In a recent law enforcement operation, the Federal Bureau of Investigation (FBI) dismantled the notorious cyber-criminal forum known as the Russian Anonymous Marketplace (RAMP), a platform favored by ransomware actors and initial access brokers. This takedown represents a significant disruption in the cybercrime landscape, particularly for Russian-speaking cybercriminals. The news of RAMP's disarray emerged in late January 2026, when several cyber threat intelligence (CTI) analysts observed tha
All Articles (2869)
Sort by
Researchers at Varonis Threat Labs have disclosed a proof-of-concept attack technique that enables the silent exfiltration of outgoing emails from Microsoft 365 accounts using legitimate Outlook add-ins. Named Exfil Out&Look, the method exploits Outlook Web Access (OWA) to intercept and transmit email content without generating forensic traces in audit logs. The technique involves creating a custom Outlook add-in with standard web technologies, including a manifest file that specifies minimal
Microsoft is warning that the June expiration of software certificates will put those still using Windows 10 in an even more vulnerable state. The software certificates deal with a feature called Secure Boot, which can prevent a PC from loading malicious code as the machine starts up. Microsoft initially introduced the feature in 2011 with Windows 8 to ensure only trusted software runs during the boot process, warding off potential "pre-boot malware" threats.[1]
The problem is that “all Window
It's happening: AI bots are starting to organize in their own digital societies. The kicker? The humans are setting up institutions for them. Are we digging our own graves? For now, there's some reason to believe what's going on is more hype than substance. But while it's the first time we have seen some things, they're a continuation of the agentic AI theme that's been building for about a year. It wouldn't be surprising if more is on the way.
Even OpenAI CEO Sam Altman is on edge this we
Ollama is an open-source framework that enables users to run large language models locally on their own hardware. By design, the service binds to localhost (127.0.0.1) on port 11434, making instances accessible only from the host machine. However, exposing Ollama to the public internet requires only a single configuration change: setting the service to bind to 0.0.0.0 or a public interface. At scale, these individual deployment decisions aggregate into a measurable public surface.[1]
Over the p
A new report from Cyfirma has identified a sophisticated Android application, "Hicas," which, while masquerading as a "Smart Travel Packing Companion" on the Google Play Store, covertly functions as a fraudulent loan platform. The app, which has amassed over 500,000 downloads, specifically targets users in India, raising significant concerns about financial crime and data privacy. Initially appearing as a legitimate utility designed to assist travelers with packing, Hicas presented itself inno
An Anthropic staffer who led a team researching AI safety departed the company on 9 February, darkly warning both of a world “in peril” and the difficulty in being able to let “our values govern our actions” without any elaboration in a public resignation letter that also suggested the company had set its values aside.
Anthropic safety researcher Mrinank Sharma's resignation letter garnered 1 million views by the 9th.
Mrinank Sharma, who had led Anthropic’s safeguards research team since its la
The Center for Strategic and International Studies (CSIS) has provided a research paper on maritime cyber security. Maritime ports underpin the global economy, handling over 80% of trade by volume. In recent decades, ports have increasingly digitized, integrating automated terminals, networked operational technology (OT), and data-driven management systems. While digitization increases port productivity, it also introduces acute cyber vulnerabilities. Absent significant cybersecurity improve
Social media has overtaken email as the primary channel for online scams in the UK, accounting for 34% of reported incidents according to recent research. This shift highlights growing concerns over fraudulent content on platforms such as Facebook and Instagram, particularly in finance-related advertising. A new analysis by BrokerChooser examined over 1,200 active finance-related ads in the Meta Ads Library to assess exposure to high-risk promotions across multiple countries. The study classi
A surge in ShinyHunters SaaS data theft incidents has been linked to highly targeted voice phishing (vishing) campaigns that combine live phone calls with convincing, company-branded phishing sites.
In these attacks, threat actors impersonate corporate IT or helpdesk staff and contact employees directly, claiming MFA settings need urgent updates. Victims are then guided to fake SSO portals designed to capture credentials and MFA codes.
