Recent Posts
News•Feb 25, 2026
UnsolicitedBooker Targets Telecoms in Central Asia with New Backdoors
The China‑aligned threat group UnsolicitedBooker has begun targeting telecommunications providers in Kyrgyzstan and Tajikistan. The campaign employs two custom backdoors, LuciDoor and MarsSnake, delivered through phishing emails that embed malicious Office macros and loaders such as LuciLoad. These implants can harvest system data, execute commands and exfiltrate information, while the attackers also repurpose compromised routers as command‑and‑control nodes. The shift follows earlier operations against Saudi Arabian entities and shows tactical overlap with other clusters like Space Pirates.
By SC Media
News•Feb 25, 2026
Georgia Tech Researchers Highlight Vulnerabilities in Threat Intelligence Sharing
Georgia Tech researchers have uncovered critical weaknesses in the global threat‑intelligence supply chain, highlighting how inconsistent data quality and limited sharing impede rapid response. Their study, presented at the NDSS Symposium, found that while 67% of vendors sandbox suspicious binaries,...
By SC Media
News•Feb 25, 2026
New UAC-0050 Social Engineering Campaign Discovered
Russia‑linked threat group UAC‑0550, also known as DaVinci Group, launched a sophisticated social‑engineering campaign against a European financial institution that supports Ukraine. The attackers sent legal‑themed phishing emails from a counterfeit Ukrainian judicial domain, directing victims to download a ZIP...
By SC Media
News•Feb 19, 2026
CarGurus Purportedly Breached by ShinyHunters
CarGurus disclosed that approximately 1.7 million corporate files were taken by the ShinyHunters hacking group after a voice‑phishing attack compromised its single‑sign‑on credentials on Feb 13. The attackers threatened to publish the data unless negotiations were reached by Feb 20. ShinyHunters has previously...
By SC Media
News•Feb 19, 2026
Remote Access Abuse Drives Majority of Breaches
Arctic Wolf’s 2026 Threat Report reveals a dramatic shift toward data‑only extortion, which surged from 2% to 22% of incidents in 2025. Remote‑access tool abuse initiated 65% of non‑BEC breaches, while AI‑enhanced phishing powered 85% of BEC attacks. Ransomware remains common,...
By SC Media
News•Feb 18, 2026
Dataminr Report: Cyber Risk Shifted in 2025 with Increased Threat Actor Activity and Mega-Loss Events
Dataminr’s 2026 Cyber Threat Landscape Report shows a dramatic shift in cyber risk during 2025, with threat‑actor alerts soaring 225% year‑over‑year. Identity‑based intrusions now account for nearly 30% of attacks, driven by an 84% rise in infostealer malware and AI‑enhanced...
By SC Media
News•Feb 17, 2026
How to Transform Your SOC Through XDR and MDR
In a recent Palo Alto Networks webcast, experts highlighted that modern attackers compress breach timelines to under an hour, overwhelming traditional SOC processes. They argued that XDR platforms like Cortex XDR solve the data‑silo problem by unifying telemetry across endpoints,...
By SC Media
News•Feb 14, 2026
CISA Adds SolarWinds, Microsoft, Apple, Notepad++ Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, covering SolarWinds Web Help Desk, Microsoft Configuration Manager, Apple operating systems, and Notepad++. The SolarWinds flaw (CVE‑2025‑40536) and the Microsoft SQL‑injection...
By SC Media
News•Feb 13, 2026
Attribution of Sprawling Cyberespionage Campaign Allegedly Held Back Amid China Retaliation Fears
Palo Alto Networks' Unit 42 researchers linked the sprawling TGR‑STA‑1030 cyberespionage campaign to an Asian state‑aligned group, but chose not to publicly attribute it to China. Sources say the decision was driven by fears of retaliation, as Palo Alto's security software...
By SC Media
News•Feb 13, 2026
Google Gemini Weaponized in State-Sponsored Attacks
Google’s Gemini large‑language model is being weaponized by multiple state‑sponsored threat actors, according to the Google Threat Intelligence Group. North Korean UNC2970 and several Chinese groups such as Mustang Panda, Judgment Panda, APT41 and UNC795 are using Gemini for rapid...
By SC Media
News•Feb 13, 2026
From Perimeter to Protocol: Reducing Telecom Attack Surface with Privacy-First Mobile Technology
Telecom operators are confronting nation‑state campaigns such as Salt Typhoon and Volt Typhoon that exploit signaling and subscriber identity systems, rendering traditional perimeter defenses inadequate. In a briefing hosted by the Institute for Critical Infrastructure Technology, experts advocated privacy‑first mobile‑carrier...
By SC Media
News•Feb 13, 2026
Cyberintelligence Institute Launches CYROS App to Warn Against Cyber Threats
The Cyberintelligence Institute (CII) has released CYROS, a free smartphone app that warns users of emerging cyber threats such as ransomware, phishing, and digital sabotage. The platform aggregates alerts from Germany's Federal Office for Information Security, consumer‑protection groups, and security...
By SC Media
Deals•Feb 13, 2026
Nucleus Security Secures $20M Funding for Exposure Management Platform
Nucleus Security announced a $20 million funding round to expand its exposure management platform. The capital will be used to accelerate product development and market expansion.
SC Media