Southeast Asian military organizations have been targeted in a China-linked cyberespionage campaign running for years, Palo Alto Networks reports. Likely ongoing since at least 2020 and attributed to a state-sponsored threat actor tracked as CL-STA-1087, the activity shows a high degree of patience, as the attackers stayed dormant in the compromised environments for months. Palo Alto Networks determined that CL-STA-1087 had access to an organization's environment for months. READ MORE...
Poland's national nuclear research center was recently targeted in a cyberattack that may have been conducted by Iranian hackers. The National Centre for Nuclear Research (NCBJ) is Poland's largest research institute focused on nuclear science and technology. It operates the country's only nuclear research reactor, MARIA, and conducts research in nuclear and particle physics, reactor technology, radiopharmaceuticals for medical applications, and industrial and environmental applications. READ MORE...
A group of cybercriminals tracked as Storm-2561 is using fake enterprise VPN clients from CheckPoint, Cisco, Fortinet, Ivanti, and other vendors to steal users' credentials, according to Microsoft. Storm-2561 is a newish criminal gang ("Storm" followed by a number is how Microsoft tracks groups still in development) that has been around since May 2025, and typically uses SEO positioning and vendor impersonation to distribute malware. READ MORE...
Ransomware remains a scourge that shows some signs of relenting, but incident responders and threat hunters are busier than ever as more financially-motivated attackers lean exclusively on data theft for extortion. Attacks that only involve data theft for extortion may not be more prevalent than traditional ransomware when attackers encrypt systems, but momentum is moving in that direction, Genevieve Stark, head of cybercrime intelligence at Google Threat Intelligence Group, told CyberScoop. READ MORE...
Cybersecurity is entering "a new phase" as artificial intelligence tools have matured and given IT defenders significantly less time to respond to cyberattacks and other threats, according to a new report released Monday. The report, authored by federal contractor Booz Allen Hamilton, concludes that threat actors have adopted AI more quickly than governments and private companies have adopted it for cyber defense. READ MORE...
The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. In a notice published today by the FBI's Seattle Division, the agency said it is attempting to identify individuals who were affected after installing one of the malicious games on Steam between May 2024 and January 2026. READ MORE...
Researchers say they've discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that's flummoxing traditional defenses designed to detect such threats. The researchers, from firm Aikido Security, said Friday that they found 151 malicious packages that were uploaded to GitHub from March 3 to March 9. Such supply-chain attacks have been common for nearly a decade. READ MORE...
Somewhere in the world right now, a cybercriminal is trying to steal your organization's encrypted data. They can't read it yet, but the technology needed to do so is rapidly approaching. When ready, that technology will allow criminals to break even the most stringent traditional protections in a matter of minutes. This type of attack is part of a new "harvest-now, decrypt-later" approach, and it represents one of the most insidious threats facing organizations today. READ MORE...