Author: Declan Murphy
The DoJ has charged 31 people in a large nationwide ATM jackpotting rip-off, with some allegedly linked to the Tren de Aragua gang. Learn how investigators stopped this high-tech heist. A large worldwide crime ring that allegedly used high-tech methods to rob money machines throughout America has been stopped. Lately, a federal grand jury in Nebraska charged 31 extra folks, bringing the whole variety of suspects to 87. This follows a significant crackdown involving a coordinated effort by Joint Job Power Vulcan and native police departments nationwide. These people are accused of ATM jackpotting, against the law the place malware…
Ravie LakshmananJan 27, 2026Zero-Day / Vulnerability Microsoft on Monday issued out-of-band safety patches for a high-severity Microsoft Workplace zero-day vulnerability exploited in assaults. The vulnerability, tracked as CVE-2026-21509, carries a CVSS rating of seven.8 out of 10.0. It has been described as a safety function bypass in Microsoft Workplace. “Reliance on untrusted inputs in a safety resolution in Microsoft Workplace permits an unauthorized attacker to bypass a safety function regionally,” the tech large mentioned in an advisory. “This replace addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Workplace, which shield customers from weak COM/OLE controls.” Profitable…
The North Korean state-sponsored Lazarus hacking group has launched a classy cyberespionage marketing campaign focusing on European protection contractors concerned in uncrewed aerial automobile (UAV) manufacturing. The assaults seem straight linked to North Korea’s efforts to speed up its home drone manufacturing capabilities by industrial espionage. The focused organizations embrace a steel engineering agency, an plane element producer, and a specialised protection firm, with at the least two closely concerned in UAV expertise improvement and manufacturing. The marketing campaign represents a brand new wave of Operation DreamJob, Lazarus’s signature social engineering operation that makes use of faux job provides at…
On Dec. 29 and 30, the Polish electrical energy grid was subjected to a cyberattack that almost knocked out energy to a whole lot of hundreds of households. Safety agency ESET has since performed a more in-depth examination of the assault and concluded that it was carried out by Sandworm, a bunch of hackers with robust ties to the Russian army intelligence service GRU. The assault used Dynowiper, a strong malware that deletes all information on weak computer systems.
As customers proceed to evaluate the Beneath Armour knowledge breach, WorldLeaks, the rebranded model of the Hunters Worldwide ransomware group, is claiming to have breached Nike, Inc., a significant U.S.-based athletic footwear and attire firm. The claims have been revealed on the group’s official darkish net leak web site on Thursday, January 22, 2026. Over the weekend, WorldLeaks up to date the submit with what it says is supporting proof, alleging that the attackers exfiltrated greater than 1.4 terabytes of Nike knowledge with 188,347 recordsdata that at the moment are being leaked on-line. It’s value noting that the identical group…
Ravie LakshmananJan 26, 2026Malware / Endpoint Safety The North Korean menace actor often called Konni has been noticed utilizing PowerShell malware generated utilizing synthetic intelligence (AI) instruments to focus on builders and engineering groups within the blockchain sector. The phishing marketing campaign has focused Japan, Australia, and India, highlighting the adversary’s growth of the concentrating on scope past South Korea, Russia, Ukraine, and European nations, Verify Level Analysis mentioned in a technical report printed final week. Energetic since at the very least 2014, Konni is primarily identified for its concentrating on of organizations and people in South Korea. It is…
Microsoft has introduced the general public preview of the Home windows App Growth CLI (winapp), a brand new open-source command-line software designed to simplify Home windows utility improvement throughout a number of frameworks and toolchains. The software is now out there on GitHub for builders working outdoors conventional Visible Studio or MSBuild environments. The winapp CLI targets builders utilizing cross-platform frameworks together with Electron, .NET, C++, Rust, and Dart. The software eliminates complexity in accessing fashionable Home windows APIs reminiscent of Home windows AI APIs, security measures, and shell integrations immediately from any improvement toolchain. Conventional Home windows improvement includes…
However, there’s nonetheless a spot between the complexity of the setting (hybrid, SaaS, multi-cloud) and the maturity of id controls. Likewise, many organizations nonetheless don’t persistently apply clever privilege controls, whereas the necessity to automate the id and permission lifecycle signifies that present funding shouldn’t be at all times enough or properly focused. And never solely does this hole exist, however there’s additionally a cultural hole, as Salvador Sánchez Taboada factors out. “Many administration groups see cybersecurity as an expense, not as a lifesaver,” he acknowledges. In Spain and Latin America, we’re working to vary that view, counting on integration…
Is your Home windows PC safe? A latest Guam court docket case reveals Microsoft can present BitLocker encryption keys to the FBI. Learn the way to regain management of your keys. A latest authorized case has revealed a shocking hole in pc privateness that many individuals possible didn’t know existed. It seems Microsoft can unlock private computer systems for the federal government, and so they lately did precisely that in a significant investigation. The Thriller of the Locked Laptops The story started in Guam, the place federal brokers have been investigating an enormous scheme to steal roughly $2 million from…
A brand new multi-stage phishing marketing campaign has been noticed concentrating on customers in Russia with ransomware and a distant entry trojan referred to as Amnesia RAT. “The assault begins with social engineering lures delivered through business-themed paperwork crafted to look routine and benign,” Fortinet FortiGuard Labs researcher Cara Lin mentioned in a technical breakdown printed this week. “These paperwork and accompanying scripts function visible distractions, diverting victims to faux duties or standing messages whereas malicious exercise runs silently within the background.” The marketing campaign stands out for a few causes. First, it makes use of a number of public…