space
If your organization consumes satellite data, runs VSATs (very small aperture terminals), or depends on vendors who do—you’re in scope. Since 2020, attackers have shifted from “space” to the easier target: ground networks and cloud storage.
russia
Russia-linked actors leaned hard on OAuth device codes and RDP phishing from Oct 2024–Aug 2025. Providers pushed back in concert. Here’s what changed, what to watch in your logs, and the quickest moves that buy real risk reduction.
ecrime
Three financially motivated clusters—UNC3944 (“Scattered Spider”), UNC6040, and UNC6395—are driving a surge in SaaS and cloud data theft via social engineering, OAuth abuse, and supply-chain attacks. Their evolving TTPs and anti-forensics are raising the stakes for defenders..
shamos
Shamos, a new Atomic macOS Stealer (AMOS) variant attributed to COOKIE SPIDER, is targeting U.S. tech and education sectors via malvertising and fake support sites.
supply-chain
Your code assistant invents a “helpful” package; an attacker registers it; your pipeline installs it. As of Aug 27, 2025, this is moving from edge case to repeatable tactic. Here’s how to spot it fast and force your builds to fail-closed.
ta-natalstatus
If Redis is open to the internet, assume compromise. This actor gains root with native Redis tricks, plants miners, and hides using “rootkit-style” evasion. Here’s how to spot it fast and close the hole for good.
ransomware
Hybrid attacks are hitting navigation and port systems harder than ever — from ransomware to GPS spoofing — threatening safety, operations, and global trade.
ransomware
Three converging trends—ransomware, volatile regulations, and global instability—are reshaping risk for US tech, finance, and education. The common thread? Disruption spreads faster than most organizations can detect or respond.
heartcrypt
In the last 90 days, HeartCrypt-packed ransomware has evaded initial SOC detection in up to 40% of targeted incidents. Attackers no longer waste time building stealth — they rent it. HeartCrypt’s PaaS delivers EDR-kill tools, sandbox evasion, and polymorphic payloads at industrial scale.
romcom
Russian-linked RomCom is abusing a critical WinRAR bug to quietly persist in networks, move laterally, and siphon data over encrypted channels — hitting government, finance, and telecom sectors hard. Patch lag is keeping doors wide open.
storm-2603
Storm-2603 is a China-based threat actor, first identified in 2025, leveraging a hybrid operational model that combines espionage tactics with financially motivated ransomware deployment. The group is distinct from, but shares some infrastructure and tooling with, other Chinese APTs such as...
ransomware
Akira ransomware, first observed in March 2023, is attributed to a financially motivated cybercrime group composed of former Conti affiliates. The group operates a ransomware-as-a-service (RaaS) model, reusing code and infrastructure from Conti, and has been responsible for...
