CyberSecured News

The FBI put out a fresh alert this week highlighting how the Silent Ransom Group has taken social engineering to the streets. These operators are no longer content with remote tricks alone. They are now sending people directly to victim sites to plug in USB drives and walk off with sensitive files from law firm computers across the United States. This shift marks a bolder phase for the crew, also tracked as Luna Moth. They start with the usual playbook, calling or emailing staff while pretending to be internal IT support. Once they have the target on the line, they push for remote desktop access. If that fails, the next step is dispatching someone in person to gain physical entry and connect external storage devices. The goal is straightforward: grab data fast and use it for extortion later. Law firms have been prime targets for this group since at least early 2023. Their client files often contain high-value information that carries serious leverage in ransom demands. After snatchin...

   A swift and sneaky malware operation hit the open source world hard last week, poisoning thousands of GitHub repositories in a matter of hours. Dubbed Megalodon, the campaign slipped malicious code into more than 5,500 projects, targeting the very workflows developers rely on to build and deploy software. This kind of supply chain compromise strikes at the foundation of modern development, where one tainted repo can ripple out to countless downstream users and enterprises. The attack unfolded on May 18 over a tight six-hour window. Operators used fake accounts and forged identities to push over 5,700 commits laced with credential-stealing payloads. These hits focused on GitHub Actions workflows, the automation scripts that handle everything from testing to deployment. Once in place, the malware quietly exfiltrated secrets like API keys, SSH credentials, cloud tokens, and source code details back to a command server. Some versions added a dormant backdoor that stayed hidden...

  Recent activity tied to the Iranian threat group known as Nimbus Manticore shows a clear evolution in how state-backed cyber campaigns are being conducted against Western and regional targets. Rather than relying exclusively on traditional phishing emails, operators linked to Iran’s Islamic Revolutionary Guard Corps are increasingly blending social engineering, fake software distribution, and manipulated search rankings to compromise organizations tied to aviation, telecommunications, software development, and energy infrastructure. Security researchers tracking the campaigns observed multiple delivery methods across recent operations, including fraudulent job recruitment messaging, spoofed video meeting invitations, and malicious software installers disguised as legitimate tools. One operation reportedly involved a fake Oracle SQL Developer download page designed to infect users who searched for common developer software through major search engines. The shift matters because ...

Dutch authorities delivered a sharp blow to Russian cyber infrastructure last week, seizing roughly 800 servers and arresting two men accused of providing critical hosting services that powered cyberattacks, influence operations, and disinformation efforts aimed at the European Union. The operation targeted co-owners of two related hosting firms that had taken control of infrastructure previously tied to Stark Industries Solutions, a provider the EU sanctioned in 2025 for its role as a launchpad for Russian intelligence activities. Investigators from the Netherlands' FIOD financial crimes agency moved in on May 18, detaining a 57-year-old man in Amsterdam and a 39-year-old in The Hague on charges of violating EU sanctions by supplying resources to banned entities. This takedown highlights a basic truth in the cyber domain: adversaries do not operate in a vacuum. They rely on willing or negligent service providers in the West who prioritize profit over security and national intere...

Anthropic revealed Friday that its new defensive initiative, Project Glasswing, has already uncovered more than 10,000 high and critical software vulnerabilities in just over a month. The effort is aimed at protecting the digital infrastructure that modern economies, governments, and critical industries increasingly rely on. At the center of the program is Claude Mythos Preview, an advanced AI model built specifically to identify weaknesses in widely used software before attackers can exploit them. Rather than releasing the capability publicly, Anthropic has limited access to a small group of trusted security partners focused on defending high-value systems and infrastructure. So far, the project has identified over 6,200 serious vulnerabilities across more than 1,000 open-source projects. Validation efforts confirmed 1,726 legitimate security flaws, including 1,094 rated high or critical severity. One example is CVE-2026-5194 affecting WolfSSL, a vulnerability with a severity score of...

  Law enforcement agencies delivered a solid blow to the cybercrime underground this week with the arrest of a Canadian man accused of running one of the more aggressive DDoS-for-hire operations in recent memory. Jacob Butler, operating under the handle "Dort," was taken into custody in Ottawa and now faces charges in both Canada and the United States for his alleged role in building and managing the Kimwolf botnet. According to details released by the Department of Justice, Butler is linked to a network that commandeered millions of Internet of Things devices worldwide. These compromised gadgets, ranging from routers to security cameras and other poorly secured connected hardware, formed a powerful swarm capable of launching devastating distributed denial-of-service assaults. Reports indicate the botnet issued thousands of attack commands before its command infrastructure was disrupted, with individual floods reaching staggering volumes up to 31.4 terabits per second. This...

The FBI recently wrapped up a major undercover operation targeting cryptocurrency market manipulation. Agents created a fully functional ERC-20 token called NexFundAI, complete with a professional-looking website, whitepaper, branding, and liquidity on Uniswap. It was designed to blend in seamlessly with other legitimate AI and DeFi projects. The goal was to attract professional market-making firms offering wash trading and artificial volume services. The operation succeeded. Investigators captured evidence of firms using bots to generate fake trading activity, coordinating price pumps with insiders, and dumping tokens on retail investors. One project they assisted reached a reported $7.5 billion market cap driven largely by fabricated volume. This has resulted in 18 individuals and companies charged the first criminal cases of their kind against crypto market-making firms for wash trading. Over $25 million in cryptocurrency has been seized, arrests were made in the United States, Unit...

Big GitHub security scare recently, and honestly it’s a good reminder that even the biggest tech companies aren’t immune to mistakes. Researchers found a serious flaw that could’ve potentially allowed attackers to access repositories with a single command. GitHub moved quickly and there’s no evidence it was abused, but it highlights something important: The gap between “vulnerability discovered” and “someone exploiting it” keeps getting smaller. And AI is accelerating that problem. Tools that help developers write code faster are also making it easier for attackers to automate phishing, discover vulnerabilities, and build more sophisticated attacks with far less effort than before. The bigger issue is this doesn’t just affect tech companies anymore. Most of us have: • banking info • personal photos • work accounts • smart home devices • entire digital lives …all connected to home networks that are usually running on default settings from years ago. So what does this mean for people who...