What Happened Threat actors turned Steam Workshop into a malware distribution platform. They uploaded malicious wallpapers to Wallpaper Engine — a popular desktop customization app with nearly a million Steam reviews — and tricked users into installing them. Kaspersky found dozens of these malicious wallpapers, each downloaded thousands or tens of thousands of times. The […]
Chinese state-sponsored actors spent over a year inside a North American medical research institution, stealing sensitive research data from compromised REDCap servers. The attack, attributed to a group tracked as UNC6508, demonstrates exactly why file-level security controls matter — and why organizations running research infrastructure on Windows need more than network perimeter defenses. What Happened: […]
The Attack: Old Vulnerability, New Campaigns At least two Russia-aligned threat groups — Shadow-Earth-066 and Earth Dahu (Gamaredon) — are actively exploiting CVE-2025-8088, a high-severity WinRAR path traversal vulnerability patched nearly a year ago in July 2025. According to Trend Micro research published this week, both groups are targeting Ukrainian military and government organizations with […]
On June 11, 2026, the University of Nottingham disclosed that the ShinyHunters cybercrime gang had stolen over 40GB of student records — affecting 454,600 current and former students. The stolen data included names, addresses, phone numbers, passport numbers, financial records, and academic information from Nottingham’s UK, Malaysia, and China campuses. The attackers exploited vulnerabilities in […]
A Ukrainian national pleaded guilty this week to conspiracy charges tied to the Conti ransomware operation — one of the most destructive cybercrime groups in recent history. Between 2021 and 2022, Conti targeted over 1,000 victims worldwide and collected more than $150 million in ransom payments. The defendant admitted to deploying Conti ransomware on victim […]
The Incidents HIPAA Journal reported cybersecurity incidents at three healthcare organizations: Medenet (a revenue cycle management company), United Medical Doctors, and Stewart Home & School. All three incidents involved unauthorized access to protected health information. The article doesn’t specify the exact attack vector, but the outcome is clear: someone or something accessed patient data files […]
The Gentlemen: 90% Affiliate Payouts, Aggressive Growth A ransomware group called The Gentlemen has rapidly become the second most active by victim count, according to recent research from Krebs on Security. Their strategy is simple and effective: offer affiliates 90 percent of any ransom paid by victims. That’s an aggressive commission structure designed to attract […]
What Happened On June 8, 2026, security researchers at Socket discovered that 19 packages on the Python Package Index (PyPI) had been compromised in a supply-chain attack. The affected packages — including popular bioinformatics tools like Dynamo, Spateo, CoolBox, and Napari-UFISH — had been downloaded hundreds of thousands of times by developers and data scientists. […]
The Attack: VPN Exploit to Ransomware Deployment A critical zero-day vulnerability in Check Point VPN has been under active exploitation since early May 2026, with Qilin ransomware affiliates blamed for at least one confirmed incident. The flaw allows remote code execution, giving attackers initial access to the network. This is the pattern we see constantly: […]
On June 4, 2026, dental benefits administrator DentaQuest confirmed a breach that exposed sensitive data from 2.6 million customer accounts. The extortion group ShinyHunters claimed responsibility, posting 234GB of stolen data publicly after DentaQuest allegedly failed to meet their ransom demands. The exposed data included email addresses, full names, phone numbers, government-issued IDs, health insurance […]