In a significant escalation of Iranian cyber operations against U.S. government officials, the Iran-linked hacktivist group Handala has successfully compromised the personal email account of FBI Director Kash Patel. The breach, confirmed by the FBI on March 27, 2026, resulted in the publication of photographs and documents from Patel’s Gmail account. Attack Details Handala posted…
A pro-Ukrainian hacking group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since January 2025, with recent operations deploying a proprietary Windows ransomware strain called GenieLocker, according to research from Russian security vendor F6 via The Hacker News. Dual-Purpose Operations Bearlyfy (also known as Labubu) operates with dual objectives:…
A months-long investigation by Rapid7 Labs has exposed a sophisticated state-sponsored espionage campaign by the China-nexus threat actor Red Menshen, which has embedded some of the most covert digital sleeper cells ever documented inside global telecommunications infrastructure. Why It Matters Telecommunications networks carry government communications, authenticate subscriber identities, coordinate critical industries, and process signaling flows…
A comprehensive investigation by Rapid7 Labs has exposed a sophisticated, state-sponsored espionage campaign by the China-nexus threat actor Red Menshen, revealing one of the most covert digital sleeper cell operations ever documented within global telecommunications infrastructure. The campaign represents a deliberate shift from opportunistic hacking to long-term pre-positioning within the very backbone networks that underpin…
Russia-aligned APT group Pawn Storm (APT28/Fancy Bear) has launched an aggressive campaign deploying a sophisticated new malware suite dubbed PRISMEX against Ukrainian defense infrastructure and NATO logistics partners across Central and Eastern Europe. Campaign Overview The campaign, active since September 2025 and significantly escalating in January 2026, targets the operational backbone of Ukrainian defense and…
Identity attacks have evolved beyond simply compromising individual accounts—modern threat actors now focus on what those identities can access across an organization’s sprawling digital ecosystem. As enterprises manage an explosive growth in human, non-human, and agentic identities, the attack surface multiplies exponentially across applications, cloud environments, and on-premises systems. The Fragmentation Crisis According to Microsoft’s…
Oracle has released an emergency out-of-band security patch for a critical unauthenticated remote code execution vulnerability affecting Oracle Identity Manager and Oracle Web Services Manager. Tracked as CVE-2026-21992 with a CVSS v3.1 score of 9.8, this flaw allows attackers to achieve full system compromise over HTTP without any authentication. The Vulnerability CVE-2026-21992 impacts two critical…
A cybercrime group is attempting to leverage the ongoing US-Iran conflict by deploying a destructive wiper malware that specifically targets systems configured for Iranian users, according to new research from Krebs on Security and Aikido. TeamPCP Launches Iran-Targeting Wiper The financially motivated threat actor TeamPCP has weaponized its existing supply chain compromise to deploy CanisterWorm,…
The cybercrime group TeamPCP has added a destructive wiper component to their cloud-native attack infrastructure, specifically targeting systems in Iran based on timezone and language settings. From Data Theft to Destruction Security researcher Charlie Eriksen at Aikido discovered that TeamPCP deployed the wiper payload over the weekend, leveraging the same technical infrastructure used in their…
Threat actors are actively exploiting a maximum-severity security flaw in Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf research. The vulnerability, tracked as CVE-2025-32975 with a CVSS score of 10.0, allows attackers to completely bypass authentication and impersonate legitimate users without valid credentials. Active Exploitation in the Wild Arctic Wolf observed malicious activity…
