Miasma Worm Cripples GitHub Repos; Cisco Zero-Day Under Active Attack; Snowflake Breach Exposes 165 Customers

TCLBANKER: Sophisticated Brazilian Banking Trojan Spreads Like a Worm to Target 59 Financial Platforms

A new, highly advanced Brazilian banking trojan named TCLBANKER is targeting 59 different banking, fintech, and cryptocurrency platforms. The malware, an evolution of the 'Maverick' family linked to the threat actor 'Water Saci,' uses a worm component to spread via victims' WhatsApp and Outlook contacts. The attack chain begins with a malicious MSI installer that abuses a legitimate Logitech program via DLL side-loading. TCLBANKER employs robust anti-analysis features, including a watchdog subsystem to evade security tools, and will only execute its final payload on systems configured for Brazilian Portuguese.

TCLBANKERbanking trojanBrazilWater SaciDLL side-loading +3 more

New TCLBANKER Trojan Spreads via WhatsApp and Outlook, Targeting 59 Brazilian Financial Apps

Snowflake Cloud Platform Breach Hits 165 Customers, Including Ticketmaster and Santander

CRITICAL

Massive Snowflake Data Breach Impacts 165 Organizations After Attackers Bypass MFA with Stolen Credentials

A major security incident has struck cloud data platform Snowflake, affecting at least 165 of its customers. Attackers leveraged stolen customer credentials to gain access to their Snowflake instances, in some cases bypassing multi-factor authentication. High-profile victims include Ticketmaster and Santander Bank, with massive amounts of customer data reportedly exfiltrated. The incident highlights the persistent threat of credential-based attacks against cloud environments and raises questions about the effectiveness of current MFA implementations.

Snowflakedata breachcloud securityTicketmasterSantander +2 more

Snowflake Cloud Platform Breach Hits 165 Customers, Including Ticketmaster and Santander

Global Compliance Reshaped as NIS2, SEC Disclosure Rules, and AI Laws Come into Force

INFORMATIONAL

New Wave of Cybersecurity Regulations including EU's NIS2 and US SEC Rules Redefine Corporate Compliance

A significant wave of new cybersecurity regulations has come into force globally, fundamentally altering the compliance landscape for businesses. Key among them are the European Union's NIS2 Directive, which expands security mandates for critical infrastructure, and the U.S. SEC's new rules requiring public companies to disclose material cyber incidents within four days. Additionally, the EU's Cyber Resilience Act and emerging state-level AI legislation in the U.S. are creating a complex web of new obligations, forcing organizations to overhaul their risk management and incident response strategies.

regulationcomplianceNIS2SECCyber Resilience Act +2 more

5 min read

Global Compliance Reshaped as NIS2, SEC Disclosure Rules, and AI Laws Come into Force

Mobile Banking Malware Surges 360% as Sophisticated Trojans Target 1,243 Financial Brands

Mobile Banking Under Siege: Malware Attacks Surge 3.6-Fold, Featuring 'Blackout' Modes to Hijack Sessions

The financial sector is facing an unprecedented wave of mobile threats, with a 3.6-fold (360%) increase in users encountering mobile banking trojans in 2026. These industrialized campaigns are targeting 1,243 financial brands in 90 countries. Advanced malware families like TsarBot, CopyBara, and Hook are using overlay attacks and intercepting 2FA codes. Newer variants such as Sturnus and Crocodilus introduce 'blackout' modes, allowing them to perform fraudulent transactions while the device's screen is off, making the attacks nearly invisible to the victim in real-time.

mobile bankingmalwaretrojanAndroidblackout mode +3 more

Mobile Banking Malware Surges 360% as Sophisticated Trojans Target 1,243 Financial Brands

230 Million AWS Endpoints Compromised in Attack Exploiting Exposed .env Files

CRITICAL

Massive AWS Attack Compromises 230 Million Cloud Endpoints by Exploiting Exposed .env Files for Credential Theft

A massive, automated cyberattack has compromised over 230 million unique cloud endpoints hosted on Amazon Web Services (AWS). Threat actors systematically scanned the internet for publicly exposed environment (`.env`) files, which contain sensitive credentials like database passwords and API keys. Upon finding a file, the attackers used the stolen credentials to access AWS accounts, escalate privileges by creating new IAM roles, and deploy malicious Lambda functions to perpetuate the attack. The campaign culminated in widespread data exfiltration to attacker-controlled S3 buckets, followed by ransom demands.

