CIRCLE WITH A DOT

New ransom group blog post!Group name: nightspirePost title: Florida Therapy ServicesInfo: https://cti.fyi/groups/nightspire.html#ransomware #cti #threatintelligence #cybersecurity #infosec

State of (in)security - Week 13, 2026During the week of March 23–30, 2026, cybersecurity incidents surged to 32 (up from 14 the prior week), impacting over 14.6 million individuals, with malware/ransomware as the leading cause (11 incidents) and healthcare and government as the most targeted sectors. The week also saw 16 vulnerability advisories, including critical zero-days in F5 BIG-IP and Telegram alongside supply chain attacks and breaches affecting organizations from the European Commission to major healthcare providers.**Treat AI browser extensions as extremely dangerous high-privilege agents. If you use the Claude Chrome Extension, make sure it's updated to version 1.0.41 or higher immediately! Older versions allow attackers to silently hijack your browser session and access your email, documents, and chat history without any clicks. Review what permissions the extension has and stay alert for suspicious sites that may have exploited this before the patch.**#cybersecurity #infosec #knowledge #weeklyreporthttps://beyondmachines.net/event_details/state-of-in-security-week-13-2026-r-f-h-6-5/gD2P6Ple2L

Possible Phishing on: ️hxxp[:]//wetransfer[.]appwrite[.]network/ 🧬 Analysis at: https://urldna.io/scan/69ca9e103b77500005dd0817#cybersecurity #phishing #infosec #urldna #scam #infosec

Possible Phishing on: ️hxxps[:]//abvmybulgeria0[.]weebly[.]com 🧬 Analysis at: https://urldna.io/scan/69ca49d03b775000083476ee#cybersecurity #phishing #infosec #urldna #scam #infosec

New ransom group blog post!Group name: payloadPost title: NKAR Travels & ToursInfo: https://cti.fyi/groups/payload.html#ransomware #cti #threatintelligence #cybersecurity #infosec

New ransom group blog post!Group name: akiraPost title: Motleys Asset Disposition GroupInfo: https://cti.fyi/groups/akira.html#ransomware #cti #threatintelligence #cybersecurity #infosec

New ransom group blog post!Group name: akiraPost title: Office Peeps, Nappie 's Food Service, Janome America, IT-Supporten, A-1 Pools.Info: https://cti.fyi/groups/akira.html#ransomware #cti #threatintelligence #cybersecurity #infosec

Światowy Dzień Backupu – dlaczego warto zadbać o bezpieczeństwo swoich kopii zapasowych? Według opublikowanego w 2025 przez IBM Security badania „Cost of a Data Breach Report”, jeszcze 20 lat temu aż 45% wycieków danych wynikało z utraty urządzeń takich jak laptopy czy pendrive’y. Obecnie skala tego zjawiska... https://linuxiarze.pl/swiatowy-dzien-backupu/ #cybersecurity #encrypt #kingston #backup

Possible Phishing on: ️hxxps[:]//r33c[.]weebly[.]com 🧬 Analysis at: https://urldna.io/scan/69ca57ce3b77500006e1517d#cybersecurity #phishing #infosec #urldna #scam #infosec

Anthropic accidentally leaked details of Claude Mythos, its most powerful model, through a misconfigured CMS toggle. New Capybara tier above Opus. Cybersecurity stocks dropped 5-9% in a single session.The 10 trillion parameter claims circulating everywhere? Not in the verified reporting. Fortune broke the story. Anthropic confirmed it. Everything else is speculation.Full breakdown: https://solomonneas.dev/blog/claude-mythos-anthropic-leak#Cybersecurity #AI #Anthropic #InfoSec

Possible Phishing on: ️hxxp[:]//amazon-clone-only-frontend[.]vercel[.]app 🧬 Analysis at: https://urldna.io/scan/69ca35613b7750000834743a#cybersecurity #phishing #infosec #urldna #scam #infosec

Join Jim Manico in Vienna for a 3-day AppSec & AI Security training!Hands-on, fully customizable, YOU choose the topics, we deliver the depth.Level up fast with real-world skills https://owaspglobalappseceuvienna20.sched.com/event/2E71S#AppSec #AISecurity #CyberSecurity #DevSecOps

(synthient.com) ProxyBox: The Continued Evolution of the Socks5Systemz Residential Proxy BotnetSocks5Systemz/ProxyBox botnet resurfaces post-sinkholing with 32K–35K daily active IPs, rebranded under ProxyBox. Threat actors exploit it for carding, credential stuffing, and identity theft via compromised consumer devices.In brief - ProxyBox, the evolved Socks5Systemz botnet, leverages cracked software distribution (PPI) to infect devices, posing enterprise risks. Mitigation includes blocking relay IPs, restricting proxy protocols, and monitoring for its distinct User-Agent.Technically - The malware employs a multi-stage loader: a 32-bit initial loader (~2.5MB) self-overwrites with a second stage (~500KB), unpacking an RC4-encrypted DLL (key: 'Of hi_few5i6ab&7#d3') from resources. The final payload (~600KB) uses junk code and control-flow obfuscation. C2 communication cycles through HTTPS/HTTP with a hardcoded User-Agent ('Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)') and 5-second timeouts. Persistence via Windows service or 'bmanager' Run key.Source: https://synthient.com/blog/proxybox-socks5systemz-lives-on#Cybersecurity #ThreatIntel

"The human cost of cybersecurity and what we should do about it""Is your organization part of the problem? 84% of cyber professionals fear losing their job after a breach."https://www.techradar.com/pro/the-human-cost-of-cybersecurity-and-what-we-should-do-about-it#Cybersecurity

