Betterment Data Breach Exposes 1.4 Million Customers Following Sophisticated Social Engineering Attack
Automated investment platform Betterment has disclosed a significant data breach affecting approximately 1.4 million customers,…
Betterment Data Breach Exposes 1.4 Million Customers Following Sophisticated Social Engineering Attack
Automated investment platform Betterment has disclosed a significant data breach affecting approximately 1.4 million customers, following a sophisticated social engineering campaign that targeted company employees in January 2026. Attack Overview According to Betterment’s official incident report, the attack commenced on January 9, 2026, when threat actors exploited human vulnerabilities rather than technical flaws. By manipulating…
Iranian APT Infy Resurfaces with New Tornado Malware After Internet Blackout
The elusive Iranian threat group known as Infy (also tracked as Prince of Persia) has evolved its tactics and deployed new command-and-control infrastructure, resuming operations precisely when Iran’s government-imposed internet blackout ended in late January 2026. Operational Timeline Reveals State Sponsorship According to SafeBreach researchers, Infy’s C2 servers went offline on January 8, 2026—the same…
Ransomware Gangs Abuse ISPsystem VMmanager to Hide Malicious Infrastructure at Scale
Ransomware operators are increasingly exploiting legitimate virtual infrastructure management platforms to host and deliver malicious payloads at scale, effectively hiding their command-and-control infrastructure among thousands of innocuous systems. The Discovery Researchers at cybersecurity firm Sophos uncovered this concerning trend while investigating recent WantToCry ransomware incidents. They discovered that attackers were using Windows virtual machines with…
Silver Fox APT Unleashes ValleyRAT with Rare PoolParty Process Injection Technique
A sophisticated malware campaign targeting Chinese-speaking users has revealed a significant evolution in the Silver Fox APT group’s capabilities. According to new research from Cybereason Security Services, the threat actors are deploying fake software installers to deliver ValleyRAT (also known as Winos 4.0) using a rare process injection technique that bypasses most security tools. A…
SystemBC Botnet Survives Law Enforcement Takedown, Infects Over 10,000 Devices Worldwide
The SystemBC malware loader has demonstrated remarkable resilience, continuing to operate despite targeted efforts during Europol’s Operation Endgame in May 2024. Cybersecurity firm Silent Push has identified more than 10,000 unique infected IP addresses across a massive botnet infrastructure that shows no signs of slowing down. Key Findings Silent Push researchers deployed a custom-built SystemBC…
Strategic Intelligence and the Cognitive Threshold: A Multidimensional Analysis of AI Model Efficacy in 2026
A comprehensive analysis of frontier AI models for strategic intelligence work in 2026, comparing GPT-5.2, Claude Opus 4.5, Gemini 3 Pro, and Grok 4.1 across reasoning benchmarks, research capabilities, geopolitical analysis, and financial intelligence applications.
DKnife: Cisco Talos Exposes China-Nexus Gateway-Monitoring AitM Framework Active Since 2019
Cisco Talos researchers have disclosed a sophisticated adversary-in-the-middle (AitM) framework dubbed “DKnife” that enables China-nexus threat actors to intercept, manipulate, and weaponize network traffic at the gateway level. The framework has been operational since at least 2019 and its command and control infrastructure remains active as of January 2026. Seven Linux Implants for Deep-Packet Inspection…
CISA Confirms VMware ESXi Flaw CVE-2025-22225 Now Exploited in Active Ransomware Campaigns
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to confirm that CVE-2025-22225, a high-severity VMware ESXi sandbox escape vulnerability, is now being actively exploited in ransomware attacks. The Vulnerability CVE-2025-22225 is an arbitrary-write vulnerability that allows attackers with privileges within the VMX process to trigger an arbitrary…
EnCase Forensic Driver Weaponized: BYOVD Attack Targets 59 EDR Tools Through SonicWall VPN Breach
Security researchers at Huntress have documented a sophisticated intrusion where threat actors leveraged compromised SonicWall SSLVPN credentials to deploy a custom EDR killer that abuses a legitimate forensic driver from Guidance Software’s EnCase to terminate security processes from kernel mode. Attack Overview The attack, disrupted in early February 2026 before ransomware deployment, demonstrates a growing…
PDFSider: The Stealthy Backdoor Targeting Fortune 100 Financial Institutions
A newly identified Windows malware strain called PDFSider has emerged as a dangerous tool in the arsenals of multiple ransomware operators, with at least one confirmed attack targeting a Fortune 100 finance company. Security researchers at Resecurity uncovered the malware during an incident response engagement, describing it as an advanced stealth backdoor designed for long-term…
