Ingram Micro Breach Exposes 42k; UK Warns of Pro-Russia DDoS; New Ransomware Threats Emerge

Ingram Micro Confirms July 2025 Ransomware Attack Compromised Personal Data of 42,521 Individuals

Global IT distributor Ingram Micro has officially notified 42,521 individuals that their personal and sensitive information, including Social Security numbers, was stolen during a ransomware attack in July 2025. The incident, attributed to the Safepay ransomware group, compromised employment and job applicant records. After Ingram Micro reportedly refused to pay the ransom, the threat actors published the stolen 3.5 terabytes of data on their dark web leak site.

ransomwaredata breachPIISocial Security Numbersupply chain +1 more

Ingram Micro Breach Exposes Data of 42,000 After Safepay Ransomware Attack

CEOs Optimistic, CISOs Wary: Survey Reveals Deep Divide on AI's Cybersecurity Impact

INFORMATIONAL

AXIS Capital Survey Shows CEOs and CISOs Have Diverging Views on AI's Cybersecurity Risks and Benefits

A new survey by specialty insurer AXIS Capital, released on January 20, 2026, reveals a significant perception gap between CEOs and CISOs regarding the role of artificial intelligence in cybersecurity. While CEOs are largely optimistic about AI's productivity and security benefits, CISOs are more acutely aware of the new risks it introduces, including data leakage, model manipulation, and sophisticated AI-driven attacks. This disconnect could lead to misaligned security strategies and underinvestment in critical risk areas.

AIArtificial IntelligenceCISOCEOcybersecurity leadership +2 more

4 min read

CEOs Optimistic, CISOs Wary: Survey Reveals Deep Divide on AI's Cybersecurity Impact

North Korean 'Konni' APT Weaponizes Google Ads to Deliver EndRAT Malware

Operation Poseidon: North Korean APT Konni Abuses Google Advertising URLs for Malware Delivery

The North Korean state-sponsored threat group Konni is conducting a sophisticated spear-phishing campaign dubbed "Operation Poseidon." The advanced persistent threat (APT) actor is weaponizing Google advertising URLs to make malicious links appear legitimate, thereby bypassing security filters and tricking users. The campaign's ultimate goal is to deliver the 'EndRAT' malware, a remote access trojan, onto victim systems.

APTNorth KoreaKonniEndRATGoogle Ads +2 more

North Korean 'Konni' APT Weaponizes Google Ads to Deliver EndRAT Malware

Stealthy 'PDFSIDER' Backdoor Uses DLL Side-Loading to Bypass EDR and AV

New 'PDFSIDER' Backdoor Leverages DLL Side-Loading with Legitimate PDF App to Achieve Stealth and Evade Detection

Security researchers at Resecurity have uncovered a new stealthy backdoor, dubbed 'PDFSIDER,' that uses a DLL side-loading technique to evade EDR and antivirus solutions. The malware masquerades as a legitimate PDF application to load a malicious DLL, establishing an encrypted command-and-control channel for long-term, covert access. The backdoor is already being actively used by ransomware groups, including the notorious Qilin gang, for payload delivery.

backdoorDLL side-loadingEDR evasionQilinPDFSIDER +1 more

6 min read

Stealthy 'PDFSIDER' Backdoor Uses DLL Side-Loading to Bypass EDR and AV

South Korean Giant Kyowon Group Hit by Ransomware, 9.6 Million Accounts at Risk

CRITICAL

South Korean Conglomerate Kyowon Group Confirms Major Ransomware Attack and Data Exfiltration

The South Korean conglomerate Kyowon Group has confirmed it suffered a significant ransomware attack that disrupted operations and resulted in data exfiltration. The attack, detected on January 10, 2026, compromised approximately 600 of the company's 800 servers. South Korean authorities estimate that up to 9.6 million user accounts (representing 5.5 million unique individuals) may have been affected, as attackers reportedly exploited an open external port to gain initial access.

ransomwaredata breachSouth KoreaKyowoncyberattack

South Korean Giant Kyowon Group Hit by Ransomware, 9.6 Million Accounts at Risk

Fake Ad Blocker Crashes Chrome, Tricks Users into Installing 'ModeloRAT' Malware

'CrashFix' Campaign Uses Malicious Chrome Extension to Crash Browsers and Socially Engineer Malware Installation

A novel malware campaign dubbed "CrashFix" is using a malicious Google Chrome extension that impersonates the 'uBlock Origin Lite' ad blocker to intentionally crash victims' browsers. The attack, attributed to a group called 'KongTuke,' then uses social engineering, presenting a fake crash report that tricks users into running a PowerShell command to "fix" the issue. This command ultimately downloads and installs 'ModeloRAT,' a previously undocumented Python-based remote access trojan.

malwareChrome extensionsocial engineeringModeloRATKongTuke +1 more

6 min read

Fake Ad Blocker Crashes Chrome, Tricks Users into Installing 'ModeloRAT' Malware

GTMaritime Launches 'GT Identify' to Tackle Maritime Cybersecurity and Compliance

INFORMATIONAL

GTMaritime Launches 'GT Identify' to Bolster Maritime Cybersecurity Compliance with IMO and IACS Regulations

Maritime technology firm GTMaritime has launched GT Identify, a new cybersecurity system designed to help ship operators comply with increasingly stringent regulations. Announced on January 20, 2026, the system provides fleet-wide hardware and software asset inventory, vulnerability reporting, and aligns with the NIST Cybersecurity Framework. The launch addresses the growing need for robust cyber risk management to meet IMO and IACS E26/E27 requirements.

maritimeshippingcybersecuritycomplianceIMO +3 more

3 min read

GTMaritime Launches 'GT Identify' to Tackle Maritime Cybersecurity and Compliance

Threat Landscape Converges as Attackers Target ICS and AI Systems

Hacktivists and Cybercriminals Expand Attacks on ICS and AI Systems, Cyble Research Finds

New research from Cyble highlights a dangerous convergence of threats, as both hacktivists and financially motivated cybercriminals are increasingly targeting Industrial Control Systems (ICS), Operational Technology (OT), and enterprise AI systems. The report, published January 20, 2026, notes that attackers are exploiting exposed HMI and SCADA systems while also leveraging AI to create polymorphic malware and more effective social engineering lures.

threat intelligenceICSOTSCADAAI security +2 more

Threat Landscape Converges as Attackers Target ICS and AI Systems

'DragonForce' Emerges as New Ransomware Cartel Built on LockBit and Conti DNA

New Ransomware Cartel 'DragonForce' Emerges, Leveraging LockBit and Conti Code on 'Ransombay' RaaS Platform

A new Ransomware-as-a-Service (RaaS) operation named DragonForce has emerged, positioning itself as a "ransomware cartel." The group is reportedly building its operations on the leaked source code of the notorious LockBit 3.0 and Conti ransomware variants. Operating a RaaS platform called 'Ransombay,' DragonForce's strategy includes absorbing smaller rival operations, signaling a trend towards consolidation in the cybercrime ecosystem.