A new analysis by researchers at CyberArk has detailed a significant research effort revealing operational details of a StealC malware operator by exploiting a vulnerability in the malware's leaked web panel. The recent findings demonstrate how poor security practices within criminal infrastructure can be turned against threat actors. StealC is information-stealing malware operating under a Malware-as-a-Service (MaaS) model since early 2023. It enables customers to steal passwords, session co
threatintel (6)
Cybercriminals are increasingly proving they do not need software vulnerabilities to compromise organizations; they need convincing deception. Researchers at Securonix are warning of a sophisticated phishing campaign targeting the hospitality sector that uses fake Booking.com reservation cancellations, deceptive CAPTCHA pages, and a panic-inducing fake Windows Blue Screen of Death (BSOD) to deploy a remote access trojan (RAT). The campaign, named PHALT#BLYX, highlights how attackers are blendi
Every time a computer performs a task, an invisible conversation unfolds inside it. Numbers move between memory and processor, circuits signal one another, and layers of software exchange instructions. These interactions feel instantaneous and effortless, yet behind the scenes, they carry a real energetic price. For decades, scientists believed that communication inside a machine could, at least in principle, be made thermodynamically free of cost. A new study overturns that assumption and sh
CyberVolk is a pro-Russia hacktivist persona Sentinel Labs first documented in late 2024, and it has been tracked using multiple ransomware tools to conduct attacks aligned with Russian government interests. After seemingly lying dormant for most of 2025 due to Telegram enforcement actions, the group returned in August 2025 with a new RaaS offering called VolkLocker (aka CyberVolk 2.x).
Below, researchers examine the functionality of VolkLocker, including its Telegram-based automation, encrypti
The United States federal government has ended its longstanding support for the Multi-State Information Sharing and Analysis Center (MS-ISAC), a trusted program for sharing cyber threat intelligence that state and local governments have relied on for years. The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed that its cooperative agreement with the Center for Internet Security (CIS) the nonprofit that runs MS-ISAC expired on 30 September 2025. With federal funding now cut,
US insurance giant Allianz Life announced on July 26 that hackers had stolen the personal information of many of its customers, financial professionals, and select Allianz Life employees in the United States. The insurance giant's filing with Maine's attorney general did not immediately provide the number of customers affected. According to the filing, the data breach, which the company described as a hack, occurred on July 16 and was discovered on July 17.
TechCrunch first reported the data
