Key TakeawaysConfirmed token compromise: Grafana officially disclosed that an unauthorized party accessed its GitHub environment.Codebase extortion attempt: The unnamed threat actors successfully downloaded the company's…

Manny Ataebi – Cerby Manny Ataebi has been appointed as Chief Marketing Officer at identity security company Cerby after spending the last three years in…

The week’s incidents show cybercrime becoming faster and quieter, with supply chain attacks targeting developer ecosystems because compromising one package can spread malware to thousands…

Key TakeawaysCanada Bill C-22 surveillance law: Windscribe may exit Canada if forced to log user metadata for compliance.Industry reaction: Signal and Windscribe oppose bill, citing…

Key TakeawaysUtah age verification VPN liability law: Websites held responsible when users bypass age checks using VPN location masking.Enforcement difficulty: VPN detection remains unreliable, as…

Key TakeawaysAndroid 16 VPN vulnerability: Researchers claim apps can bypass VPN tunnels and expose users’ real IP addresses.Google response: Google reportedly marked the Android 16…

Key TakeawaysIndictment returned: A federal grand jury charged two Pakistani men and one Indian man in relation to dark web narcotics trafficking.Dark web operations: Defendants…

Key TakeawaysTargeted Phishing Attack: Russian hackers targeted over 13,500 Signal users in an extensive espionage operation.Automated Compromise System: The ApocalypseZ infrastructure facilitated bulk account hijacking…

Key TakeawaysTargeted sectors: Operations focused on South Korean entities, alongside defense targets in Brazil and Germany.Malware variants: Threat actors deployed HelloDoor, httpMalice, MemLoad, httpTroy, AppleSeed,…

Key TakeawaysNew campaign: ESET researchers have identified Ghostwriter conducting targeted operations against Ukrainian governmental entities.Malicious payload delivery: Threat actors deployed PicassoLoader and a Cobalt Strike…

Key TakeawaysData security: OpenAI states that there is no evidence that user data or intellectual property was accessed.Impacted devices: Two corporate employee devices were affected…

Key TakeawaysGlobal scope: Iran-linked APT MuddyWater hit almost 10 organizations across four continents in Q1 2026, among which is an unnamed electronics maker.DLL sideloading: The…

Key TakeawaysUnverified breach claims: TeamPCP alleges the successful extraction and sale of Mistral AI and Mistral Solutions corporate data.Data volume reported: The threat actor claims…

Key TakeawaysIran internet blackout women: collapse of online livelihoods across Iran: Internet shutdowns cripple women-led businesses, eliminating income from online platforms and informal digital work…

Key TakeawaysVPN ban Russia: impossible enforcement admission: Valery Fadeev says full VPN blocking technically unachievable nationwide and critical infrastructure operations, according officialsVPN reliance raises risk…

Key TakeawaysDream Market laundering: Owe Martin Andresen faces federal money laundering charges for cryptocurrency-based financial crimes connected to Dream Market.Asset conversion methodology: The defendant allegedly…

Key TakeawaysUtah age verification law: Aylo sued Utah, claiming expanded VPN-based restrictions violate constitutional commerce protections.VPN enforcement concerns: Utah law considers VPN users inside state,…

Key TakeawaysDigital Forensics Fellowship: Surfshark supports Amnesty International in training activists worldwide to combat spyware threats through education.Global Surveillance Risks: Amnesty reports increasing digital monitoring…

Key TakeawaysCritical flaws patched: Security updates address vulnerabilities allowing remote code execution on unpatched Fortinet systems.Systems at risk: The vulnerabilities impact specific versions of FortiAuthenticator…

Key TakeawaysRansom paid: Instructure compensated the ShinyHunters cybercriminal group following the Canvas data theft.Data compromised: Hackers claimed to steal records from 9,000 customers, threatening a…