Megalodon Supply Chain Attack Hits 5,500+ GitHub Repos; Critical Drupal Flaw Under Mass Exploit

Legal Tech Platform DocketWise Suffers Major Data Breach Affecting 143,000 Individuals via Partner Repo

DocketWise, an immigration and legal case management platform, has disclosed a significant data breach impacting over 143,000 individuals. The incident was traced back to a threat actor using valid credentials to clone repositories belonging to a third-party partner. These repositories contained a data migration pipeline for DocketWise, exposing a vast trove of sensitive data, including Social Security numbers, passport details, financial information, and private medical records.

DocketWiseData BreachPIIPHISupply Chain +1 more

5 min read

DocketWise Data Breach Exposes Sensitive Personal, Financial, and Medical Data of 143,000 People

Lazarus Group Unleashes 'RemotePE' Memory-Only RAT in Attacks on Financial and Crypto Firms

North Korea's Lazarus Group Uses New 'RemotePE' Malware to Evade Detection in Financial Sector Attacks

The North Korean state-sponsored threat actor, Lazarus Group, is deploying a sophisticated new memory-only Remote Access Trojan (RAT) named 'RemotePE'. Delivered via a multi-stage infection chain that begins with social engineering, the malware targets financial and cryptocurrency firms, executing entirely in memory to evade filesystem-based security tools and analysis.

Lazarus GroupRemotePEFileless MalwareMemory-only RATCryptocurrency +2 more

5 min read

Lazarus Group Unleashes 'RemotePE' Memory-Only RAT in Attacks on Financial and Crypto Firms

NIST Drafts New Guidance for Ransomware Response and Recovery in Manufacturing Sector

INFORMATIONAL

NIST Publishes Draft SP 1800-41 to Bolster Ransomware Resilience in Manufacturing OT Networks

The U.S. National Institute of Standards and Technology (NIST) has released a draft special publication, SP 1800-41, aimed at improving ransomware response and operational recovery for the manufacturing sector. The guidance provides a framework for securing operational technology (OT) environments, which are uniquely vulnerable to the disruptions caused by ransomware attacks.

NISTSP 1800-41RansomwareManufacturingOT +2 more

NIST Drafts New Guidance for Ransomware Response and Recovery in Manufacturing Sector

Taiwan Government Agencies Reported 726 Cybersecurity Incidents in Past Year

MEDIUM

Taiwan's Administration for Cybersecurity Details 2025 Incident Landscape, Highlighting Intrusion and Supply Chain Threats

Taiwan's Administration for Cybersecurity has released its annual report, detailing 726 cybersecurity incidents affecting government agencies over the past year. Unauthorized intrusion was the most common incident type, accounting for nearly 70% of cases. The report also identified several major threats facing the government, including supply chain risks from backdoored hardware, 'bring-your-own-driver' attacks to disable security software, and vulnerabilities in remote access tools and network edge devices.

TaiwanGovernmentIncident ReportSupply ChainBYOD +1 more

Taiwan Government Agencies Reported 726 Cybersecurity Incidents in Past Year

DragonForce Ransomware Claims Attack on HELIX INTERNATIONAL, Threatens Data Leak

Ransomware Group DragonForce Targets U.S. MSP HELIX INTERNATIONAL in Extortion Attack

The ransomware group DragonForce has claimed responsibility for a cyberattack on HELIX INTERNATIONAL, a U.S.-based software and managed services provider. The group has posted a notice on its dark web leak site, threatening to publish a 'full leak' of sensitive data allegedly exfiltrated from the company unless a representative enters into negotiations, following a typical double extortion tactic.

DragonForceRansomwareHELIX INTERNATIONALMSPDouble Extortion +1 more

DragonForce Ransomware Claims Attack on HELIX INTERNATIONAL, Threatens Data Leak

Nightspire Ransomware Group Claims Attack on Italian Firm Pat**** S.r.l

New Ransomware Victim: Nightspire Group Adds Pat**** S.r.l to its Leak Site

The ransomware group Nightspire has claimed responsibility for a cyberattack against Pat**** S.r.l, an Italian company. While details are limited, the group has added the firm to its dark web leak site and implied that data has been exfiltrated, threatening to make it public if their demands are not met, following the common double extortion model.

