GREYVIBE: Russian-Aligned Hackers Use ChatGPT and Google Gemini to Build Cyberweapons Targeting Ukraine
A newly tracked threat actor called GREYVIBE is using generative AI tools including ChatGPT and Google Gemini to develop malware, generate phishing lures, and attack Ukrainian government, military,...
Seedworm (MuddyWater) APT Abuses Signed Security Binaries in Global Espionage Campaign Across 9 Countries
Iran-linked Seedworm (MuddyWater) APT has been caught running a broad espionage campaign against at least 9 organizations across 9 countries in early 2026. The group hijacked legitimate, digitally...
Fox Tempest: Microsoft DCU Dismantles Malware-Signing-as-a-Service That Forged Trusted Certificates for Ransomware Groups
Microsoft's Digital Crimes Unit has disrupted Fox Tempest, a criminal malware-signing-as-a-service operation that abused Microsoft's Artifact Signing infrastructure to issue fraudulent code-signing certificates. Over 1,000 certificates have been...
TeamPCP Poisons Microsoft’s Official Python DurableTask SDK — Multi-Cloud Credential Worm Hits PyPI
The TeamPCP threat group has compromised three consecutive versions of Microsoft's official Python DurableTask SDK on PyPI, injecting a worm-like payload that steals multi-cloud credentials from AWS, Azure,...
Russian Hacker Builds Persistent Gemini Jailbreak to Power Influence Campaign, Credential Theft, and Crypto Wallet Draining
A Russian-speaking threat actor tracked as "bandcampro" has been exposed using a persistently jailbroken Google Gemini CLI to power a five-year operation combining AI-generated political disinformation, WordPress credential...
Hackers Exploit End-of-Life F5 BIG-IP as Enterprise Entry Point, Pivoting to Active Directory via Confluence RCE
Microsoft Defender researchers document a multi-stage intrusion where threat actors exploited an end-of-life F5 BIG-IP appliance to gain SSH access, then pivoted through an unpatched Confluence server to...
Ukrainian Intelligence Report: Russian APT Groups Intensify Cyber Operations — 5,927 Incidents, 37% Rise in 2025
A new intelligence report from Ukraine's National Security and Defense Council reveals Russian state-sponsored threat groups dramatically escalated cyber operations in 2025, with CERT-UA recording 5,927 incidents —...
Operation Saffron: International Authorities Dismantle ‘First VPN’ Criminal Network Linked to Global Ransomware Attacks
A coordinated international law enforcement operation led by France, the Netherlands, Europol, and Eurojust has dismantled First VPN — a criminal VPN service explicitly marketed to cybercriminals and...