostealer—revealing definitive evidence linking them to both the catastrophic Polyfill.io supply chain attack and deep infiltration of a US cryptocurrency exchange. Key Findings According to a detailed forensic analysis by Hudson Rock…
KadNap Botnet Hijacks 14,000+ ASUS Routers Using Novel Kademlia DHT Protocol for Stealth C2
A newly discovered botnet called KadNap is turning ASUS routers and edge networking devices into covert proxies for cybercriminal operations. Since August 2025, the malware has infected over 14,000 devices across the globe, with researchers from Black Lotus Labs (Lumen Technologies) revealing a sophisticated command-and-control (C2) infrastructure that leverages a customized version of the Kademlia…
Iranian Handala Hacktivists Deploy Wiper Malware Against Medical Device Giant Stryker
Iran-linked hacktivist group Handala has claimed responsibility for a devastating wiper malware attack against Stryker Corporation, a Fortune 500 medical technology company with over 53,000 employees and $22.6 billion in annual sales. Attack Scale and Impact According to Handala’s claims and corroborating employee reports, the attack resulted in: 50 terabytes of critical data exfiltrated 200,000+…
FortiGate Devices Exploited as Network Entry Points for Service Account Credential Theft
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors are weaponizing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks. The activity, documented by SentinelOne, targets healthcare, government, and managed service provider environments. How FortiGate Integration Becomes a Vulnerability FortiGate appliances often integrate directly with Active Directory (AD) and Lightweight Directory…
Iranian MOIS Cyber Actors Embrace Criminal Ecosystem: From Rhadamanthys to Ransomware Affiliates
A new Check Point Research report reveals that Iranian Ministry of Intelligence and Security (MOIS)-linked threat actors are increasingly engaging with the cybercrime ecosystem, moving beyond mere imitation to directly leveraging criminal tools, services, and affiliate-style relationships in support of state objectives. Key Findings The research highlights a significant evolution in Iranian cyber operations, where…
