The US Federal Bureau of Investigation (FBI) has issued a public service announcement warning organizations and individuals about Kali365, a Phishing-as-a-Service (PhaaS) platform first observed in April 2026. The service is distributed primarily through Telegram and enables even less-technical attackers to hijack Microsoft 365 accounts by stealing OAuth access and refresh tokens, bypassing the need for passwords or multi-factor authentication (MFA). This gives almost anyone the means to carry
cybersecurity (56)
Using FreeWave Zentry Solution and REDXRAY together can help organizations significantly strengthen cyber resilience by improving visibility, reducing operational risk, and accelerating response to emerging threats.
FreeWave Zentry is an engineered, prevention-first Zero Trust network overlay purpose-built for critical infrastructure and OT/IIoT environments that makes assets functionally invisible to unauthorized users and automated threats through a resilient cryptographic fabric, while REDXRA
Artificial intelligence has become integral to contemporary cyber-attack planning and execution. Recent research demonstrates how embedded AI systems now operate across organized cybercrime activities, fundamentally altering attack methodologies through increased speed and targeting precision. Europol's 2026 threat assessment identifies the integration of automation and AI as a defining characteristic of modern cybercrime. Industry reporting indicates that AI vulnerabilities and AI-enabled fra
In the manufacturing sector, the traditional boundary between "the network" and "the floor" has effectively dissolved. According to Trackforce's executive trends report, Cyber-Physical Security Convergence in Manufacturing, the manufacturing world is entering an era where operational uptime is inseparable from cybersecurity posture. For cybersecurity professionals, this shift means that protecting data is no longer the sole objective; the new mandate is protecting operational continuity. When
Sentinel Labs has provided yet another great report on: Building an Adversarial Consensus Engine / Multi-Agent LLMs for Automated Malware Analysis. Large Language Models can perform static malware analysis, but individual tool runs produce unreliable results contaminated by decompiler artifacts, dead code, and hallucinated capabilities.[1]
Researchers built a multi-agent architecture for reversing macOS malware that treats each reverse engineering tool (radare2, Ghidra, Binary Ninja, IDA Pro) a
Rebranded as TrendAI, Trend Micro has published findings from a global study of 3,700 business and IT decision makers showing that 67% felt pressured to approve artificial intelligence projects despite security concerns. One in seven described those concerns as extreme, yet overrode them to match competitors and meet internal demands.
Chief Platform and Business Officer and Head of TrendAI, Rachel Jin, commented: “Organizations are not lacking awareness of risk; they’re lacking the conditions t
A new report from blockchain data platform Chainalysis has revealed a significant rise in the use of cryptocurrency for illicit activities related to human trafficking. The research indicates that cryptocurrency payments to suspected human trafficking services increased by 85% year-on-year in 2025, with the total value reaching hundreds of millions of dollars across the identified services. The findings shed light on how criminal networks are adapting their financial operations, using digital
The past few years have brought an extraordinary shift in how digital content is created. Videos and images that once required studios, actors, and expensive equipment can now be produced by generative deep learning models that run on a laptop. These systems can fabricate a person’s face, voice, and gestures with such precision that the results often look indistinguishable from real footage. This technological leap has opened remarkable creative possibilities, yet it has also created a new kind
Hacking Moltbook: The AI Social Network Any Human Can Control - Moltbook, the weirdly futuristic social network, has quickly gone viral as a forum where AI agents post and chat. But what researchers discovered tells a different story and provides a fascinating look into what happens when applications are vibe-coded into existence without proper security controls.
Analysts at Wiz Research identified a misconfigured Supabase database belonging to Moltbook, allowing full read and write access to a
The Trump administration is considering a range of measures against Iran in response to the regime's crackdown on anti-government protests, which has reportedly resulted in hundreds/thousands of deaths. Protests in Iran began in late December 2025, initially sparked by economic grievances including soaring prices and currency collapse. They have since evolved into widespread anti-government demonstrations challenging the Islamic Republic's theocratic system.[1]
Human rights groups, such as the
SentinelLABS has been researching how large language models (LLMs) are impacting cybersecurity for both defenders and adversaries. As part of our ongoing efforts in this area and our well-established research and tracking of crimeware actors, researchers have been closely following the adoption of LLM technology among ransomware operators. Analysts have observed that three structural shifts appear to be unfolding in parallel.