According to reports released this week from Okta and Mandia
A new security feature rolled out to select models of the latest iPhones and iPads will make it more difficult for law enforcement, spies, and malicious hackers to obtain a person’s precise location data from their phone provider. According to Apple, the new feature, when enabled, limits the precision of location data that iPhones and cellular-enabled iPads share with the customer’s cell carrier. Sharing a less precise location, such as the general neighborhood rather than a street address, wi
Red Sky Alliance recently heard a Podcast presented by the Torch, which highlighted US law enforcement sources explaining the hazards of the gaming platform RoBlox. This is a popular game frequented by children of various ages. Questions arise asking: Is your kid begging for a Roblox account or more screen time to play it? Have you noticed your child chatting online while playing Roblox? If these issues have cropped up in your household, you may wonder whether Roblox is safe for kids.[1]
Rob
Touch the back of a laptop, and the warmth you feel is energy that has already been paid for, processed by chips, and then dissipated as heat. The work by Toshimasa Fujisawa and colleagues, reported in Communications Physics as “Efficient heat-energy conversion from a non-thermal Tomonaga-Luttinger liquid” and summarized in the TechXplore piece “A new approach to energy harvesting opened up by the quantum world,” asks a simple but radical question: what if that waste heat could be turned back i
New research from Truesec reports that a newly formed Russian hacker alliance, calling itself the Russian Legion, has issued a warning of an imminent large-scale cyberattack against Denmark, code named ‘OpDenmark.’ The alliance, led by the hacker group Cardinal and comprising The White Pulse, Russian Partizan, and Inteid, was publicly announced last week. Meanwhile, Inteid is linked to a recent DDoS attack targeting Denmark’s health portal, sundhed.dk.[1] “The first threat was published on th
Hacking Moltbook: The AI Social Network Any Human Can Control - Moltbook, the weirdly futuristic social network, has quickly gone viral as a forum where AI agents post and chat. But what researchers discovered tells a different story and provides a fascinating look into what happens when applications are vibe-coded into existence without proper security controls.
Analysts at Wiz Research identified a misconfigured Supabase database belonging to Moltbook, allowing full read and write access to a
As the Milano Cortina 2026 Winter Olympics approach, cybersecurity researchers and industry experts warn that the Games will once again serve as a high-value convergence point for cybercrime, espionage, and politically motivated disruption. According to Palo Alto Networks' Unit 42, nation-state actors, cybercriminal groups, and hacktivists are expected to target Olympic-related infrastructure not only for short-term impact but also for long-term access, intelligence collection, and global visib
Social media has overtaken email as the primary channel for online scams in the UK, accounting for 34% of reported incidents according to recent research. This shift highlights growing concerns over fraudulent content on platforms such as Facebook and Instagram, particularly in finance-related advertising. A new analysis by BrokerChooser examined over 1,200 active finance-related ads in the Meta Ads Library to assess exposure to high-risk promotions across multiple countries. The study classi
AI coding assistants have long since moved beyond autocomplete. Agentic IDEs now read your project, plan multi-step changes, call tools, install libraries, and quietly edit your codebase. To support that workflow, tools like Claude Code include support for third-party plugin marketplaces. Connect a marketplace. Enable a plugin. Your agent gains new “skills” for tests, infra, migrations, and dependency management. OpenAI has adopted a similar pattern for tools, so to be clear, this is not a
Cybersecurity and data privacy have moved well beyond the IT function; they are now central legal, regulatory, and enterprise-risk concerns. According to Norton Rose Fulbright's 2026 Annual Litigation Trends Survey, cybersecurity exposure continues to escalate for US organizations, even as overall litigation volumes decline modestly. The findings reflect the reality that cybersecurity leaders already recognize breaches are no longer just technical failures. They trigger regulatory scrutiny, c
Russia's unconventional warfare against Europe has intensified significantly, with hostile cyber operations and sabotage activities almost quadrupling in 2025. A new analysis from the International Institute for Strategic Studies (IISS) reveals a concerted campaign targeting critical infrastructure, aiming to destabilize governments and weaken support for Ukraine. This "shadow war" operates below the threshold of declared conflict yet inflicts substantial cumulative damage across the continent
