Google Disrupts Global Chinese Spy Campaign; Lazarus Group Adopts Medusa Ransomware; Massive Data Breaches Rock Corporations

Google & Mandiant Dismantle Global Chinese Spy Network Using Novel "GRIDTIDE" Backdoor

On February 25, 2026, Google and Mandiant revealed they had disrupted a massive, multi-year cyber espionage campaign attributed to UNC2814, a suspected China-nexus threat actor. The operation compromised at least 53 organizations in 42 countries, primarily in...

North Korea's Lazarus Group Adopts Medusa Ransomware, Targeting Healthcare

In a notable strategic shift, North Korea's state-sponsored Lazarus Group has been observed deploying Medusa ransomware in its financially motivated campaigns. Security researchers reported on February 24, 2026, that the prolific APT group used the ransomware-...

ShinyHunters Leaks 12.4 Million CarGurus Records After Failed Extortion

The extortion group ShinyHunters has leaked a massive 6.1GB database containing 12.4 million user records allegedly stolen from the automotive marketplace CarGurus. The data, which includes full names, emails, phone numbers, and highly sensitive auto finance p...

Wynn Resorts Confirms ShinyHunters Stole Data of 800,000 Employees, May Have Paid Ransom

Wynn Resorts confirmed on February 24, 2026, that it was the victim of a data breach by the ShinyHunters extortion group, resulting in the theft of sensitive data for approximately 800,000 employees. The stolen information includes Social Security numbers, nam...

Medical Device Maker UFP Technologies Hit by Ransomware, Data Stolen and Destroyed

UFP Technologies, a U.S.-based manufacturer of medical devices, disclosed in a February 24 SEC filing that it suffered a ransomware attack on February 14, 2026. The company's CFO described it as a 'classic ransomware attack' where data was both stolen and dest...

CISA Orders Patching for Two Actively Exploited Cisco SD-WAN Flaws

On February 25, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities affecting Cisco Catalyst SD-WAN products to its Known Exploited Vulnerabilities (KEV) catalog, signaling they are under active attack. The flaws ar...

CISA Warns of Actively Exploited RCE Flaw in Soliton FileZen Appliance

On February 24, 2026, CISA added a critical OS command injection vulnerability in the FileZen file transfer appliance to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, CVE-2026-25108, affects products from the Japanese firm Soliton Systems K.K. a...

Predator Spyware Defeats iPhone Privacy Indicators for Covert Recording

Research published on February 24, 2026, has revealed a sophisticated and stealthy capability of the Predator spyware, sold by commercial surveillance vendor Intellexa. The spyware can secretly record audio and video on a compromised iPhone by programmatically...

LockBit Attackers Exploit Apache ActiveMQ Flaw, Return After Eviction

A threat intelligence report from February 25, 2026, details a persistent LockBit ransomware attack where threat actors demonstrated significant determination. The attackers initially gained access by exploiting CVE-2023-46604, a known RCE vulnerability in Apa...

SOCs Pivot to Autonomous Defense to Counter Machine-Speed AI Attacks

A February 24, 2026 analysis argues that the modern Security Operations Center (SOC) is at a tipping point, forced to pivot towards autonomous, AI-driven defense strategies. This shift is a direct response to the crisis of scale created by adversaries who are...

Conduent Data Breach Victim Count Skyrockets to 25 Million, Triggering Texas AG Investigation

Update:The Safepay ransomware group has claimed responsibility for the Conduent data breach, confirming a double-extortion model. In addition to names, SSNs, and medical information, physical addresses were also explicitly stolen. The new report provides a deeper tec...