Police seize “First VPN” service used in ransomware, data theft attacks
… The VPN service was advertised on various cybercrime forums as a privacy-focused VPN that does not log user data and ignores law enforcement requests for user information. …
Search
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
… Despite an international law enforcement operation disrupting the Tycoon2FA phishing platform in March, the malicious operation was rebuilt on new infrastructure and quickly returned to regular activity levels. …
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
Ukraine identifies infostealer operator tied to 28,000 stolen accounts By Bill Toulas May 20, 2026 05:36 PM The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users… …
New PCPJack worm steals credentials, cleans TeamPCP infections
… Among the targeted services are Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. …
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
… The behavior resembles the CanisterWorm campaign that TeamPCP deployed in March and targeted Kubernetes platforms. …
Trellix source code breach claimed by RansomHouse hackers
… "We have also notified law enforcement. …
Hackers bypass SonicWall VPN MFA due to incomplete patching
… Last year, the Akira ransomware gang targeted SonicWall SSL VPN devices and logged in despite MFA being enabled on accounts, but the method was not confirmed. …
US charges Google security engineer with Polymarket insider trading
… "As alleged, Spagnuolo violated the duties he owed to his employer and used Google's confidential business information to make more than $1.2 million in trading profits on Polymarket." "Employees who are entrusted with confidential business information cannot misappropriate that information for per… …
Critical Windows Netlogon RCE flaw now exploited in attacks
… Microsoft patched this vulnerability CVE-2026-41089 during the May 2026 Patch Tuesday , describing it as a stack-based buffer overflow in Windows Netlogon that allows attackers without privileges to gain remote code execution on targeted domain controllers. …
Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
…Servers remain high value targets because they often run with elevated privileges, host shared services, and provide the foundation for a wide variety of business infrastructure. Threat actors understand that compromising a…