Prolific RansomHub Operation Goes Dark
The chat infrastructure and data-leak site of the notorious ransomware-as-a-service group has been inactive since March 31, according to security vendors.
-
-
Former CISA Head Slams Trump Admin Over ‘Loyalty Mandate’
Jen Easterly, former director of CISA, discussed the first 100 days of the second Trump administration and criticized the president’s “mandate for loyalty” during a panel at RSAC 2025.
-
Adversaries Are Toying With US Networks & DC Is Short on Answers
While nation-state actors are demonstrating how easily they can infiltrate US networks, government officials don’t seem to have a clear vision for what comes next.
-
TheWizards APT Casts a Spell on Asian Gamblers With Novel Attack
A SLAAC-spoofing, adversary-in-the-middle campaign is hiding the WizardNet backdoor malware inside updates for legitimate software and popular applications.
-
Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense
As the field of artificial intelligence (AI) continues to evolve at a rapid pace, new research has found how techniques that render the Model Context Protocol (MCP) susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new report from Tenable. MCP, launched by Anthropic in…
-
Phishers Take Advantage of Iberian Blackout Before It’s Even Over
Opportunistic threat actors targeted Portuguese and Spanish speakers by spoofing Portugal’s national airline in a campaign offering compensation for delayed or disrupted flights.
-
DHS Boss Noem Vows to Get CISA Back ‘On Mission’
Secretary Noem asks the cybersecurity community to get in touch with CISA to help reshape the agency to focus on finding efficiencies.
-
DARPA Highlights Critical Infrastructure Security Challenges
Leaders at federal research organizations DARPA, ARPA-I, and ARPA-H discussed the myriad obstacles in addressing critical infrastructure security at RSAC Conference 2025.
-
[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats
How Many Gaps Are Hiding in Your Identity System? It’s not just about logins anymore. Today’s attackers don’t need to “hack” in—they can trick their way in. Deepfakes, impersonation scams, and AI-powered social engineering are helping them bypass traditional defenses and slip through unnoticed. Once inside, they can take over accounts, move laterally, and cause…
-
Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool
A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle (AitM) attacks. “Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAAC) spoofing, to move laterally in the compromised network, intercepting packets and