First, the barriers to entry continue to fall for those intent on cy
While analyzing one of the affiliate programs, Doctor Web’s researchers discovered a unique piece of malware with clicker functionality and called it a Trojan.ChimeraWire. This malware targets computers running Microsoft Windows and is based on the open-source projects zlsgo and Rod for automated website and web application management.
Trojan.ChimeraWire allows cybercriminals to simulate user actions and boost a website's behavioral ranking by artificially increasing its search engine rankings.
Industrial cyber security is facing significant challenges driven by the increasing complexity of attacks, such as ransomware and supply-chain compromises, alongside a proliferation of interconnected devices and a persistent shortage of skilled professionals. Attacks against critical infrastructure have evolved from isolated incidents into coordinated conducted by both state and non-state actors.
Cyber threats have increased in frequency and technical capability, particularly those leveraging A
After years of quiet escalation, business leaders are finally beginning to grasp just how serious the threat of fraud has become. Today, almost half of all fraud attempts (41%) involve artificial intelligence. Nowhere is this more evident than in the payments industry. Fraudsters can use AI to generate convincing fake invoices, purchase orders, and payment instructions that mirror legitimate business documents. I’ve seen examples that are indistinguishable from the real thing, which is a tre
The Russian government's relationship with its cybercriminal ecosystem has transitioned from passive tolerance to active state management, marking a strategic shift. This report, covering 2024–2025, details the "Dark Covenant 3.0," characterized by selective enforcement, choreographed arrests, and direct coordination between criminal leaders and Russian intelligence intermediaries.
Insikt Group found that Russia leverages these criminal groups as geopolitical tools, with detentions and releases
Hackers, criminals, and spies are rapidly adopting Artificial Intelligence (AI), and considerable evidence is emerging of a substantial acceleration in AI-enabled crime. This includes evidence of the use of AI tools for financial crime, phishing, distributed denial of service (DDoS), child sexual abuse material (CSAM), and romance scams. In all these areas, criminal use of AI is already augmenting revenue generation and exacerbating financial and personal harms. Scammers and social engineers,
They say necessity is the mother of invention. As our reliance on digital infrastructure has grown, we have demanded more from our networks: seamless access, automated processes, uninterrupted user journeys, and effortless interoperability. Each improvement has pushed us further toward a hyper-connected, “smarter” enterprise, but at a cost that rarely registers on the risk scale. In the background, facilitating all of this is a new type of workforce, an army of AI bots and agents that keep t
Over the past year, FortiGuard Labs has been tracking a stealthy malware strain exploiting a range of vulnerabilities to infiltrate systems. Initially disclosed by a Chinese cybersecurity firm under the name “Gayfemboy,” the malware resurfaced in July with new activity, targeting vulnerabilities in products from vendors such as DrayTek, TP-Link, Raisecom, and Cisco, and exhibiting signs of evolution in both form and behavior. This Fortinet research presents an in-depth analysis of Gayfemboy, r
Cybersecurity researcher Jeremiah Fowler identified two unprotected, misconfigured databases containing nearly one million records linked to Ohio Medical Alliance LLC, a company better known under its brand name Ohio Marijuana Card. Fowler, who reported the exposure to Website Planet, found that the databases were left open without encryption or password protection, allowing anyone with an internet connection to access names, Social Security numbers (SSN), dates of birth, home addresses, and hi
Homeland Security Investigations (HSI), in partnership with US and international law enforcement agencies, has dismantled the infrastructure behind BlackSuit ransomware, a major cybercriminal group and successor to Royal ransomware, in a coordinated global operation. The action targeted the backbone of the group's operations, including servers, domains, and digital assets used to deploy ransomware, extort victims, and launder proceeds. According to US Immigration and Customs Enforcement (ICE),
