VECT 2.0 Ransomware Unmasked as Destructive Wiper, CISA Warns of Actively Exploited Windows Flaw

VECT 2.0 Ransomware Unmasked as Accidental Wiper, Irreversibly Destroys Files Over 128KB

Security researchers at Check Point have uncovered a critical design flaw in the VECT 2.0 ransomware that causes it to permanently destroy files larger than 128 KB instead of encrypting them. This bug, present in the Windows, Linux, and ESXi variants, discards essential decryption keys (nonces) during the encryption process for larger files. Consequently, victims who pay the ransom have no hope of recovering significant enterprise data like databases, virtual machine disks, or backups, as the data required for decryption is lost forever. The ransomware, marketed as a triple-threat operation, is associated with the TeamPCP group and the BreachForums marketplace but has been assessed as technically unsophisticated.

RansomwareWiperVECTCheck PointData Destruction +3 more

VECT 2.0 Ransomware Flaw Means Paying the Ransom is Pointless—Large Files are Wiped Forever

ShinyHunters Ransomware Spree: Carnival, Zara's Parent, and 40+ Firms Breached in Massive Campaign

ShinyHunters Group Implicated in Widespread Ransomware Attacks on Over 40 Global Organizations

The ShinyHunters ransomware group has claimed responsibility for a large-scale attack campaign that has compromised more than 40 organizations worldwide. The victims, listed on the group's data leak site, span the retail, insurance, and hospitality sectors. High-profile targets include Carnival Corporation, which confirmed a breach affecting 8.7 million records from its Holland America Line subsidiary, as well as Mytheresa, Pitney Bowes, and Inditex, the parent company of Zara. The attackers are using double-extortion tactics, threatening to publicly release stolen personally identifiable information (PII) and corporate data unless ransoms are paid. The campaign, with victim listings dating back to January 2026, poses a significant threat of follow-on phishing attacks.

ShinyHuntersRansomwareData BreachCarnival CorporationInditex +3 more

4 min read

ShinyHunters Ransomware Spree: Carnival, Zara's Parent, and 40+ Firms Breached in Massive Campaign

Europol Warns of AI-Powered 'Industrialized Cybercrime' in IOCTA 2026 Report

INFORMATIONAL

Europol IOCTA 2026 Report: AI Fueling Industrialization of Cybercrime, Ransomware Shifts to Data Theft

Europol's 2026 Internet Organised Crime Threat Assessment (IOCTA) highlights a major shift towards the 'industrialization' of cybercrime, significantly accelerated by the use of Artificial Intelligence. The report states that AI is being used to increase the scale, speed, and efficiency of attacks. Ransomware remains the dominant threat in the EU, but with a strategic shift from data encryption to data theft and extortion. The IOCTA also notes a blurring of lines between financially motivated cybercriminals and state-sponsored hybrid actors, who increasingly use criminal networks as proxies for disruptive operations. Europol calls for greater collaboration to combat this new era of technologically advanced cybercrime.

EuropolIOCTAAICybercrimeRansomware +3 more

Europol Warns of AI-Powered 'Industrialized Cybercrime' in IOCTA 2026 Report

MITRE Warns of New Cyber Risks in AI and Cloud-Connected Medical Devices

INFORMATIONAL

MITRE Report Highlights Evolving Cybersecurity Risks for AI- and Cloud-Enabled Medical Devices

A new discussion paper from MITRE warns that the rapid integration of emerging technologies like AI, cloud computing, and post-quantum cryptography into medical devices is creating new and complex cybersecurity risks that could directly impact patient safety. The report, "Cybersecurity Risk Analysis for Medical Devices in the Era of Evolving Technologies," stresses that traditional security controls are insufficient. It highlights that as devices move from clinical settings to patient homes, risk management becomes a shared responsibility across manufacturers, healthcare providers, and patients. MITRE calls for cybersecurity to be a core design principle, not an afterthought, for this increasingly interconnected and diverse ecosystem.

MITREMedical DevicesIoMTHealthcareAI +3 more

MITRE Warns of New Cyber Risks in AI and Cloud-Connected Medical Devices

Ransomware Turf War: 0APT and KryBit Groups Hack Each Other in Public Feud, Leaking Ops Data

LOW

Ransomware Groups 0APT and KryBit Engage in Public Feud, Leaking Each Other's Data

A rare public conflict has erupted between two rival ransomware groups, 0APT and KryBit. The feud, which played out between March 28 and April 12, 2026, involved both groups hacking each other and leaking sensitive operational data. 0APT initiated the spat by leaking KryBit's admin panel. KryBit retaliated by hacking 0APT, defacing their leak site, and dumping their entire operational dataset. The leak revealed that 0APT had fabricated over 190 victim listings and was running its infrastructure on an Android phone. Security experts believe the mutual doxing will likely force both amateurish groups to rebuild and rebrand.

Ransomware0APTKryBitThreat ActorInfighting +2 more

4 min read

Ransomware Turf War: 0APT and KryBit Groups Hack Each Other in Public Feud, Leaking Ops Data

China-Based Silver Fox APT Expands Espionage Campaign Across Asia with Fake Tax Audits

Silver Fox APT Group Expands Operations, Targeting Asian Businesses with Fake Tax Audit Lures

The China-based threat group Silver Fox has launched a new wave of attacks targeting businesses and individuals across Asia. The group, which has been active since at least 2022, uses fake tax audit notifications and counterfeit software update alerts to deliver malware. According to analysis by S2W, Silver Fox has evolved from financially motivated attacks within China to a dual-purpose operation involving both espionage and profit-driven campaigns. The group's focus has expanded from Taiwan and Japan to include targets in Malaysia, Indonesia, Singapore, Thailand, and the Philippines, with a recent focus on medical institutions and financial companies.

