X-Industry

Blockchain analysis firm Chainalysis has released new data indicating that ransomware activity in 2025 featured reduced overall revenue alongside increased disruption and economic damage.  Globally, on-chain payments to attackers totaled approximately $820 million, an 8% decline from the previous year, yet the number of attacks claimed rose by 50%, and the UK emerged as one of the most targeted nations with severe impacts on major organizations.[1]

The use of blockchain technology in tracking ra

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

Security researchers have uncovered a new supply chain attack targeting the NPM registry with malicious code that exhibits worm-like propagation capabilities.  Named Sandworm_Mode, the attack was deployed through 19 packages published under two aliases, which relied on typo squatting to trick developers into executing the malicious code.  According to cybersecurity firm Socket, the attack bears the hallmarks of the Shai-Hulud campaign that hit roughly 800 NPM packages in September and November 2

Artificial intelligence is becoming woven into the fabric of daily life, from helping doctors summarize medical notes to assisting developers with complex code.  As these systems move from novelty to infrastructure, the central question is no longer what they can do, but what happens when they are pushed to do what they should not.  A recent research paper titled Jailbreaking the Matrix: Nullspace Steering for Controlled Model Subversion and a companion article from TechXplore explore this quest

Our friends at SentinelLabs have published a great review on the current status of the malicious cyber capabilities of Iran.  Recent US and Israeli strikes against Iranian targets, followed by Iranian attacks on multiple regional locations, present a highly dynamic geopolitical situation with credible cyber threat implications.  Iran has historically incorporated cyber operations into periods of regional escalation.  Given the rapid escalation of geopolitical tensions, we assess that Iranian sta

As the healthcare sector continues to grapple with the professionalization of cybercrime, the University of Mississippi Medical Center (UMMC) has become the latest high-profile target in a sprawling ransomware attack.  This incident is a reminder of the "identity-first" battlefield and the catastrophic impact of machine-speed exfiltration on clinical operations.  The attack, first disclosed on 19 February 2026, has severely disrupted the state's only academic medical center. UMMC leadership, inc

Nowhere in the world has cyber threat activity been growing faster than in Latin America, thanks in part to relatively rapid digital adoption on the part of businesses in the region, combined with relatively stagnant cybersecurity growth.  Last year, researchers at Check Point tracked a 53% year-over-year rise in weekly cyberattacks in Latin America, and as of 2026, they confirmed it to be the most heavily targeted region on the planet.[1]

In an updated, unpublished March 2026 threat report shar

ANY.RUN, a provider of interactive malware analysis and threat intelligence solutions, has published new research outlining the most significant cyber threats targeting organizations in February 2026.  The report highlights how modern threat actors increasingly exploit trusted infrastructure, legitimate workflows, and gaps in early detection.[1]

Key Threat Trends Security Teams should Watch - February’s investigations reveal several important shifts in attacker tactics that directly impact enter

In the modern corporate landscape, cybersecurity has long been viewed as a necessary expense a "grudge purchase" designed to prevent disaster.  A groundbreaking study presented at the 59th Hawaii International Conference on System Sciences (HICSS) | 2026 provides the first empirical evidence that cybersecurity is a driver of financial success.  The paper, titled "Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls," introduces a novel way to measure a company's

Meta’s Ray-Ban AI glasses have shot up in popularity in recent years, selling over seven million pairs in 2025 in a considerable jump over the two million it sold in 2023 and 2024 combined.  While the smart glasses have scored big with consumers, allowing them to record first-person footage through an integrated camera and microphone array, and analyzing the world around them through Meta’s AI model, the hardware has sparked a heated debate.  Critics say enabling facial recognition in the glasse

Ollama is an open-source framework that enables users to run large language models locally on their own hardware. By design, the service binds to localhost at 127.0.0.1:11434, making instances accessible only from the host machine.  However, exposing Ollama to the public internet requires only a single configuration change: setting the service to bind to 0.0.0.0 or a public interface.  At scale, these individual deployment decisions aggregate into a measurable public surface.

Over the past year,

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

Drones have emerged as a significant security concern for US military bases and critical infrastructure.  These unmanned systems are typically low-cost, simple to operate, and difficult to detect using traditional air-defense sensors.  A single drone can be deployed for surveillance, smuggling, or disruption, creating a scenario where security forces must respond swiftly without overreacting.  To address this challenge, the US Army is adopting a new counter-drone platform known as DroneArmor.  D

In the 1980’s the rock group The Who, had a hit song: ‘Who are You.”  That was rock’n’roll, but what is happening now is a question of, “Is it Real, or is it Fake?”  Who are You?  In modern digital enterprises, the fastest-growing identity population is no longer human users; it is machine identity.  APIs, microservices, containers, cloud workloads, CI/CD pipelines, robotic process automation, and AI agents all authenticate using identities.  Each relies on credentials such as keys, certificates

Telecom security specialist ENEA has published a report highlighting how public 4G and 5G networks are increasingly integrated into modern drone operations during armed conflicts, particularly the Russia-Ukraine war.  The analysis raises concerns about the vulnerability of civilian infrastructure and urges governments and mobile operators to implement targeted controls rather than broad shutdowns.  Drones have emerged as a central element in contemporary warfare, especially in the ongoing Russia

Military action in Iran has increased the potential of cyberattacks from Iranian-sponsored actors and hacktivists, and criminal groups aligned with Iran.  Below is a brief on the types of attacks Iran has executed or sponsored in the past to provide a starting roadmap based on their past cyberattacks during similar times of conflict.[1]   

While the line between hacktivist and state-sponsored threat actors can be blurry, Iran is a formidable adversary hosting several prominent threat actors. Ira

A new report from blockchain data platform Chainalysis has revealed a significant rise in the use of cryptocurrency for illicit activities related to human trafficking.  The research indicates that cryptocurrency payments to suspected human trafficking services increased by 85% year-on-year in 2025, with the total value reaching hundreds of millions of dollars across the identified services.  The findings shed light on how criminal networks are adapting their financial operations, using digital

Most people think of Dungeons and Dragons (D&D) as a place for imagination, dice, and heroic misadventures.  Yet a team of computer scientists has turned this iconic tabletop game into something far more ambitious: a laboratory for understanding how artificial intelligence behaves when it must operate independently for long periods.  Their research paper, Setting the DC: Tool-Grounded D&D Simulations to Test LLM Agents, paired with the recent TechXplore article on the same work, reveals why D&D

Phishing remains the highest risk category for users and organizations in South Africa, accounting for 45.7% of detected threats.  According to ESET Research’s latest Threat Report, this compares with a significantly lower 32.5% in Africa.  The report summarizes the threat landscape trends observed in ESET telemetry and analyzed by ESET threat detection and research experts in the second half of 2025.  “Phishing remains the leading initial access vector affecting South African companies,” says T

Recently, a report was released from Unit 42, a threat intelligence and incident response arm of Palo Alto Networks detailing an investigation of approximately 750 breaches between 2024 and 2025.

Their findings indicate that "identity weaknesses" were present in about 89% of investigated cases. Additionally, in 65% of these cases, it seems that attackers were able to gain initial access with compromised credentials rather than other means like exploiting software weaknesses.

Another striking asp