A Florida man who worked as a ransomware negotiator at a US cyber incident response firm has pleaded guilty to conspiring with the BlackCat/ALPHV ransomware group, feeding the attackers confidential information about his own clients while simultaneously negotiating on their behalf. Angelo Martino, 41, of Land O'Lakes, Florida, admitted to providing BlackCat operators with clients' insurance policy limits and internal negotiation strategies without his employer's or clients' knowledge. The oper
All Articles (2989)
Sort by
The US DHS, Cybersecurity and Infrastructure Security Agency (CISA) is launching new cybersecurity crisis planning guidance for critical infrastructure organizations. CISA’s new “CI Fortify” initiative notably pushes water utilities, the transportation sector and other critical infrastructure organizations to plan for a “geopolitical crisis” involving cyber-attacks that could sever their connections to internet, telecommunications and other technology services.
CISA’s guidance features two prim
Security researchers at Kaspersky say they have identified a malicious backdoor planted in the popular and long-running Windows disc imaging software, Daemon Tools. The Russian cybersecurity company said on 5 May that data collected from computers around the world running the Kaspersky antivirus software shows a “widespread” attack is under way, targeting thousands of Windows computers running Daemon Tools.
The hackers, whom Kaspersky has linked to a Chinese-language speaking group based on an
Imagine you're a chief executive. Your AI strategy task force has just presented you with two strategic options. The first one is safe. You can use agentic AI to reduce overhead and save 10% of overall human capital costs.
Organizations secure work phones and company laptops, but attackers could target the electrical current running through those devices. Direct current (DC) power regulation helps stabilize the energy powering electronics people use daily, from solar panels and connected cars to smartphones and essential computer parts. It's also vital across critical infrastructures, including telecommunications, industrial automation, and data centers. DC regulators provide stable voltage to prevent damage or
According to a recent security report, the North Korean hacker group APT37 is distributing an Android malware strain called “BirdCall” in a supply-chain attack through a compromised video game platform. BirdCall is a known backdoor for Windows systems, but APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android variant that also functions as spyware.
Researchers at cybersecurity company ESET say the threat group created BirdCall for Android around October 2024 and has sin
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
Life sciences are on the cutting-edge of innovation: They’re developing breakthrough drugs and vaccines, advanced medical devices and diagnostic tools, and sustainable environmental solutions. But all this advancement is exactly what makes pharmaceutical, biotech and medical device firms prime targets for cyberattacks, data breaches, fraud and even counterfeiting. And these risks are causing financial and operational disasters across the industry. That’s why comprehensive insurance programs a
By the time Ayleen Charlotte realized what had happened, she was broke, in debt, and did not know what to do. Her boyfriend of well over a year was Shimon Hayut, the infamous "Tinder Swindler," and she was one of many women he had scammed out of nearly everything they had. The women were victims of a "pig-butchering" scam, a type of social engineering campaign in which the criminal spends months building trust with the target, just as a farmer takes time to fatten a pig before slaughter, befor
Quantum technologies are often described as if they operate through a narrow keyhole, letting one fragile process slip through at a time. Work from Bar-Ilan University, described in the paper Multiplexed processing of quantum information across an ultrawide optical bandwidth shows that this picture is far too small. A single beam of quantum light can carry many independent channels at once, each one capable of carrying its own quantum information. The surprising part is that the limitation ha
A new warning has come from the US Federal Trade Commission (FTC) regarding a pointed surge in social media fraud, with reported consumer losses exceeding $2.1 billion in 2025. Representing an eightfold increase since 2020, malicious actors actively leveraged platforms like Facebook, Instagram, and WhatsApp to exploit nearly 30% of all fraud victims last year. Remarkably, individuals reported losing significantly more money to Facebook-originated schemes than to traditional text and email camp
Cybersecurity researchers at watchTowr Labs have reported a critical security vulnerability in cPanel and WHM (Web Host Manager) a software suite used to manage over 70 million websites globally. For your information, WHM is used for server-wide administration and cPanel is for individual website owners, and this vulnerability , tracked as CVE-2026-41940, allows hackers to bypass the suite’s login screens entirely to gain root access.
The risk is unmistakable given that CVE-2026-41940 has a CVS
Anthropic, the AI safety company behind the Claude family of models, said on 22 April 2026, that it is investigating reports of unauthorized access to an experimental internal system called Mythos, described in reporting by The Guardian as capable of enabling advanced hacking techniques. The disclosure has put a company that built its reputation on cautious AI development in the uncomfortable position of defending its own internal security.
What Anthropic has confirmed - The verified facts are n
In 2026, the question for security leaders is not whether a supply chain attack is coming. Every serious organization should assume it is. The question is whether their defense architecture can stop a payload it has never seen before. It is a question that takes on even more critical implications at a time when trusted agentic automation increasingly becomes the norm.
In three weeks this spring, three threat actors each ran a tier-1 supply-chain attack against widely deployed software: LiteLL
The UK’s National Cyber Security Centre (NCSC-UK) and allied cyber agencies are warning that China-linked actors are increasingly relying on vast proxy networks of hijacked consumer devices to conceal cyberattacks and evade detection. A new joint statement details how the threat actors now route malicious traffic through compromised routers, cameras, recorders, and network-attached storage (NAS) devices instead of using rented infrastructure. This method means attacks are harder to trace since
With attackers able to move at AI speed, defenders cannot rely on the techniques and instincts they have come to trust. "That means putting in place stronger identity controls," said Jack Butler, a senior enterprise solutions engineer at Sumo Logic, a SecOps vendor. "That means putting in place the more robust logging program and correlation engines to detect all of these in real time and reassess signals of trust. It needs to be reassessed dynamically."[1]
As for what to do about the substan
The race to build a quantum computer capable of breaking modern cryptography has always seemed like a contest of scale. The common belief has been that once someone builds a machine with a million high-quality qubits, the door to factoring classical asymmetric cryptography, such as RSA 2048, will swing open. Yet the closer the field gets to that scale, the more it becomes clear that the real obstacle is not the qubits themselves but the physical burden of supporting them. Q CTRL’s recent work
On 20 April 2026, the coding world was alerted after a widely used tool called @bitwarden/cli was found to be compromised. According to researchers at GitGuardian, who shared their analysis, the attack was a calculated operation by a group called TeamPCP, who used what researchers describe as a cross-campaign pivot to exploit trusted developer tools.
For context, Bitwarden is an open-source password manager that stores and encrypts sensitive data like passwords, API keys, and secure notes in a
The US Coast Guard's first-ever mandatory cybersecurity framework for ports, vessels, and offshore facilities has taken effect, ending two decades of voluntary compliance and putting operators on a countdown with a 2027 deadline. The regulations affect any US-flagged vessel or maritime facility subject to the Maritime Transportation Security Act of 2002 and require that they develop and maintain a cybersecurity plan, designate a Cybersecurity Officer (CySO), conduct annual assessments, and trai
Jack Wallen, Contributing Writer for ZDnet explains he has several Linux systems connected to his home lab; some of them are desktops, and some of them are servers. Ninety-nine percent of the time, those machines work flawlessly. When that 1% happens, any machine that goes south needs help.
One way of helping is via a small software package called Watchdog. This piece of software runs various checks to see if the hardware has "locked up." If it detects that it has happened, it will reboot the
