Photo and video sharing service Flickr has disclosed a data security incident where user personal information was potentially exposed through a vulnerability at a third-party email service provider. The San Francisco-based platform confirmed on February 5, 2026, that the breach may have compromised sensitive user data while passwords and payment information remained secure. Incident Timeline…
A January 2025 ransomware attack on government technology giant Conduent has exploded into one of the largest data breaches in recent history, with confirmed victims now numbering at least 25.9 million Americans across multiple states. The breach, attributed to the SafePay ransomware gang, continues to expand as the company notifies additional victims more than a…
A new investigation from CyStack’s security team reveals how the threat group APT-Q-27, also known as GoldenEyeDog, is bypassing modern security defenses through an elaborate multi-stage attack chain that operates almost entirely in memory. The Attack Chain: From Support Ticket to Full Compromise The intrusion began with an unsuspecting customer support agent clicking a link…
Automated investment platform Betterment has disclosed a significant data breach affecting approximately 1.4 million customers, following a sophisticated social engineering campaign that targeted company employees in January 2026. Attack Overview According to Betterment’s official incident report, the attack commenced on January 9, 2026, when threat actors exploited human vulnerabilities rather than technical flaws. By manipulating…
The elusive Iranian threat group known as Infy (also tracked as Prince of Persia) has evolved its tactics and deployed new command-and-control infrastructure, resuming operations precisely when Iran’s government-imposed internet blackout ended in late January 2026. Operational Timeline Reveals State Sponsorship According to SafeBreach researchers, Infy’s C2 servers went offline on January 8, 2026—the same…
Ransomware operators are increasingly exploiting legitimate virtual infrastructure management platforms to host and deliver malicious payloads at scale, effectively hiding their command-and-control infrastructure among thousands of innocuous systems. The Discovery Researchers at cybersecurity firm Sophos uncovered this concerning trend while investigating recent WantToCry ransomware incidents. They discovered that attackers were using Windows virtual machines with…
A sophisticated malware campaign targeting Chinese-speaking users has revealed a significant evolution in the Silver Fox APT group’s capabilities. According to new research from Cybereason Security Services, the threat actors are deploying fake software installers to deliver ValleyRAT (also known as Winos 4.0) using a rare process injection technique that bypasses most security tools. A…
The SystemBC malware loader has demonstrated remarkable resilience, continuing to operate despite targeted efforts during Europol’s Operation Endgame in May 2024. Cybersecurity firm Silent Push has identified more than 10,000 unique infected IP addresses across a massive botnet infrastructure that shows no signs of slowing down. Key Findings Silent Push researchers deployed a custom-built SystemBC…
A comprehensive analysis of frontier AI models for strategic intelligence work in 2026, comparing GPT-5.2, Claude Opus 4.5, Gemini 3 Pro, and Grok 4.1 across reasoning benchmarks, research capabilities, geopolitical analysis, and financial intelligence applications.
Cisco Talos researchers have disclosed a sophisticated adversary-in-the-middle (AitM) framework dubbed “DKnife” that enables China-nexus threat actors to intercept, manipulate, and weaponize network traffic at the gateway level. The framework has been operational since at least 2019 and its command and control infrastructure remains active as of January 2026. Seven Linux Implants for Deep-Packet Inspection…