AWScloud security.env filedata breachcredential theft +3 more

230 Million AWS Endpoints Compromised in Attack Exploiting Exposed .env Files

29 Arrested as 'Operation KRATOS 2' Dismantles Nine Illegal Streaming Networks Across Europe

INFORMATIONAL

Coordinated European Law Enforcement Action 'Operation KRATOS 2' Busts Illegal Streaming Rings, 29 Arrested

A coordinated law enforcement action spanning 13 European countries, dubbed 'Operation KRATOS 2,' has successfully dismantled nine criminal networks specializing in illegal online streaming. The operation resulted in 29 arrests and the shutdown of services that provided illicit access to copyrighted movies, TV shows, and live sports. This action highlights the increasing effectiveness of cross-border collaboration in combating digital piracy and other forms of cybercrime.

Operation KRATOS 2digital piracyillegal streaminglaw enforcementtakedown +1 more

4 min read

29 Arrested as 'Operation KRATOS 2' Dismantles Nine Illegal Streaming Networks Across Europe

Updated Articles (4)

Email Under Siege: AI, QR Codes, and Phishing-as-a-Service Fuel Surge in Attacks

Barracuda Report: One in Three Emails is Malicious as Attackers Leverage AI, QR Codes, and Phishing-as-a-Service

A new Egress report indicates a 28% increase in phishing attacks and a 52% rise in malicious emails bypassing secure email gateways in Q2 2026. Attackers are leveraging AI for deepfakes, chatbots, and 'payloadless' social engineering, with Microsoft being the most impersonated brand. The threat has expanded significantly beyond email to include SMS (smishing), QR codes (quishing), and collaboration platforms like Microsoft Teams, demanding a more comprehensive, multi-layered defense strategy. New MITRE techniques like T1598.001 (vishing) and T1598.003 (service phishing) are now relevant.

May 12, 2026

PhishingEmail SecurityBarracudaArtificial IntelligenceQR Code +2 more

6 min read

Email Under Siege: AI, QR Codes, and Phishing-as-a-Service Fuel Surge in Attacks

Ransomware Market Consolidates in Q1 2026; Qilin Remains Top Threat as LockBit 5.0 Rebounds

Check Point Research: Qilin Dominates Ransomware Landscape in Q1 2026, Top 10 Groups Claim 71% of Victims

Following the successful takedown of the LockBit ransomware operation, the market is experiencing significant turmoil and a 'whack-a-mole' effect. Law enforcement disruptions have created a power vacuum, leading to the rapid emergence of new groups such as RansomHub, 8Base, and Akira. These new players are actively recruiting experienced affiliates from defunct operations, ensuring the continued high threat level. Attackers are diversifying initial access methods beyond traditional phishing, and new hunting hints like 'vssadmin delete shadows' and 'AdFind.exe' are critical for early detection.

May 12, 2026

RansomwareQilinLockBitThe GentlemenCheck Point Research +2 more

5 min read

Ransomware Market Consolidates in Q1 2026; Qilin Remains Top Threat as LockBit 5.0 Rebounds

Cisco Catalyst SD-WAN Zero-Day Flaw Actively Exploited for Root Access

Cisco Warns of Actively Exploited Zero-Day (CVE-2026-20245) in Catalyst SD-WAN Manager

New reports from June 7, 2026, reinforce the critical nature of CVE-2026-20245, a high-severity zero-day in Cisco Catalyst SD-WAN Manager. The vulnerability continues to be actively exploited in the wild, allowing an authenticated local attacker to achieve root privileges. Critically, Cisco has not yet released any security patch or official workaround, leaving organizations exposed. The advisory reiterates the broad impact across all deployment models and highlights the ongoing threat posed by this seventh SD-WAN zero-day in 2026. Mitigation efforts remain focused on strictly limiting access and enhanced monitoring.

June 6, 2026

CVE-2026-20245CiscoSD-WANZero-DayVulnerability +2 more

4 min read

Cisco Catalyst SD-WAN Zero-Day Flaw Actively Exploited for Root Access

China-Aligned APT Webworm Targets Europe, Using Discord and MS Graph for C2

Webworm APT Expands Cyber-Espionage to Europe, Leveraging Discord and Microsoft Graph for Covert C2 Communications

The China-aligned APT group Webworm, previously noted for using Discord and Microsoft Graph API for C2, has now been observed widely deploying the open-source SoftEther VPN client. This new tactic allows them to establish persistent, encrypted command-and-control channels from compromised networks, making their traffic even more difficult to distinguish from legitimate VPN usage and enhancing their evasion capabilities. This development was highlighted in a recent ESET APT Activity Report.

May 24, 2026