Google Threat Intelligence Group (GTIG) has uncovered a new threat actor possibly affiliated with Russian intelligence services that has been systematically targeting Ukrainian organizations with a sophisticated malware strain known as CANFAIL. Target Profile The threat group has focused its operations on high-value targets within Ukraine, including: Defense and military organizations Government entities (regional and…
A massive supply chain attack dubbed ClawHavoc has compromised ClawHub, the official skill marketplace for OpenClaw, an open-source AI agent platform formerly known as ClawdBot and Moltbot. Researchers have uncovered at least 1,184 malicious “Skills”—plugin-style packages that extend the agent’s capabilities—turning a rapidly growing AI ecosystem into an active malware distribution hub. The Attack at…
Adidas has confirmed it is actively investigating a data breach at one of its independent licensing partners after threat actors claiming to be the Lapsus$ Group posted allegedly stolen data on BreachForums. The incident highlights the ongoing risks posed by third-party vendor relationships in enterprise supply chains. What Happened On February 16, 2026, someone purporting…
Security researchers at Check Point have uncovered a concerning new attack vector: threat actors can abuse AI assistants like Microsoft Copilot and xAI’s Grok to create covert command-and-control (C2) communication channels that evade traditional security tools. The proof-of-concept demonstrates how attackers can leverage AI services with web browsing capabilities to relay commands between malicious infrastructure…
Trend Micro researchers have uncovered a sophisticated spam campaign that weaponizes Atlassian Jira Cloud’s trusted infrastructure to bypass traditional email security controls and target government and corporate entities worldwide. The campaign, active from late December 2025 through late January 2026, demonstrates how threat actors can exploit legitimate software-as-a-service (SaaS) platforms to deliver malicious content while…
Palo Alto Networks’ Unit 42 has released their 2026 Global Incident Response Report, analyzing over 750 major cyber incidents across 50+ countries. The findings paint a stark picture of an evolving threat landscape where attacks are faster, broader, and harder to contain than ever before. Key Finding: 72-Minute Attack Chains In the fastest cases Unit…
The Acronis Threat Research Unit (TRU) has identified a significantly enhanced version of the notorious LockBit ransomware, designated LockBit 5.0, actively being deployed in campaigns against enterprise environments. The latest variant introduces expanded cross-platform capabilities, enabling attackers to target Windows, Linux, and VMware ESXi systems within a single coordinated attack. A New Chapter in Ransomware…
European home improvement marketplace ManoMano has confirmed a massive data breach affecting 37.8 million customer accounts after hackers compromised a third-party customer service provider. The breach, which surfaced on cybercriminal forum BreachForums, represents one of the largest retail data exposures of 2026. The Breach: Third-Party Call Center Compromised A threat actor using the handle “Indra”…
Security researchers at Huntress have uncovered a sophisticated new malware campaign that weaponizes browser stability against users. The attack, dubbed CrashFix, represents an evolution of the notorious ClickFix social engineering technique—but with a dangerous twist: instead of faking system problems, it creates real ones. How NexShield Works The malicious Chrome and Edge extension, called NexShield,…
Apple has released emergency security updates to patch a zero-day vulnerability that was actively exploited in what the company describes as “extremely sophisticated” attacks targeting specific individuals. Technical Details The vulnerability, tracked as CVE-2026-20700, is an arbitrary code execution flaw in dyld, the Dynamic Link Editor used across Apple’s operating systems including iOS, iPadOS, macOS,…
