Cybercriminals behind Tycoon2FA, a sophisticated phishing-as-a-service (PhaaS) platform, have rapidly resumed their attacks on cloud accounts, demonstrating remarkable resilience following a significant law enforcement takedown on March 4, 2026. Europol, in coordination with authorities from six countries, successfully seized 330 domains integral to the platform’s infrastructure. However, evidence suggests the…

Cybercriminals have devised a new method to distribute malware, ingeniously weaponizing a widely trusted online tool: Google Forms. A recently identified campaign is leveraging business-themed lures such as fictitious job interviews, project briefings, and financial documents to infect victim machines with a Remote Access Trojan (RAT) known as PureHVNC. This…

One of the world’s most dangerous state-backed hacking groups is actively targeting Remote Desktop Protocol (RDP) servers across critical infrastructure, defense organizations, and government agencies. The threat actor, known as APT-C-13 and widely tracked as Sandworm, APT44, Seashell Blizzard, and Voodoo Bear, has long been conducting cyber operations since at…

The accelerating adoption of generative AI technologies has amplified concerns regarding software supply chain security. In response, Microsoft has detailed a comprehensive set of security safeguards for generative AI models hosted on its Azure AI Foundry platform, addressing the emerging threat landscape at the nexus of AI and enterprise security.…

Two more GitHub Actions workflows, maintained by supply chain security firm Checkmarx, have been compromised by credential-stealing malware attributed to a threat actor known as TeamPCP. This operation is also linked to the recent Trivy supply chain attack, underscoring a persistent threat to software development pipelines. The compromised workflows represent…

The cybercriminal underground has seen a significant development with the emergence of a new Tor-based leak site, “ALP-001,” appearing on March 22, 2026. This platform openly advertises itself as a “Data Leaks / Access Market,” signaling a concerning trend of initial access brokers (IABs) evolving into full-scale extortion operators. Security…

A 26-year-old Russian national has been sentenced to 6.75 years in prison in the United States for his role in facilitating significant cybercrime operations. Aleksei Olegovich Volkov was instrumental in assisting major criminal groups, including the Yanluowang ransomware crew, in executing numerous attacks against U.S. companies and other organizations. This…

Citrix has issued critical security updates to address two vulnerabilities impacting its NetScaler ADC and NetScaler Gateway products. The most severe, rated critical, could allow unauthenticated attackers to gain access to and leak sensitive data from the application. These vulnerabilities underscore the ongoing threat landscape for enterprise security solutions. The…

Cybercriminals are actively targeting Android users with a sophisticated phishing campaign that exploits the popularity of AI tools like ChatGPT. These malicious actors are distributing malware disguised as beta-testing invitations for ChatGPT and Meta advertising apps, aiming to steal Facebook credentials and gain complete control over user accounts. This tactic…

A sophisticated SEO poisoning campaign has been actively targeting Windows users since at least October 2025, successfully tricking them into downloading malicious software disguised as legitimate applications. This operation, which remained largely undetected for approximately five months, was brought to light in March 2026 by researchers who uncovered its multi-stage…

A sophisticated malvertising campaign is actively leveraging tax season urgency to deploy a potent kernel-mode EDR killer on victim machines. Since at least January 2026, attackers have been using Google Ads to trick individuals searching for tax forms into downloading malicious software. The campaign specifically targets U.S. users seeking W-2…

A sophisticated macOS infostealer named MioLab, also known as Nova, has rapidly emerged as one of the most advanced Malware-as-a-Service (MaaS) platforms targeting Apple users. Advertised on Russian-speaking underground forums, MioLab signifies a significant shift in the threat landscape, demonstrating that macOS is no longer a low-risk target for cyber…