GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a po...
NSO
Unknown
auto-detected
AI Intelligence Brief cached
Edit Profile
Entity Relationships
Related YARA Rules View all on YARA Rules page →
90-Day Activity
Last 90 Days (162)
Last 90 Days
All Time
Police seize “First VPN” service used in ransomware, data theft attacks
A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcem...
Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator
Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users.
GitHub links repo breach to TanStack npm supply-chain attack
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in la...
WantToCry Ransomware Exploits SMB to Encrypt Remote Files
A new ransomware campaign named “WantToCry” that leverages exposed Server Message Block (SMB) services to gain access and encrypt victim data without deployi...
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poison...
Europe dismantles VPN service used by cybercriminals to hide ransomware attacks
The international operation targeted a service known as First VPN, which had been marketed for years on Russian-speaking cybercrime forums as a secure way fo...
WantToCry ransomware evades detection through SMB abuse, remote encryption
More than 1.5 million exposed SMB ports may be susceptible to brute force attacks.
Hackers bypass SonicWall VPN MFA due to incomplete patching
Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransom...
Terra Security expands platform to include network infrastructure exploitation validation
Terra's platform now allows security teams to validate vulnerabilities across web applications, AI systems, and network infrastructure from a single console.
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver mali...
Grafana GitHub Security Incident Reportedly Connected to TanStack npm Ransomware
Grafana Labs has disclosed a targeted GitHub security incident linked to the ongoing TanStack npm supply chain ransomware campaign, raising concerns about so...
Verizon DBIR 2026: Vulnerability exploits top initial access as patching coverage falls
The report also highlighted ransomware trends and the evolving role of AI in breaches.
FBI warns students and staff that ShinyHunters may come knocking after Canvas breach
Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar...
FBI warns students and staff that ShinyHunters may come knocking after Canvas breach
Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar...
Microsoft disrupts malware code-signing service used by ransomware gangs
Microsoft has disrupted the infrastructure powering the largest malware code-signing service used to help ransomware groups and other cybercriminals make mal...
Torq acquires Jit.io to enhance AI-driven security operations
Jit.io, founded in 2021, initially offered a security-as-code platform for developers, consolidating various application security and DevSecOps tools.
Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs
The company unsealed a legal case in U.S.
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software. The post Microsoft Disrup...
Microsoft disrupts cybercrime service that abused software verification systems en masse
Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security control...