A federal court in Indiana sentenced a Russian cybercriminal to 81 months in prison on charges related to his role as an initial access broker for ransomware groups. Aleksei Volkov, 26, of St. Petersburg, Russia, pleaded guilty in November 2025 to six federal charges stemming from his work with the Yanluowang ransomware group and other cybercriminal organizations between July 2021 and November 2022. He was arrested in Rome and subsequently extradited to the United States. READ MORE...
Lockheed Martin was the target of an attack by an alleged pro-Iran hacktivist, which claims to have a large trove of data that it is threatening to sell on the dark web, Cybersecurity Dive has learned. The threat actor, tracked as APT Iran, claims to have stolen 375 terabytes of data from the aerospace and defense industry company, according to information from multiple security researchers, including Flashpoint and Check Point Software. READ MORE...
Driving after a DUI conviction can be a dicey experience. Many states require drivers, if they want to keep using their cars, to install ignition interlock devices that measure alcohol levels before allowing the vehicle to start. One of the most common is from Des Moines, Iowa-based Intoxalock, which takes the form of a small box with a plastic tube into which the driver blows. The box then measures the level of alcohol in the breath. READ MORE...
Japanese car maker Mazda Motor Corporation has disclosed a data breach impacting the personal information of hundreds of employees and business partners. The incident, the company says, was discovered in mid-December and involved "unauthorized access to the management system used for warehouse operations involving parts procured from Thailand". The information belongs to employees of Mazda and its group companies, and to business partners. READ MORE...
Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. In the breach notification sent to customers, Infinite Campus states that hackers accessed an employee's Salesforce account, exposing information that was mostly publicly available. The company has not published an official statement, but customers reported the incident on various public platforms. READ MORE...
Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people. "We are aware of recent claims and are currently working closely with leading cyber security experts to investigate the matter," Crunchyroll initially told BleepingComputer. "Our investigation is ongoing, and we continue to work with leading cybersecurity experts." Crunchyroll shared in a later statement. READ MORE...
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language. Experts say the wiper campaign against Iran materialized this past weekend and came from a relatively new cybercrime group known as TeamPCP. READ MORE...
Exploits remain the leading entry point for attackers for the sixth consecutive year, according to Mandiant's M-Trends 2026 report, which draws on more than 500,000 hours of incident response work conducted in 2025. The data shows attackers speeding up their internal hand-offs, shifting away from email phishing, and targeting backup and virtualization infrastructure with greater precision. Voice phishing climbed to the second-most common initial infection vector in 2025. READ MORE...
Google on Monday announced a fresh Chrome 146 update that resolves eight high-severity memory safety vulnerabilities. First on the list is CVE-2026-4673, a heap buffer overflow issue in WebAudio that earned the reporting researcher a $7,000 bug bounty reward. The same researcher discovered and reported CVE-2026-4677, an out-of-bounds read bug in WebAudio, but Google says it has yet to determine the bounty amount to be awarded for it. READ MORE...
The now-infamous Anthropic report about Chinese cyberspies abusing Claude AI to automate cyberattacks was a Rorschach test for the infosec community, according to former NSA cyber boss Rob Joyce. "There were people on one side who hated it," Joyce, who is now a venture partner at DataTribe, said during a Monday talk at RSAC. "They thought it was a meaningless distraction. There was another side who saw it as a significant insight into offensive operations." READ MORE...
The Federal Communications Commission on Monday said it will no longer approve imported routers for consumer use without government review. An interagency body convened by the White House determined that consumer-grade routers made outside the U.S. present an unacceptable risk to national security, according to FCC officials. The Trump administration's 2025 National Security Strategy says the U.S. should not be dependent on an outside power for core components. READ MORE...