The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices. Both the hacktivist's handala-redwanted[.]to and handala-hack[.]to clearnet domains now display a seizure notice stating that the websites were seized under a seizure warrant issued by the District Court for the District of Maryland. READ MORE...
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets - named Aisuru, Kimwolf, JackSkid and Mossad - are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline. READ MORE...
Third-party benefits administrator Navia Benefit Solutions is notifying nearly 2.7 million people that their personal information was stolen in a data breach. The incident, the company says, was discovered on January 23, but the investigation into the matter determined that hackers had access to its systems between December 22, 2025, and January 15, 2026. During that window, the attackers accessed and likely exfiltrated personal information. READ MORE...
A 27-year-old North Carolina man was found guilty of six counts of extortion for a series of crimes he committed while working as a data analyst contractor for a D.C.-based international technology company, the Justice Department said Thursday. Cameron Nicholas Curry, also known as "Loot," stole a trove of corporate data, including sensitive employee and compensation information, which he used to extort his employer, according to court records. READ MORE...
LeakNet is a ransomware operation that has been active since late 2024, encrypting, exfiltrating, and (if a ransom is not paid) leaking the data of compromised organisations. Unlike some of the larger ransomware-as-a-service (RaaS) groups, LeakNet does not appear to run a traditional affiliate programme with a wide network of partners. Instead, it appears to be a more tightly-run operation that has historically sourced its initial access through criminal marketplaces. READ MORE...
ConnectWise has rolled out a security update for ScreenConnect to improve its handling of machine keys and prevent server compromise. The update addresses CVE-2026-3564 (CVSS score of 9.0), a critical-severity vulnerability that could allow attackers to access cryptographic material used for session authentication. Previously, ScreenConnect stored the unique machine keys within server configuration files, which exposed them to exfiltration in certain scenarios. READ MORE...
iPhone hacking techniques have sometimes been described almost like rare and elusive animals: Hackers have used them so stealthily and carefully against such a small number of hand-picked targets that they're only rarely seen in the wild. Now a recent spate of espionage and cybercriminal campaigns has instead deployed those same phone-takeover tools. And one new technique in particular has appeared on the web in an easily reusable form READ MORE...