The Scattered LAPSUS$ Hunters (SLH) are actively recruiting women for IT help desk vishing attacks, offering $500–$1,000 per call. Recruits are provided with pre-written scripts to enhance the success of these social engineering attacks.

APT37, a North Korean cyber espionage group, has launched a new campaign named "Ruby Jumper" targeting air-gapped networks. The campaign introduces five new tools: Restleaf, SnakeDropper, ThumbSBD, VirusTask, and FootWine.

Madison Square Garden (MSG) has reported a data breach that exposed names and Social Security numbers due to a zero-day vulnerability in Oracle’s E-Business Suite, managed by a third-party vendor.

Microsoft has identified a campaign involving trojanized gaming utilities, Xeno.exe and RobloxPlayerBeta.exe, which deploy a Remote Access Trojan (RAT). The RAT connects to a command and control (C2) server at IP address 79.110.49[.]15.

A significant security lapse by South Korea's National Tax Service led to the theft of $4.8 million in cryptocurrency. The incident underscores the critical importance of safeguarding mnemonic recovery phrases.

The data was collected by Darktrace from incidents across its global customer base and points to a year defined by automation, convergence and accelerating attacker speed.

ThreatLabz details the Ruby Jumper campaign in the following sections, focusing on the specific malware employed, the deployment methods, and how the final payload is delivered to achieve the ultimate objective.

Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on February 15, 2026.

APT28, a Russia-linked state-sponsored threat actor, has been attributed to a campaign targeting selected entities across Western and Central Europe, active from September 2025 through January 2026, according to S2 Grupo’s LAB52 team.

Atomic (AMOS) Stealer has evolved from being distributed via cracked software to a more sophisticated supply chain attack that manipulates AI agentic workflows on platforms like OpenClaw.