Meridiano
A financially motivated, unsophisticated threat actor used generative AI to compromise over 600 FortiGate firewalls across more than 55 countries. The attacks succeeded by exploiting exposed management ports and weak credentials, not software vulnerabilities, with AI helping automate reconnaissance, tool creation, and data parsing. The actor specifically targeted credentials and backup infrastructure, like Veeam servers, to enable potential ransomware attacks. This incident demonstrates how AI is lowering the technical barrier, allowing less skilled individuals to achieve attack scale previously requiring larger teams.
Articles infosec
Showing articles 31 - 45 of 158 total (matching filters).
-
infosec 5 -
infosec 2The Enigma cipher machine, a Nazi encryption device, is still relevant for modern cybersecurity professionals. Its history demonstrates critical failures like overconfidence, lack of testing, and human error that led to its code being broken. These lessons about operational security and the dangers of assuming invulnerability are directly applicable to defending against contemporary cyber threats. The device's enduring legacy will be highlighted in a presentation at the upcoming RSAC 2026 conference.
-
_roibu_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
infosec 5The Iranian state-linked threat group MuddyWater has launched a new cyberattack campaign, dubbed Operation Olalampo, targeting organizations primarily in the Middle East and Africa. The campaign delivers new, custom malware strains, including the Char backdoor which uses a Telegram bot for command-and-control. Researchers note the malware shows signs of AI-assisted development and that the campaign aligns with current geopolitical tensions. The attacks typically begin with spear-phishing emails and have also involved exploiting server vulnerabilities.
-
infosec 3The article discusses the growing need for AI systems to provide verifiable proof of their specific decisions, not just overall performance metrics. It highlights that dashboards and monitoring tools are insufficient for accountability when incidents occur, as investigators require a factual record of each action. The main topics covered are the accountability gap in AI runtime decisions, the limitations of explainability and telemetry, and the emerging concept of "proof of decision" to create tamper-resistant records of AI actions.
-
infosec 6ATM jackpotting attacks surged in 2025, with criminals cracking 700 machines and causing over $20 million in losses for banks. These attacks often use malware like Ploutus to manipulate ATM software and dispense cash without authorization. U.S. authorities have indicted more than 90 individuals since December 2025 in connection with these crimes. The main topics covered are the spike in attacks and associated financial losses, the criminal indictments, the technical methods of jackpotting, and security recommendations for financial institutions.
-
infosec 5Anthropic has accused three Chinese AI companies—DeepSeek, Moonshot AI, and MiniMax—of conducting large-scale, illicit "distillation" campaigns to extract Claude's advanced capabilities. The attacks used over 24,000 fraudulent accounts and proxy networks to generate millions of exchanges, violating terms of service and regional bans. The targeted capabilities included Claude's reasoning, coding, and agentic functions. Anthropic warns that such illicitly distilled models bypass crucial safety safeguards, creating potential national security risks. The company has responded by developing detection systems to identify and counter these extraction patterns.
-
infosec 5The China-aligned threat actor UnsolicitedBooker has shifted to targeting telecommunications companies in Kyrgyzstan and Tajikistan using phishing emails that deploy the LuciDoor and MarsSnake backdoors. The group, active since at least 2023, uses rare tools of Chinese origin and has shown tactical overlaps with other clusters. Researchers note the group has alternated between using the LuciDoor and MarsSnake backdoors and has employed hacked routers as command-and-control servers.
-
infosec 6The North Korea-linked Lazarus Group has used Medusa ransomware in an attack on a Middle Eastern entity and attempted an attack on a U.S. healthcare organization. This reflects a tactical shift by North Korean hacking groups toward using established ransomware-as-a-service offerings like Medusa and Qilin, rather than developing their own tools, for pragmatic reasons. The groups have targeted various sectors, including healthcare and non-profits, with recent U.S. ransom demands averaging $260,000. The main topics covered are cyberattacks by state-sponsored North Korean actors, the use of specific ransomware and tools, and the evolution of their tactics.
-
infosec 2The article argues that traditional identity management, which prioritizes issues by volume or failed controls, is inadequate for modern enterprises. It proposes a contextual framework for prioritizing identity risk based on three compound factors: controls posture (evaluating security measures in context), identity hygiene (addressing structural weaknesses like orphaned accounts), and business context (assessing the potential impact of a compromise). The main topics are a critique of current identity programs and a detailed explanation of this three-part risk prioritization model.
-
infosec 2The cybersecurity venture capital market saw unprecedented growth in 2025, with total investment activity nearly tripling the previous year's levels. This surge was driven by a massive focus on AI-native security solutions and a record number of mergers and acquisitions. Venture capital firms invested $119 billion, with AI security product firms closing the most financing deals. The investment momentum is fueled by the need for both AI-powered security tools and solutions to protect against threats from the expanding use of AI agents. The trend continued into early 2026, with M&A activity remaining high.
-
infosec 5A Russia-aligned threat group, UAC-0050 (Mercenary Akula), targeted a European financial institution involved in regional development and reconstruction, marking a potential expansion beyond Ukraine. The attack used a spear-phishing email spoofing a Ukrainian judicial domain to deliver a multi-layered payload, ultimately deploying Russian remote access software (RMS) for persistent, stealthy access. The main topics covered are the cyberattack's method, the threat actor's identity and tactics, and the strategic shift in targeting towards entities supporting Ukraine.
-
infosec 4A vulnerability in GitHub Codespaces, named RoguePilot, allowed attackers to take control of repositories by embedding malicious instructions in a GitHub issue. These hidden prompts would be automatically processed by GitHub Copilot when a user launched a Codespace from that issue, potentially leading to data exfiltration like the theft of privileged tokens. The issue has been patched by Microsoft following responsible disclosure. The article also covers broader AI security risks, including methods to remove LLM safety features and side-channel attacks that can infer user query topics.
-
infosec 5The North Korean Lazarus Group has adopted Medusa ransomware in a recent attack on a Middle East organization and attempted another on a US healthcare entity, demonstrating its continued focus on financially motivated cybercrime against critical infrastructure. The attacks also involved other malware like the Comebacker backdoor, Blindingcan RAT, and Infohook stealer. Researchers identified the activity as Lazarus's work but could not definitively pinpoint which specific sub-group within the threat actor was responsible. The main topics covered are Lazarus Group's new use of Medusa ransomware, its financially motivated attacks on critical infrastructure, and the associated malware and tactics.
-
infosec 5The average time for attackers to move laterally within a breached network has accelerated to just 29 minutes, a 65% increase in speed from the previous year. This rapid "breakout" is fueled by the misuse of legitimate credentials, which allows attackers to blend in, and by targeting unmanaged devices that lack security controls. A significant majority (82%) of detected intrusions in 2025 were malware-free, relying on authorized pathways. These factors have drastically reduced the time defenders have to detect and respond to cyber intrusions.
-
infosec 4The release of Jeffrey Epstein case documents reveals how federal investigations obtain user data from tech companies like Google. The documents show grand jury subpoenas requesting user information and the legal correspondence where Google sometimes pushes back against overbroad requests. They detail the types of data Google can be compelled to provide, from basic subscriber information with a subpoena to more sensitive data, and highlight prosecutors' frequent requests for secrecy, prohibiting Google from notifying users. The main topics covered are the government's data request processes, Google's compliance and pushback, and the legal frameworks like the Stored Communications Act governing these exchanges.