Threat actors stories

Team Cymru unveils Total Insights Feeds, a single-stream threat intelligence framework blending internet-wide scoring, context and automated risk tagging.

GuidePoint says ransomware attacks stayed elevated in Q1 as The Gentlemen surged, construction became a top target and extortion-only tactics spread.

ReliaQuest says suspected former Black Basta operators are bombarding staff with emails and posing as IT support in Microsoft Teams to reach senior executives.

Proofpoint says mailbox rule abuse is becoming a routine Microsoft 365 takeover tactic, helping attackers hide alerts, hijack threads and drive fraud.

Synack launches AI-driven assessment to expose overlooked attack surface gaps as offensive tools speed up vulnerability discovery.

Booking.com tells some customers to watch for phishing after suspicious activity exposed reservation details, contact data and messages linked to bookings.

AI-driven bots and machine accounts are exposing long-running identity security gaps across Australian and New Zealand organisations, experts warn.

Researchers link Android banking trojan to Cambodia scam compound, exposing a malware-for-hire network impersonating banks and agencies across 21 countries.

TCCA urges industry to align on international standards as 4G and 5G broadband systems expand the cyber risk for mission critical communications.

China-linked TA416 returns to spying on European diplomats and later expands attacks to Middle Eastern government targets after Iran conflict.

Experts warn firms must improve visibility and backup resilience as automated ransomware campaigns and hidden SaaS and AI assets widen exposure.

DTEX warns North Korean operatives are using false identities to secure Australian tech jobs, with some applicants aided by AI and deepfakes.

Akamai says attack volumes in Europe, the Middle East and Africa climbed 36% year on year as APIs and automated DDoS campaigns fuel a sharp surge.

Cybersecurity experts say many firms are still relying on fragmented backup tools and untested recovery plans as ransomware attacks and cloud complexity surge.

Gcore warns DDoS attacks hit 1.3 million in late 2025 as brief, high-volume floods and longer app assaults expose more sectors to risk.

Qilin keeps top spot as ransomware incidents drop 8% in February, while CL0P and The Gentlemen post sharp gains and new AI risks emerge.

AI-fuelled cyber attacks are spreading faster worldwide, CrowdStrike warns, as breakout times plummet and criminals weaponise mainstream tools.

HPE Threat Labs warns cybercrime now runs like big business, as AI-fuelled, industrial-scale attacks hammer government and finance.

Cybercriminals exploit Keitaro ad tracker to cloak AI trading scams and malware, tying some 15,500 malicious domains into a hidden network.

Keitaro ad tracker abused in 15,500 scam and malware domains, as fraudsters cloak AI-themed investment lures from security watchdogs.