From control rooms to cloud inboxes, attackers are switching lanes fast. Russian-aligned hacktivists are targeting exposed HMIs in water utilities, with honeypot data revealing a shift in OT attacks toward easy-access disruption. At the same time, phishing has gone malware-free, as a slick campaign uses a seemingly legitimate PDF to redirect victims to a fake Dropbox login page. Adding a geopolitical edge, a new actor dubbed Punishing Owl has emerged, targeting networks tied to Russian security agencies. Continue reading for more.
01
Russian-aligned hacktivists are increasingly targeting operational technology, including exposed HMIs in water utilities, using opportunistic tactics revealed through honeypot observations, underscoring evolving OT threat motivations and techniques.
02
A sophisticated multi-stage phishing campaign abuses trusted cloud platforms by sending emails with a seemingly legitimate PDF that redirects victims to a fake Dropbox login page to harvest credentials without any malware payload.
03
The Ricochet Chollima APT group targeted North Korea-focused activists via spear-phishing emails containing malicious links disguised as legitimate files.
04
Russia-linked APT28 (aka Fancy Bear/UAC-0001) has launched “Operation Neusploit,” weaponizing the newly patched Microsoft Office zero-day vulnerability CVE-2026-21509 to deliver backdoors like MiniDoor and PixyNetLoader.
05
ESET researchers have provided a technical analysis and attribution update on the destructive DynoWiper malware, which exhibits advanced wiping capabilities and targeting patterns consistent with state-linked activity.
06
A new threat group dubbed “Punishing Owl” has emerged, targeting networks associated with Russian security agencies, indicating a potentially organized offensive capability in cyberspace.
07
A Russian hacker alliance has issued threats against Denmark, highlighting increasing geopolitical tension in cyberspace and the formalization of hostile hacking collectives with a national focus.
08
CTM360’s latest report warns of a global surge in fake high-yield investment scams used by fraudsters to deceive victims into transferring funds under the guise of fraudulent returns.
09
Certain Hikvision wireless access point products have a critical command execution vulnerability that could allow unauthenticated attackers to execute arbitrary commands on affected devices if exploited.
10
A critical vulnerability (CVE-2026-1453) in KiloView Encoder Series devices enables unauthenticated administrative access, with a CVSS v3 score of 9.8.
