%term

Disrupting Glassworm: Inside CrowdStrike's Takedown of a Developer-Targeting Botnet

May 26, 2026 By Counter Adversary Operations In CrowdStrike

On May 26, 2026, at 14:00 UTC, the CrowdStrike Counter Adversary Operations team executed a coordinated takedown of the Glassworm botnet, a global threat targeting software developers through the open-source supply chain. In collaboration with Google and the Shadowserver Foundation, we struck all four of Glassworm's command-and-control (C2) channels simultaneously, severing the operators from their infected machines and their ability to deliver new malicious payloads.

Read Post

CrowdStrike

Read more about Disrupting Glassworm: Inside CrowdStrike's Takedown of a Developer-Targeting Botnet

Ransomware Trends, Attack Methods, and Protection Strategies

May 25, 2026 By SafeAeon Inc. In SafeAeon

Ransomware has moved beyond simple malware attacks. It is now operating under a structured business model that disrupts operations, not just systems. Attackers are not depending on phishing or malicious files to deploy ransomware. They instead use compromised identities and existing tools present within environments to move undetected. By the time encryption starts, the attack has already progressed across systems.

Read Post

SafeAeon

Read more about Ransomware Trends, Attack Methods, and Protection Strategies

Running the Inverted Offensive Campaign with Adam Karcher

May 23, 2026 By Rubrik In Rubrik

- What happens when the adversary’s dwell time is measured in years, but your defense is measured in tickets? Adam Karcher, FBI Supervisory Special Agent, Cyber Division, and a member of the Bureau’s AI Working Group, joins the show to break down the "convergent evolution" of modern cyber threats. Karcher explains why defenders are often stuck in a cleanup cycle, while threat actors operate in a sophisticated, compartmentalized ecosystem that requires a fundamental shift in defensive strategy.

View Video

Rubrik

Read more about Running the Inverted Offensive Campaign with Adam Karcher

WantToCry ransomware remotely encrypts files

May 19, 2026 By Sophos Counter Threat Unit Research Team In Sophos

SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.

Read Post

Sophos

Read more about WantToCry ransomware remotely encrypts files

Mini Shai-Hulud Hits @antv: 323 npm Packages Compromised Through the atool Maintainer Account

May 19, 2026 By Alina Podoba In Mend

An active supply chain attack has compromised 323 npm packages published under the atool npm maintainer account. The wave sweeps the entire @antv data-visualization organization alongside standalone libraries with wide independent adoption: echarts-for-react, timeago.js, size-sensor, and canvas-nest.js. With echarts-for-react pulling roughly 1.1 million weekly downloads, any project that auto-updates these packages is in scope.

Read Post

Mend

Read more about Mini Shai-Hulud Hits @antv: 323 npm Packages Compromised Through the atool Maintainer Account

Protecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan Sevilla

May 19, 2026 By Rubrik In Rubrik

- Dr. Ido Sivan Sevilla joins host Caleb Tolin to break down battlefield stories from a massive analysis of over 3,000 local government entities. Dr. Sivan Sevilla, who serves as an Assistant Professor at the UMD College of Information and holds joint positions at the Hebrew University School of Public Policy & Governance and the School of Computer Science and Engineering, brings a multidisciplinary lens to the alarming reality of risk clusters.

View Video

Rubrik

Read more about Protecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan Sevilla

The Danger of Legitimate Remote Tools

May 18, 2026 By Rubrik In Rubrik

How threat actors use AnyDesk and TeamViewer to bypass security.

View Video

Rubrik

Read more about The Danger of Legitimate Remote Tools

Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account

May 18, 2026 By Liran Tal In Snyk

A supply chain attack affecting the @antv data visualization ecosystem and related npm packages is actively spreading through the npm registry. The attack, attributed to a threat group called TeamPCP and branded as another wave of the Mini Shai-Hulud campaign, published more than 300 malicious package versions across 323 packages in a 22-minute automated burst on May 19, 2026. The packages collectively represent approximately 16 million weekly downloads.

Read Post

Snyk

Read more about Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account

Analyzing TAX#TRIDENT: Fake Indian Tax Lures Pivot Across ZIP, VBS, Stego and PHP-Wrapped VBS Delivery

May 18, 2026 By Chain 1: In Securonix

Securonix Threat Research tracks TAX#TRIDENT, an active fake Indian Income Tax-themed campaign that uses three delivery paths to reach Windows endpoints. The campaign starts with fake tax assessment lures and then moves victims toward ZIP files, VBScript downloaders, or PHP-looking web endpoints that actually return script content.

Read Post

Securonix

Read more about Analyzing TAX#TRIDENT: Fake Indian Tax Lures Pivot Across ZIP, VBS, Stego and PHP-Wrapped VBS Delivery

How Hybrid Work and Cloud Adoption Are Changing Enterprise Ransomware Risk

May 15, 2026 By Fidelis Security In Fidelis Security

Five years ago, enterprise ransomware risk was mostly a perimeter problem. Today it’s an identity problem, a visibility problem, and a cloud configuration problem, all at once. Hybrid work and cloud adoption didn’t just shift where people work. They fundamentally changed where ransomware attacks begin, how far they reach, and how long they go undetected.

Read Post