Latest Internet & Cybersecurity News
Threat Actors Claim Breaches of Hyatt, Nike, McDonald's India, Under Armour
Threat actors announced breaches targeting major brands including Hyatt Hotel, Nike, McDonald's India, and Under Armour, exposing sensitive data. This wave of claimed intrusions highlights ongoing risks to high-profile corporations from ransomware and data theft groups.
No confirmed impacts or ransoms detailed yet.
UK Launches 'Report Fraud' Service to Combat Cybercrime
The UK introduced 'Report Fraud', a new online portal replacing Action Fraud for faster cybercrime and fraud reporting. It aims to improve victim visibility and streamline investigations criticized in the past.
The platform enhances authority responses to incidents.
Law Enforcement Raids Initial Access Brokers for Black Basta
Ukrainian and German authorities raided two suspects providing credentials to Black Basta ransomware, identifying Russian ringleader Oleg Nefedov. Separately, Jordanian broker 'r1z' pleaded guilty to selling access to 50+ companies.
These actions disrupt cybercrime supply chains.
Tennessee Man Pleads Guilty to Hacking US Supreme Court
A 24-year-old Tennessee man admitted hacking the US Supreme Court, VA Health System, and Americorps, posting evidence on Instagram. He stole credentials and accessed restricted systems multiple times in 2023.
Case underscores risks of credential theft and social media boasting.
Cisco Patches Actively Exploited 0-Day RCE in Unified Communications
Cisco fixed CVE-2026-20045 (CVSS 8.2), a critical RCE in Unified Communications Manager and Webex Calling via HTTP flaws. Unauthenticated attackers can gain root access; exploitation observed and added to CISA KEV.
Immediate patching urged with no workarounds.
AI-Generated VoidLink Malware Targets Cloud Platforms
Check Point revealed VoidLink, advanced Linux malware mostly AI-generated, targeting AWS, GCP, Azure, Alibaba, Tencent clouds. Developed in under a week by one actor via OPSEC errors; future support for more providers planned.
First documented case of near-fully AI-built advanced malware.
Microsoft Azure Hit by Massive DDoS from 500,000+ IPs
Microsoft reported a massive DDoS attack on Azure originating from over 500,000 IP addresses. The scale underscores evolving DDoS threats to cloud services.
No further outage details provided.
APT28 Targets Ukrainian Supply Chains and Others with Phishing
Russian APT28 ran credential-harvesting via fake Outlook, Google, Sophos pages against Turkish energy/nuclear, EU think tanks, North Macedonia, Uzbekistan. Campaigns focus on energy, nuclear, policy sectors.
Persistent geopolitical cyber espionage noted.
PLUGGYAPE Malware Hits Ukrainian Defence via Fake Charities
CERT-UA reported social engineering delivering PLUGGYAPE backdoor via fake charity sites to Ukrainian defence forces. Python installer grants system access to attackers.
Part of ongoing Russia-Ukraine cyber conflict.
NoName057(16) Continues DDoS on UK, Warns NCSC
UK NCSC alerted on pro-Russian NoName057(16) DDoS attacks coordinated via Telegram/GitHub targeting UK services. Attacks, though simple, can disrupt essentials.
Officials emphasize resilience needs.
US Cyber Ops Disrupt Venezuela in Maduro Capture
US cyberattacks disabled Caracas power grid and air defenses during Operation Absolute Resolve to capture Maduro. Power outages lasted minutes to 36 hours in areas.
Highlights state-sponsored cyber in military ops.
AI Governance Emerges as Top Cyber Risk for 2026
Allianz report ranks AI as second-top business cyber risk, driving 2026 focus on governance and guardrails. 94% see AI supercharging cyber arms race; security assessments doubled.
Balances innovation with threats amid US-China race.