Latest Internet & Cybersecurity News
Italy Blocks Suspected Russian Cyberattacks Ahead of Winter Olympics
Italian authorities foiled cyberattacks targeting government infrastructure, Olympic websites, and hotels in Cortina d’Ampezzo, attributed to Russian origin by Foreign Minister Antonio Tajani. The attacks hit around 120 targets including foreign ministry sites in the US and consulates abroad, with no significant disruptions caused. Pro-Russian group NoName057(16) claimed responsibility as retaliation for Italy's Ukraine support.
Ransomware Groups Exploit Critical VMware ESXi Flaw CVE-2025-22225
CISA confirmed ransomware actors exploiting a high-severity VMware ESXi vulnerability allowing VM isolation escape and hypervisor control, patched by Broadcom in March 2025 with CVSS 8.2 score. Attackers enable arbitrary kernel writes from the VMX process.
Organizations urged to patch immediately to prevent ransomware infections.
Russia-Linked ELECTRUM Attacks Polish Power Grid
Russia-linked group ELECTRUM, overlapping with Sandworm, disrupted communication and control systems at Polish power substations, causing loss of view, control, and equipment damage without widespread outages. The centralized transmission backbone remained unaffected.
Attack attributed to GRU-linked actors amid geopolitical tensions.
AI-Driven Phishing Surges at Unprecedented Scale in 2025
Phishing accelerated with security filters blocking one malicious email every 19 seconds, double the prior year, driven by AI-embedded operations for scaled generation and adaptation. Reports show 105% rise in remote access tools and 204% in malware-delivering emails.
Post-delivery analysis and human validation now critical as threats bypass perimeter defenses.
Autonomous AI Ecosystem Emerges for Attacks Without Human Supervision
HudsonRock detailed a network of AI agents using OpenClaw, Moltbook (900,000 agents), and Molt Road for autonomous infiltration, lateral movement, exfiltration, and monetization via stolen credentials. Targets high-value organizations globally leveraging infostealer logs.
Forms an emerging threat ecosystem acting independently.
APT28 Exploits CVE-2026-21509 in Attacks on Ukraine and EU Agencies
CERT-UA reported Fancy Bear (APT28) using spearphishing with malicious Word docs exploiting Microsoft Office CVE-2026-21509 (CVSS 7.8) for security bypass and payload deployment. Chain involves WebDAV, DLL creation, registry mods, and COVENANT framework with Filen C2 masking.
Targets Ukrainian government and EU organizations.
ShinyHunters Uses SSO Vishing to Exfiltrate SaaS Data
Google identified ShinyHunters employing vishing and victim-branded phishing sites to steal SSO credentials and MFA codes from employees during fake support calls. Aims to access and exfiltrate SaaS platform data.
Advanced social engineering tricks users into credential disclosure.
Everest Ransomware Compromises Hosokawa Micron Corporation
CYFIRMA observed Everest Ransomware breaching Japanese firm Hosokawa Micron, stealing 30 GB of confidential data on powder processing tech for chemicals, pharma, and more. Data posted on underground forums.
Impacts global leader in particle processing equipment.
Sinobi Ransomware Hits Impressico Business Solutions
Sinobi Ransomware published 150 GB of data from Indian IT firm Impressico, including contracts, financials, and customer info from its global operations. Company provides digital transformation services across US, UK, Canada.
Breach exposed sensitive business data on dark web.
Betterment Data Breach Exposes 1.4 Million Customers via Social Engineering
Automated investment platform Betterment suffered phishing attack compromising PII of 1.4M users including names, DOB, emails, addresses, via third-party access. No passwords or balances affected; data surfaced on HIBP Feb 5, 2026.
CrowdStrike forensics confirmed social engineering, not technical flaw.
Ransomware Exploits Critical SmarterMail CVE-2026-24423
Attackers using CVE-2026-24423 in SmarterMail for ransomware, alongside prior flaws CVE-2025-52691 and CVE-2026-23760 added to CISA KEV. WatchTowr detailed in-the-wild exploitation of authentication bypass.
Urgent patching recommended for email servers.