Silver FoxAPTChinaEspionagePhishing +3 more

China-Based Silver Fox APT Expands Espionage Campaign Across Asia with Fake Tax Audits

Entertainment Industry Failing on Security Basics, MPA Report Reveals Widespread Risks

INFORMATIONAL

MPA's TPN STAR Report Finds Systemic Security Failures in Entertainment Supply Chain

The Motion Picture Association's (MPA) Trusted Partner Network (TPN) has released its first TPN STAR Report, revealing systemic security vulnerabilities across the global entertainment supply chain. The report finds that while most organizations have security policies, inconsistent execution of basic technical controls, such as MFA and timely patching, is creating easily exploitable risks. TPN issued more security alerts in Q1 2026 than in all of 2025, driven by a surge in credential-based attacks and misconfigurations. The report calls for urgent action to strengthen identity protections and vulnerability management, especially within the complex web of third-party vendors used in modern productions.

MPATPNEntertainment IndustrySupply Chain AttackMFA +2 more

Entertainment Industry Failing on Security Basics, MPA Report Reveals Widespread Risks

Updated Articles (5)

GlassWorm Campaign Evolves, Uses Zig-Based Dropper to Infect All Developer IDEs

New GlassWorm Dropper Written in Zig Targets Developer Workstations via Malicious VSX Extension

The GlassWorm campaign has launched a new wave involving 73 malicious 'sleeper' extensions on the Open VSX marketplace. Unlike previous iterations, these extensions initially appear benign, remaining dormant to evade detection. They are now engineered as thin loaders with the capability to fetch and execute secondary malicious payloads at a later date. This tactical shift makes the malware more evasive and resilient, as the primary malicious logic is not present upon initial installation, posing a severe threat to developers and the software supply chain. This evolution makes detection harder and allows attackers to change payloads dynamically.

April 11, 2026

GlassWormMalwareZigIDESupply Chain Attack +2 more

GlassWorm Campaign Evolves, Uses Zig-Based Dropper to Infect All Developer IDEs

Rituals Cosmetics Data Breach Exposes Personal Info of 'My Rituals' Members

Luxury Cosmetics Brand Rituals Confirms Data Breach Affecting 'My Rituals' Loyalty Program Members

Rituals Cosmetics has updated the estimated number of affected customers to up to 41 million, an increase from the previously reported 'over 40 million'. The newly disclosed compromised data now includes customers' preferred store locations, in addition to names, addresses, phone numbers, email, DOB, and gender. This expanded scope further heightens the risk of identity theft and targeted phishing campaigns for a larger number of individuals across the UK, Europe, and the U.S.

April 23, 2026

Data BreachPIIRetailGDPRPhishing +1 more

4 min read

Rituals Cosmetics Data Breach Exposes Personal Info of 'My Rituals' Members

Germany Accuses Russia of Orchestrating Large-Scale Signal Phishing Attack on Politicians

Germany Officially Attributes Phishing Campaign Targeting Politicians' Signal Accounts to Russia

The sophisticated Signal phishing campaign, initially reported to target German politicians, has now been observed impacting military personnel and journalists, with similar attacks reported in the UK and Netherlands. The attack method involves tricking users into scanning a malicious QR code or entering a PIN, abusing Signal's 'Link New Device' feature to gain account access. In response to these widespread account takeover attempts, Signal has announced plans to implement additional security measures to better protect users.

April 26, 2026

GermanyRussiaPhishingSignalEspionage +2 more

Germany Accuses Russia of Orchestrating Large-Scale Signal Phishing Attack on Politicians

Microsoft Confirms Windows Shell Flaw (CVE-2026-32202) Is Actively Exploited

CRITICAL

Microsoft Confirms Active Exploitation of Windows Shell Flaw CVE-2026-32202

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch the flaw. This update clarifies the vulnerability as an authentication coercion and privilege escalation issue, not just spoofing. Crucially, new information details a 'zero-click' attack vector where malicious LNK files can trigger NTLM hash theft without user interaction, for example, via File Explorer's preview pane. This significantly increases the attack's stealth and potential impact, leading to credential theft, privilege escalation, and lateral movement. New hunting hints include outbound SMB traffic and specific log events, with mitigation advice to block outbound SMB and consider disabling NTLM.

April 28, 2026

CVE-2026-32202MicrosoftWindows ShellVulnerabilityZero-Day +3 more

Microsoft Confirms Windows Shell Flaw (CVE-2026-32202) Is Actively Exploited

Open Source Under Siege: Axios, Trivy, and LiteLLM Hit by Supply Chain Attacks

Wave of Supply Chain Attacks Compromises Critical Open-Source Developer Tools

Software security firm Checkmarx has confirmed data exfiltration, including source code, API keys, and employee details, following a sophisticated supply chain attack by TeamPCP. The Lapsus$ group has claimed responsibility for leaking the stolen data. This incident originated from credentials compromised in the earlier Trivy supply chain attack, which led to the poisoning of Checkmarx's KICS open-source project. Attackers demonstrated persistence, deploying a second wave of malicious code on April 22, 2026, and also compromising the command-line interface of the Bitwarden password manager. This significantly escalates the impact and scope of the ongoing campaign.

April 10, 2026