NightspireRansomwareDouble ExtortionData Leak

Nightspire Ransomware Group Claims Attack on Italian Firm Pat**** S.r.l

Updated Articles (5)

‘Megalodon’ Campaign Hits 5,500+ GitHub Repos in Automated CI/CD Supply Chain Attack

CRITICAL

Automated 'Megalodon' Attack Compromises Over 5,500 GitHub Repos by Injecting Malicious CI/CD Workflows

New analysis explicitly attributes the 'Megalodon' supply chain attack to the threat actor TeamPCP. Beyond financial gain, the campaign is now understood to have a geopolitical dimension, with evidence of destructive wiper malware deployed against targets in Iran and Israel. Attackers utilized throwaway GitHub accounts like 'build-bot' and 'ci-bot' to obscure their actions. The update also provides more detailed 'Cyber Observables - Hunting Hints' and expanded detection and mitigation strategies for CI/CD compromises, emphasizing the need for robust log analysis and commit monitoring.

May 24, 2026

MegalodonSupply Chain AttackGitHubCI/CDInfostealer +2 more

6 min read

‘Megalodon’ Campaign Hits 5,500+ GitHub Repos in Automated CI/CD Supply Chain Attack

Anthropic's 'Mythos' AI Model Triggers Global Cybersecurity Overhaul

INFORMATIONAL

Unreleased 'Claude Mythos' AI, Capable of Finding Zero-Days, Forces Strategic Pivot in Cyber Defense

Anthropic's Project Glasswing has reported significant progress, identifying over 10,000 high and critical severity vulnerabilities within its first month. The initiative, leveraging a specialized 'Claude Mythos preview' AI model, collaborates with major tech companies including Amazon Web Services, Apple, Cisco, Google, and Microsoft. This demonstrates the AI's capability to autonomously find and report flaws at an unprecedented scale, aiming to proactively secure the software ecosystem. The AI performs variant analysis, logical flaw detection, and exploit generation for validation, moving beyond traditional static analysis tools.

April 27, 2026

AIArtificial IntelligenceAnthropicClaude MythosZero-Day +3 more

Anthropic's 'Mythos' AI Model Triggers Global Cybersecurity Overhaul

Europol IOCTA Report: AI, Encryption, and Data Theft are Fueling an Industrialized Cybercrime Wave

INFORMATIONAL

Europol's 2026 IOCTA Report Highlights Industrialized Cybercrime Driven by AI and Data Extortion

International law enforcement, supported by Europol, has successfully dismantled 'First VPN', a bulletproof VPN service widely used by ransomware actors and fraudsters. The operation, led by French and Dutch authorities, resulted in the seizure of 33 servers and the shutdown of its domains (1vpns.com, .net, .org). This action directly counters the industrialization of cybercrime and the abuse of legitimate technologies for malicious ends, as highlighted in the recent IOCTA report. The takedown provides valuable intelligence, advancing 21 other investigations, and significantly disrupts the cybercrime-as-a-service ecosystem, making it harder for criminals to operate anonymously.

April 30, 2026

EuropolIOCTACybercrimeAIRansomware +1 more

Europol IOCTA Report: AI, Encryption, and Data Theft are Fueling an Industrialized Cybercrime Wave

Ransomware Evolves in 2026: Attackers Adopt Post-Quantum Crypto and Encryptionless Extortion

Kaspersky Report: Ransomware Landscape Shifts to Post-Quantum Encryption, Data Leak Extortion, and EDR Evasion

New reports confirm a strategic shift among ransomware groups towards 'pure extortion,' focusing solely on data theft and public leaks. This pivot is driven by a significant drop in ransom payment rates, from 76% in 2019 to just 28% today, as organizations improve backup and recovery capabilities. This evolution makes detection harder, as the focus shifts from noisy encryption to stealthier data exfiltration, and the damage from stolen data is permanent, unlike recoverable encrypted systems. Incident response now emphasizes damage control and managing public fallout.

May 12, 2026

RansomwareKasperskyPost-Quantum CryptographyPQCEncryptionless Extortion +3 more

6 min read

Ransomware Evolves in 2026: Attackers Adopt Post-Quantum Crypto and Encryptionless Extortion

Critical Unauthenticated SQLi Flaw in Drupal Core Hits PostgreSQL Sites

CRITICAL

Critical SQL Injection Vulnerability (CVE-2026-9082) Disclosed in Drupal Core for PostgreSQL

The critical SQL injection vulnerability, CVE-2026-9082, in Drupal Core affecting PostgreSQL sites is now under active mass exploitation, just 48 hours after its patch release. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, confirming widespread attacks and mandating immediate patching for federal agencies. This development significantly escalates the threat, as attackers are actively scanning for and compromising vulnerable systems at scale. Organizations are urged to apply patches without delay and check for signs of compromise.

May 23, 2026