Threat actors stories

ShinyHunters claims it hacked merchant data firm Woflow, raising supply chain fears for major brands despite no confirmed breach yet.

New Coruna exploit kit shows outdated iOS devices face automated, scalable attacks that can turn compromised phones into corporate gateways.

Global ransomware attacks jump 50% to 7,874 in 2025, with industrial firms bearing the brunt as criminal groups reshuffle their tactics.

Cybersecurity's future hinges on clear storytelling - and more women's voices - to turn technical risks into business-critical narratives.

European authorities and tech firms have disrupted Tycoon 2FA, a major phishing service used to bypass MFA and hijack cloud accounts.

Acronis finds SMBs patch Microsoft flaws in about eight days, but the slowest endpoints stay exposed to known bugs for over five weeks.

Microsoft's new Cyber Pulse briefing warns ungoverned AI agents and 'double agents' pose rising security and compliance risks for firms.

HP reports a surge in AI-powered “flat-pack” cyberattacks as criminals trade sophistication for speed, low cost and mass customisation.

F5 Labs launches monthly AI security leaderboards, ranking popular models on new indices of risk, resilience and cost under live attack.

Ransomware cases dipped 17% in January, but NCC warns the threat remains high as Qilin targets critical sectors and tactics evolve.

ShinyHunters shifts to subdomain-brand phishing and vishing on mobiles, bypassing domain checks to hijack SSO logins and SaaS sessions.

AI-fuelled hackers can now spread across corporate networks in as little as four minutes, outpacing human defenders by hours.

Global cyber attacks hit 2,090 a week in January as ransomware surges and risky GenAI use exposes fresh data-leak and intrusion paths.

Hijacked Google Ads accounts are serving bogus installers that trick Mac users into running MacSync stealer via fake Evernote guides.

CISOs slow-roll agentic AI in defence, even as they brace for more advanced, AI-boosted attacks and rising personal liability risks.

As facial analytics quietly spread through public spaces, Canadians face urgent questions over privacy, consent and digital surveillance.

PromptSpy Android malware taps Google's Gemini AI to navigate screens, lock itself in recent apps and thwart users' attempts to remove it.

EY urges tech leaders to pursue AI-fuelled deals, agentic systems and sovereignty-by-design as 2026 competition and security pressures grow.

Cyber attacks on industrial systems in 2025 shifted from quiet spying to coordinated operations aiming to disrupt critical infrastructure.

Data-only extortion soars 11-fold as attackers 'log in instead of break in', abusing remote access tools for faster, stealthier raids.