Two Americans were sentenced for their roles in BlackCat ransomware attacks targeting U.S. victims. The case highlights the growing threat of ransomware-as-a-service, cyber extortion, data theft, and the need for stronger incident response, vulnerability management, and penetration testing.

The AccountDumpling phishing campaign abused Google AppSheet, Netlify, Vercel, Google Drive, Canva, and Telegram to compromise about 30,000 Facebook accounts. This analysis explains how attackers used authenticated Google-sent phishing emails, fake Meta warnings, cloud-hosted landing pages, Telegram exfiltration, and real-time operator panels to steal credentials, 2FA codes, identity documents, and business account data.

Email bombing attacks are being combined with fake Microsoft Teams IT support calls to trick employees into granting remote access through Quick Assist, AnyDesk, and similar tools. This analysis explains how the attack works, why it bypasses traditional controls, what risks organizations face, and how penetration testing, incident response, Microsoft Teams hardening, remote access restrictions, and employee verification procedures can reduce exposure.

pnpm 11 enables minimum release age by default, delaying installation of newly published packages for 24 hours to reduce exposure to fast-moving npm supply chain attacks. This analysis explains how the feature works, why dependency cooldowns matter, what risks organizations face, and how penetration testing, incident response, CI/CD hardening, lockfile review, and package manager controls can strengthen software supply chain security.

SHADOW-EARTH-053 is exploiting known Microsoft Exchange and IIS vulnerabilities, including the ProxyLogon chain, to target government, defense, technology, and critical infrastructure organizations. This analysis explains how the China-aligned campaign uses GODZILLA web shells, ShadowPad malware, DLL sideloading, credential tools, WMIC, and proxy utilities, and what organizations should do to improve detection, incident response, penetration testing, and Exchange Server protection.

CloudZ RAT is abusing Microsoft Phone Link through a custom Pheno plugin to potentially steal synced SMS messages, mobile notifications, credentials, and one-time passwords from compromised Windows PCs. This analysis explains how the malware works, why Phone Link synchronization can weaken MFA, what risks organizations face, and how penetration testing, incident response, endpoint monitoring, phishing-resistant MFA, and Phone Link policy controls can reduce exposure.

PCPJack is a cloud-focused credential stealer that exploits five CVEs to compromise exposed infrastructure, steal secrets, and spread across Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. This analysis explains how the malware works, why cloud credentials are high-value targets, what risks organizations face, and how penetration testing, vulnerability assessment, incident response, cloud hardening, credential rotation, and monitoring can reduce exposure.

Fake OpenClaw installers are being used to spread Vidar infostealer and GhostSocks proxy malware through malicious GitHub repositories promoted by AI search results. This analysis explains how the campaign works, why GitHub and AI search trust can be abused, what risks organizations face, and how penetration testing, vulnerability assessment, incident response, developer security controls, and stronger software verification can reduce exposure

A data breach at GFN.am, an authorized NVIDIA GeForce NOW regional partner in Armenia, exposed user information while NVIDIA’s own operated services were reportedly not impacted. This analysis explains what data may have been exposed, why third-party cloud service breaches matter, how attackers may abuse personal information for phishing, and what organizations should do to strengthen vendor security, incident response, penetration testing, and cloud service protection.

Fake DeepSeek TUI GitHub repositories are being used to deliver Rust-based malware through spoofed AI tool releases. This analysis explains how attackers abused GitHub trust, AI tool popularity, anti-sandbox checks, Windows Defender tampering, second-stage payloads, and persistence mechanisms, and what organizations should do to improve detection, incident response, penetration testing, developer security, and software verification.

TeamPCP compromised the Checkmarx Jenkins AST plugin, exposing Jenkins and CI/CD environments to potential credential theft and supply chain risk. This analysis explains how trusted security plugins can become attacker-controlled delivery paths, why Jenkins environments hold high-value secrets, what risks organizations face, and how penetration testing, vulnerability assessment, incident response, credential rotation, plugin governance, and CI/CD hardening can reduce exposure.

Foxconn confirmed a cyberattack affecting some North American factories, while the Nitrogen ransomware group claimed it stole about 8 TB of data connected to major technology customers. This analysis explains the supply chain risk, ransomware impact, operational disruption concerns, data theft uncertainty, and what organizations should do to improve vulnerability assessment, penetration testing, incident response, manufacturing security, and supplier cyber resilience.