Latest Internet & Cybersecurity News
Ex-L3Harris Executive Sentenced to Over 7 Years for Selling Zero-Day Exploits to Russia
Peter Williams, 39, pleaded guilty to stealing and selling eight zero-day exploits from L3Harris's Trenchant unit to a Russian broker for millions. The exploits were meant for U.S. government and allies' restricted use. Sentencing occurred in U.S. District Court in Washington, D.C.
CISA Issues Emergency Directive for Cisco SD-WAN Vulnerabilities
Federal agencies must update Cisco Catalyst SD-WAN Manager and Controller devices by February 27 due to active exploitation by threat actors. CISA describes it as an imminent threat to federal networks. The directive was issued on February 24.
Chinese Government Hackers Breach 50+ Telecoms and Agencies in 42 Countries
Hackers used API calls to SaaS apps as C2 infrastructure to mask malicious traffic as benign. Google Threat Intelligence and Mandiant reported the campaign exploiting cloud platforms. Broadcom noted a related unsuccessful attack on a U.S. healthcare organization.
Medusa Ransomware Group Claims Over 366 Attacks
Broadcom's threat intelligence identified Medusa, a RaaS operation by Spearwing since 2023, targeting various sectors. The group has mounted numerous attacks globally. Details emerged in recent threat reports.
US Indictment: Tech Workers Exfiltrate Trade Secrets to Iran
Defendants employed at Google and other firms stole processor security, cryptography documents, sending them to unauthorized locations including Iran. Indictment filed February 18 and unsealed recently. US Attorney’s Office announced the case.
Diesel Vortex: Russian Group Targets Freight Logistics Credentials
Russian cybercrime group with Armenian ties stole 1,600+ credentials from U.S. and EU logistics platforms like DAT Truckstop over five months. They used Telegram for coordination. Infrastructure details recovered from logs.
North Korean DPRK Continues Crypto Exploits, Bybit One Year On
Elliptic reports persistent DPRK targeting of crypto assets, including the Bybit exploit 12 months later. New malware variants like CHAR, GhostFetch discovered. DPRK threat to crypto remains active.
MuddyWater-Linked Campaign Deploys AI-Assisted Malware
Four new malware variants: Rust backdoor CHAR, downloaders GhostFetch and HTTP_VIP, advanced GhostBackDoor. Indicators of AI-assisted development; Telegram bot C2. Links to operations since October 2025.
UH Cancer Center Ransomware Breach Exposes 1.15M Social Security Numbers
Hackers accessed files from Multiethnic Cohort Study using old driver’s license and voter data with SSNs. Affected up to 1.15M people in Hawaiʻi and California. UH enhanced networks, access controls, and monitoring post-breach.
Resurge Malware Exploits Critical Ivanti CVE-2025-0282 Vulnerability
Resurge enables unauthenticated RCE via stack-based buffer overflow (CVSS 9.0) in Ivanti Connect Secure gateways. Uses covert TLS authentication to hide operator traffic. CISA alerted in March 2025; active exploitation observed.
Misconfigured Server Exposes Stolen Firewall Configs and LLM-Integrated Attack Plans
Early February 2026 exposure of 1,000+ files including stolen configs, AD maps, credentials, and LLM-pipeline for intrusions. Targets span multiple continents. Highlights risks of misconfigurations in attack infrastructure.
Marquis Ransomware Hits Firm Due to SonicWall Firewall Backup Flaw
Marquis sues SonicWall alleging security failings in firewall backups led to ransomware attack. Case underscores vendor liability in breaches. Reported in recent cybersecurity summaries.