Explore

CrowdStrike and Partners Dismantle GlassWorm Malware Infrastructure, Highlighting Ongoing Repository Security Challenges

CrowdStrike and Partners Dismantle GlassWorm Malware Infrastructure, Highlighting Ongoing Repository Security Challenges

CrowdStrike and Partners Dismantle GlassWorm Malware Infrastructure, Highlighting Ongoing Repository Security Challenges

FBI Warns of Russia-Linked Extortion Gang Targeting U.S. Law Firms

FBI Warns of Russia-Linked Extortion Gang Targeting U.S. Law Firms

The FBI has issued a warning about the Silent Ransom Group (SRG), a Russia-linked extortion gang that has been infiltrating U.S. law firms to steal client data. The group, which emerged from the Conti ransomware syndicate in 2022, uses operatives to physically insert USB drives into computers at law firms. These drives are used to exfiltrate files via tools like WinSCP or Rclone, with data being staged on platforms such as Google Drive or Microsoft OneDrive. The SRG does not deploy ransomware but instead threatens to publish stolen files on its data leak site, pressuring victims for payment. The FBI advises organizations to disable external drive connections, block port 22, require phishing-resistant multifactor authentication, and verify IT support credentials.

Russia-Linked 'GreyVibe' Attackers Utilize AI to Enhance Cyberattack Capabilities Against Ukraine

Russia-Linked 'GreyVibe' Attackers Utilize AI to Enhance Cyberattack Capabilities Against Ukraine

A new threat actor group, identified as GreyVibe, has been linked to Russia and is reportedly using artificial intelligence to enhance the sophistication and scale of its cyberattacks. According to WithSecure, GreyVibe has been targeting Ukrainian military, government, civilian, and business entities since August 2025. The group employs AI in various stages of its operations, including creating fake websites, crafting phishing lures, and developing custom malware. Despite their advanced use of AI, GreyVibe has made notable errors in their malware design, which has allowed researchers to track their activities. The group's use of AI is seen as a way to compensate for capability gaps and to create a fresh operational profile that complicates tracking and attribution.

Russia-Linked 'GreyVibe' Group Utilizes AI to Enhance Cyberattacks

Russia-Linked 'GreyVibe' Group Utilizes AI to Enhance Cyberattacks

The 'GreyVibe' group, linked to Russia, is reportedly using artificial intelligence to enhance the scale and sophistication of its cyberattacks. According to WithSecure, GreyVibe has been targeting Ukrainian military, government, and business entities since August 2025. The group employs AI for various operations, including creating fake websites, crafting phishing lures, and developing custom malware. Despite their advanced use of AI, GreyVibe has made operational mistakes, allowing researchers to track their activities. The group's use of AI highlights a trend where lower-sophistication actors leverage technology to amplify their capabilities.

CrowdStrike Dismantles Glassworm Botnet, Protecting Open-Source Software Developers

CrowdStrike Dismantles Glassworm Botnet, Protecting Open-Source Software Developers

CrowdStrike Dismantles Glassworm Botnet, Protecting Open-Source Software Developers

FBI Alerts Law Firms to Silent Ransom Group's Unique Data Theft Tactics

FBI Alerts Law Firms to Silent Ransom Group's Unique Data Theft Tactics

The FBI has issued a warning to U.S.-based law firms about the Silent Ransom Group, a cybercrime organization known for its unique approach to data theft. This group, believed to operate from Russia, targets law firms by impersonating IT support and, in some cases, physically visiting victims to gain access to computers. Unlike typical ransomware groups, Silent Ransom Group does not use encryption but relies on social engineering and in-person tactics to steal data. The group has been active since 2022 and has claimed responsibility for over 100 attacks, with a noticeable increase in activity recently.

U.K. Spy Chief Warns of Intensified Russian Cyber Threats Targeting Critical Infrastructure

U.K. Spy Chief Warns of Intensified Russian Cyber Threats Targeting Critical Infrastructure

Anne Keast-Butler, the director of the U.K.'s communications intelligence agency GCHQ, has issued a stark warning about the increasing cyber threats posed by Russia. In a speech at Bletchley Park, she highlighted that Russia is relentlessly targeting critical infrastructure, democratic processes, and public trust in the U.K. and Europe. Keast-Butler emphasized the urgency of addressing cybersecurity threats, noting that rapid advancements in artificial intelligence are shifting the landscape, creating a narrowing window for the U.K. and its allies to maintain a technological edge over adversaries like Russia and China. The warning comes amid a series of cyberattacks linked to Russia on critical infrastructure in countries such as Sweden, Poland, Denmark, and Norway.

GlassWorm Botnet Disrupted by Cybersecurity Firms

GlassWorm Botnet Disrupted by Cybersecurity Firms

GlassWorm Botnet Disrupted by Cybersecurity Firms

GitHub Actions Exploited by Megalodon Attack, Affecting 5,500 Repositories

GitHub Actions Exploited by Megalodon Attack, Affecting 5,500 Repositories

GitHub Actions Exploited by Megalodon Attack, Affecting 5,500 Repositories

Lithuania Investigates Foreign Involvement in Major Data Leak

Lithuania Investigates Foreign Involvement in Major Data Leak

Lithuania is investigating a significant data breach involving over 600,000 entries from national registers, suspecting foreign involvement. The breach primarily affected registers of real estate and legal entities, accessed using login credentials of authorized institutions. The head of the State Enterprise Centre of Registers, Adrijus Jusas, resigned following the incident. Lithuanian authorities have implemented additional cybersecurity measures, including blocking accounts of suspected data users and requiring updated credentials. While the prosecutor's office suspects a foreign country, it has not specified which nation. The breach has heightened concerns in Lithuania, a frequent target of Russia's hybrid warfare tactics.

Shadow Brokers' Leak of NSA Tools Continues to Impact Global Cybersecurity

Shadow Brokers' Leak of NSA Tools Continues to Impact Global Cybersecurity

In 2016, the Shadow Brokers, an enigmatic hacking group, released a trove of sophisticated cyberweapons believed to be stolen from the NSA. This leak included tools like EternalBlue, which exploited zero-day vulnerabilities in Windows systems. These tools were later used in major cyberattacks, such as the WannaCry ransomware by North Korean hackers and the NotPetya attack by Russian hackers, causing billions in damages globally. Despite the massive impact, the identities of the Shadow Brokers remain unknown, and no arrests have been made. The leak highlighted the risks of intelligence agencies hoarding vulnerabilities, as these can be exploited by malicious actors once exposed.

Lithuania Investigates Foreign Involvement in Massive Data Leak Affecting National Registers

Lithuania Investigates Foreign Involvement in Massive Data Leak Affecting National Registers

Lithuanian authorities are investigating a significant data breach involving over 600,000 entries from national registers, including real estate and legal entities. The breach was executed using login credentials of authorized institutions, and a foreign country is suspected of involvement. The head of the State Enterprise Centre of Registers has resigned following the incident. In response, Lithuania has implemented additional cybersecurity measures, such as blocking suspected accounts and updating access credentials. The breach raises concerns about potential espionage, as sensitive information about intelligence officers and military personnel may have been accessed.