Possible Phishing on: ️hxxps[:]//pcdosilva01-spec[.]github[.]io/instagramn/login[.]html 🧬 Analysis at: https://urldna.io/scan/69ca191d3b775000083470f5#cybersecurity #phishing #infosec #urldna #scam #infosec

Just Announced for BSides Luxembourg 2026!𝗔𝗗𝗩𝗔𝗡𝗖𝗘𝗗 𝗧𝗛𝗥𝗘𝗔𝗧 𝗛𝗨𝗡𝗧𝗜𝗡𝗚: 𝗦𝗧𝗔𝗬𝗜𝗡𝗚 𝗢𝗡𝗘 𝗦𝗧𝗘𝗣 𝗔𝗛𝗘𝗔𝗗 𝗢𝗙 𝗔𝗗𝗩𝗘𝗥𝗦𝗔𝗥𝗬 - Alex HoldenCyber defenders must go beyond reactive security as attackers constantly evolve their tactics. This session dives into real-world attack techniques used by threat actors, including the exploitation of stolen credentials, session tokens, and authentication flaws to bypass security controls. It highlights how attackers manipulate verification systems and leverage logic gaps to infiltrate infrastructure and supply chains—and shows how defenders can use this knowledge to strengthen threat hunting and stay ahead of adversariesAlex Holden https://www.linkedin.com/in/aaholden is the founder and CISO of Hold Security, LLC, a recognized leader in threat intelligence, who studies cybercriminal behavior to help organizations build stronger defenses against evolving cyber threats. Conference Dates: 6–8 May 2026 | 09:00–18:00 14, Porte de France, Esch-sur-Alzette, Luxembourg️ Tickets: https://2026.bsides.lu/tickets/ Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/#BSidesLuxembourg #CyberSecurity #ThreatHunting #InfoSec #CyberDefense #SecurityAwareness

Possible Phishing on: ️hxxps[:]//app[.]qpointsurvey[.]com/s/vjmotsuhuve7al3c 🧬 Analysis at: https://urldna.io/scan/69ca2d8a3b775000045c0acc#cybersecurity #phishing #infosec #urldna #scam #infosec

(proofpoint.com) Tax-Themed Email Campaigns Surge: RMM Payloads, New Threat Actors, and Credential Phishing Targeting Multiple CountriesTax-themed campaigns surge in 2026, delivering RMM payloads, credential phishing, and malware via IRS/tax agency impersonation. Newly profiled TA4922 (Winos4.0/ValleyRAT) and TA2730 (W-8BEN phishing) expand the threat landscape targeting Japan, Canada, Australia, and Switzerland.In brief - Cybercriminals exploit tax season with over 100 campaigns delivering RMM tools, credential phishing, and malware. TA4922 and TA2730 emerge as significant threats, leveraging IRS impersonation and W-2/W-8BEN lures for financial fraud and data theft.Technically - Campaigns abuse N-Able, Datto, Zoho Assist, and other RMM tools via Bitbucket-hosted executables (e.g., SHA256: 844202972ff19afa760447fc87963de0fbbc0ebc69d50164f03ecf5d4e67952f). TA4922 deploys info-stealers (SHA256: d338a7f85737cac1a7b4b5a1cca94e33d0aa8260548667c6733225d4c20cb848) with C2 at 121[.]127[.]232[.]253:8443, overlapping with Silver Fox/Void Arachne. TA2730 uses phishing domains (e.g., bksgcefzqyb[.]com) for credential harvesting via W-8BEN lures. BEC actors request bulk W-2 data for downstream fraud.Source: https://www.proofpoint.com/us/blog/threat-insight/security-brief-tax-scams-aim-steal-funds-taxpayers#Cybersecurity #ThreatIntel

(ctrlaltintel.com) UPMI ULTIMATE: Inside an AI-Developed Adversary-in-the-Middle Phishing-as-a-Service PlatformNew PhaaS platform UPMI ULTIMATE, developed by Team Unlimited, leverages AI-assisted code to deliver full AiTM phishing chains with MFA bypass via Evilginx. Platform uses collective intelligence to refine evasion across all operator instances.In brief - A commercially licensed Phishing-as-a-Service (PhaaS) platform, UPMI ULTIMATE, combines AI-developed code with Evilginx reverse-proxy to execute end-to-end adversary-in-the-middle (AiTM) phishing attacks. The platform aggregates telemetry from all licensed operators to improve evasion, lowering the barrier for sophisticated phishing campaigns. Six live deployments identified, with hardcoded credentials and IOCs recovered.Technically - UPMI ULTIMATE is a Node.js-based PhaaS (16.3K LOC) supporting direct MX (Port 25), Office 365 SMTP relay, and Microsoft Graph API delivery. Features include AES-256-GCM encrypted modules, passive DNS risk scoring (osint-recon.js), forged Exchange headers (X-MS-Exchange-Organization-SCL: -1), and scanner IP evasion (Microsoft EOP, Google, Proofpoint). Evilginx phishlets target Microsoft 365, cPanel, and Roundcube. License server at 104.131.106[.]42:9999 enforces hardware-bound licensing with Telegram kill switch. IOCs include 11 IPs, 14 domains, and 2 Telegram bot usernames.Source: http://ctrlaltintel.com/research/AiTM-Phishing/#Cybersecurity #ThreatIntel

Illumifin Data Breach Exposes Social Security Numbers of Insurance PolicyholdersIllumifin Corp. disclosed a data breach after an unauthorized actor accessed its network in November 2025, exfiltrating files containing Social Security numbers and insurance data belonging to policyholders of over 100 carriers.****#cybersecurity #infosec #incident #databreachhttps://beyondmachines.net/event_details/illumifin-data-breach-exposes-social-security-numbers-of-insurance-policyholders-r-g-8-8-g/gD2P6Ple2L