New research from Trend Micro highlights the immense reach of Fancy Bear, also known as APT28 and Forest Blizzard. Fancy Bear is a cyber-espionage group believed to be operating at the behest of Russian military intelligence. The group has been operating since the mid-2000s, targeting a wide range of governments and organizations in line with Russian geopolitical interests. Fancy Bear has previously been accused of destructive attacks against Ukrainian critical infrastructure. READ MORE...
The leak online of exploit code for an apparent Windows zero-day flaw dubbed "BlueHammer" could be the sign of a larger issue that security researchers face when collaborating with Microsoft on vulnerability disclosure. Using the alias "Chaotic Eclipse," a researcher anonymously published a blog post on April 2 that contained a GitHub link for the exploit, expressing annoyance with Microsoft for an insufficient response to its disclosure of the flaw. READ MORE...
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. ChipSoft is a large provider of Electronic Health Record (EHR) systems in the Netherlands. Its flagship platform, HiX, is used by many Dutch hospitals. Earlier this week, users on Reddit reported that the digital solutions developer for the healthcare sector was affected by a cybersecurity incident. READ MORE...
A new extortion crew has targeted "several dozen high-value" corporations through phishing and helpdesk social-engineering, according to Google. Google Threat Intelligence Group tracks the financially motivated group as UNC6783, and in a blog post, principal threat analyst Austin Larsen said that it may have ties to the "Raccoon" persona. "We are aware of several dozen high-value corporate entities targeted across multiple sectors," Larsen wrote. READ MORE...
The fallout and potential exposure from Iran's state-backed targeting of U.S. critical infrastructure extends to more than 5,200 internet-connected devices, researchers at Censys said in a threat intelligence brief Wednesday. Of the programmable logic controllers manufactured by Rockwell Automation/Allen-Bradley that Censys identified as potentially exposed to Iranian government attackers, nearly 3,900, or about 3 out of every 4, are based in the United States. READ MORE...
I just blinked and the first quarter of the year is GONE. Where does the time go? I looked back at my article from last month where I touched on the use of AI and some of the vulnerabilities associated with it and realized it was good precursor to some themes at RSAC this year. AI was certainly the focus this year, with almost everyone having some form of AI connection to their products (some maybe just on paper?). READ MORE...
Google announced this week the first stable version of Chrome 147, which includes patches for 60 vulnerabilities, including two that have been rated critical. The critical vulnerabilities both impact Chrome's WebML component, which is designed for running machine learning models directly in the browser. The security holes, reported by anonymous researchers, have been described as a heap buffer overflow (CVE-2026-5858) and an integer overflow (CVE-2026-5859). READ MORE...
A man has appeared in federal court in Austin, Texas, after being extradited to the United States to face charges related to his alleged role as a key developer of the notorious RedLine malware. Prosecutors have charged Armenian national Hambardzum Minasyan with conspiring with others to develop and run RedLine, described by the US Department of Justice as "one of the most prevalent infostealing malware variants in the world." READ MORE...
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. Cisco Talos researchers attribute the malware to a threat group tracked internally as UAT-10362, who they describe as a capable adversary "with mature operational tradecraft." LucidRook was observed in attacks in October 2025 that relied on phishing emails carrying password-protected archives. READ MORE...
The recent FBI-led operation to knock Russian government hackers off routers sought to topple an especially insidious and threateningly contagious cyberespionage campaign, top bureau cyber official Brett Leatherman told CyberScoop. Researchers, along with U.S. and foreign government agencies, revealed details of the campaign this week by which APT28 compromised more 18,000 TP-Link routers and infiltrated more than 200 organizations worldwide. READ MORE...
The Cybersecurity and Infrastructure Security Agency on Wednesday added a critical flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2026-1340, stems from a code injection in Ivanti EPMM that allows an attacker to achieve remote code execution without authentication. CISA set a deadline of April 11 for federal civilian executive branch agencies to mitigate their environments. READ MORE...
Microsoft security researchers discovered that a third-party Android SDK widely used in cryptocurrency wallet applications is affected by a severe vulnerability that could expose highly sensitive information. The vulnerability was found in EngageLab's EngageSDK, which is designed for managing messaging and push notifications in mobile applications. According to Microsoft, the SDK is used by crypto wallet apps that have a total of more than 30 million installations. READ MORE...