Throughout early 2026, SentinelOne’s® Digital Forensics & Incident Response (DFIR) team has responded to several incidents in which FortiGate Next-Generation Firewalls (NGFW) have been compromised to establish a foothold in the targeted environment. Each incident was detected and stopped during the lateral movement phase of the attack. Fortinet disclosed and issued patches for several high-severity vulnerabilities, allowing unauthorized access during our investigation period. Successful explo
All Articles (2914)
Sort by
The National Centre for Nuclear Research (NCBJ) is Poland’s largest research institute focused on nuclear science and technology. It operates the country’s only nuclear research reactor, MARIA, and conducts research in nuclear and particle physics, reactor technology, radiopharmaceuticals for medical applications, and industrial and environmental applications.
NCBJ also supports Poland’s civilian nuclear power program, but it does not conduct any military-related activities. Poland does not ha
Cofense researchers have found a new phishing scam where threat actors use LiveChat software to impersonate brands like Amazon and PayPal. By chatting with victims in real-time, these cybercriminals can bypass security codes and steal credit card information. Online threat actors have found a new way to trick people by using live chat tools that we usually see on official business websites. According to the latest research from the Cofense Phishing Defense Center (PDC), a new wave of scams is
Criminals have secretly hijacked more than 14,000 devices worldwide to carry out attacks that are almost impossible to protect against, security researchers have warned. Many devices infected by the sophisticated new malware, called ‘KadNap’, are Asus routers, which are being used to route malicious traffic to carry out large-scale cyberattacks. Details of the KadNap botnet were shared by the cybersecurity firm Lumen in a new report, which revealed that it is using a decentralized peer-to-peer
As maritime navigation and tracking become ever more dependent on satellite-based systems, this has also given rise to an increase in reports of Global Navigation Satellite System (GNSS) interference affecting commercial shipping routes.[1]
What is GNSS? The Global Navigation Satellite System comprises of 4 operational satellite constellations, that serve both civilian and military use:
- Global Positioning System (US)
- Galileo (EU)
- GLONASS (Russia)
- BeiDou (China)
These constellations, combined
Cybersecurity has evolved beyond issues of ransomware, data loss, or reputational damage; it is now a fundamental matter of national security. The 2026 State of Security Report released by Recorded Future confirms that government-backed cyber operations aimed at espionage and disruption have become commonplace. Geopolitics is now a significant risk factor for organizations, transforming cybersecurity into a strategic challenge heavily influenced by state behavior. International tensions and
Today is Friday the 13th. The 13th is a day often associated with ‘bad luck’. It got us to thinking, is there an association with this ‘bad luck’ day and cyber attacks? So, we asked for an AI determination. AI replied, “There is no established or widely recognized connection between Friday the 13th and cyber-attacks. While Friday the 13th is considered an unlucky day in Western superstition, there is no evidence to suggest that cyber criminals specifically target this date for attacks. How
Blockchain analysis firm Chainalysis has released new data indicating that ransomware activity in 2025 featured reduced overall revenue alongside increased disruption and economic damage. Globally, on-chain payments to attackers totaled approximately $820 million, an 8% decline from the previous year, yet the number of attacks claimed rose by 50%, and the UK emerged as one of the most targeted nations with severe impacts on major organizations.[1]
The use of blockchain technology in tracking ra
North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States. The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t
Security researchers have uncovered a new supply chain attack targeting the NPM registry with malicious code that exhibits worm-like propagation capabilities. Named Sandworm_Mode, the attack was deployed through 19 packages published under two aliases, which relied on typo squatting to trick developers into executing the malicious code. According to cybersecurity firm Socket, the attack bears the hallmarks of the Shai-Hulud campaign that hit roughly 800 NPM packages in September and November 2
Artificial intelligence is becoming woven into the fabric of daily life, from helping doctors summarize medical notes to assisting developers with complex code. As these systems move from novelty to infrastructure, the central question is no longer what they can do, but what happens when they are pushed to do what they should not. A recent research paper titled Jailbreaking the Matrix: Nullspace Steering for Controlled Model Subversion and a companion article from TechXplore explore this quest
Our friends at SentinelLabs have published a great review on the current status of the malicious cyber capabilities of Iran. Recent US and Israeli strikes against Iranian targets, followed by Iranian attacks on multiple regional locations, present a highly dynamic geopolitical situation with credible cyber threat implications. Iran has historically incorporated cyber operations into periods of regional escalation. Given the rapid escalation of geopolitical tensions, we assess that Iranian sta
As the healthcare sector continues to grapple with the professionalization of cybercrime, the University of Mississippi Medical Center (UMMC) has become the latest high-profile target in a sprawling ransomware attack. This incident is a reminder of the "identity-first" battlefield and the catastrophic impact of machine-speed exfiltration on clinical operations. The attack, first disclosed on 19 February 2026, has severely disrupted the state's only academic medical center. UMMC leadership, inc
Nowhere in the world has cyber threat activity been growing faster than in Latin America, thanks in part to relatively rapid digital adoption on the part of businesses in the region, combined with relatively stagnant cybersecurity growth. Last year, researchers at Check Point tracked a 53% year-over-year rise in weekly cyberattacks in Latin America, and as of 2026, they confirmed it to be the most heavily targeted region on the planet.[1]
In an updated, unpublished March 2026 threat report shar
ANY.RUN, a provider of interactive malware analysis and threat intelligence solutions, has published new research outlining the most significant cyber threats targeting organizations in February 2026. The report highlights how modern threat actors increasingly exploit trusted infrastructure, legitimate workflows, and gaps in early detection.[1]
Key Threat Trends Security Teams should Watch - February’s investigations reveal several important shifts in attacker tactics that directly impact enter
In the modern corporate landscape, cybersecurity has long been viewed as a necessary expense a "grudge purchase" designed to prevent disaster. A groundbreaking study presented at the 59th Hawaii International Conference on System Sciences (HICSS) | 2026 provides the first empirical evidence that cybersecurity is a driver of financial success. The paper, titled "Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls," introduces a novel way to measure a company's
Meta’s Ray-Ban AI glasses have shot up in popularity in recent years, selling over seven million pairs in 2025 in a considerable jump over the two million it sold in 2023 and 2024 combined. While the smart glasses have scored big with consumers, allowing them to record first-person footage through an integrated camera and microphone array, and analyzing the world around them through Meta’s AI model, the hardware has sparked a heated debate. Critics say enabling facial recognition in the glasse
Ollama is an open-source framework that enables users to run large language models locally on their own hardware. By design, the service binds to localhost at 127.0.0.1:11434, making instances accessible only from the host machine. However, exposing Ollama to the public internet requires only a single configuration change: setting the service to bind to 0.0.0.0 or a public interface. At scale, these individual deployment decisions aggregate into a measurable public surface.
Over the past year,
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated
Drones have emerged as a significant security concern for US military bases and critical infrastructure. These unmanned systems are typically low-cost, simple to operate, and difficult to detect using traditional air-defense sensors. A single drone can be deployed for surveillance, smuggling, or disruption, creating a scenario where security forces must respond swiftly without overreacting. To address this challenge, the US Army is adopting a new counter-drone platform known as DroneArmor. D
