The cyber threat landscape continues to intensify as sophisticated actors refine their tactics and expand their targets. In one notable campaign, the financially driven Operation Doppelbrand has set its sights on Fortune 500 companies, deploying credential-harvesting techniques and remote access trojans. At the same time, researchers investigating DigitStealer uncovered unique operator tradecraft that led to the identification of its C2infrastructure. Moreover, the Russia-aligned APT28 group has rolled out Operation MacroMaze, a focused effort against European government entities that leverages tailored malware and phishing campaigns. Keep reading for more.
01
The financially motivated Operation Doppelbrand campaign is targeting Fortune 500 enterprises using credential theft and remote access Trojans to maintain long-term network persistence.
02
Analysts tracking DigitStealer identified distinctive operator patterns that enabled the discovery of its command-and-control (C2) infrastructure, shedding light on its global malware operations.
03
A newly observed info-stealer strain has been found stealing sensitive authentication tokens and API keys from the OpenClaw password-less authentication platform for the first time.
04
The Russia-linked APT28 group has launched Operation MacroMaze, targeting multiple European government networks with bespoke malware and phishing lures to exfiltrate sensitive data.
05
FoxVeil, a newly discovered malware family, is capable of stealthy reconnaissance, credential theft, and lateral movement in compromised environments.
06
Threat actors are offering Carding-as-a-Service, leveraging stolen credit card data on fraud forums to automate financial fraud and cash-out operations.
07
Malicious actors are weaponizing QR codes to trick users into credential and session token theft by linking to phishing and malware delivery URLs.
08
Security analysis reveals a fork of the Triton/Trisis malware resurfacing in industrial control systems (ICS), inheriting dangerous safety-shutdown bypass capabilities to sabotage critical infrastructure.
09
A critical vulnerability CVE-2026-25903 in Apache NiFi allows authenticated users to bypass configured restrictions and potentially perform unauthorized actions.
10
A serious server-side request forgery (SSRF) bypass flaw was found in LangChain community packages, enabling attackers to perform unauthorized internal requests.
