Breaking News – Cyber Threats (last 6h)
Generated: 2026-02-27 12:00 PST
- APT37 hackers use new malware to breach air-gapped networks
BleepingComputer • 2026-02-27 11:21 • www.bleepingcomputer.com
North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. […]
https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/ - Europol-led crackdown on The Com hackers leads to 30 arrests
BleepingComputer • 2026-02-27 10:20 • www.bleepingcomputer.com
A yearlong Europol-coordinated operation dubbed “Project Compass” has led to 30 arrests and 179 suspects being tied to “The Com,” an online cybercrime collective that targets children and teenagers. […]
https://www.bleepingcomputer.com/news/security/police-crackdown-on-the-com-cybercrime-gang-leads-to-30-arrests/ - DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
The Hacker News • 2026-02-27 10:11 • thehackernews.com
The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering.
The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added.
“Criminal
https://thehackernews.com/2026/02/doj-seizes-61-million-in-tether-linked.html - 900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
The Hacker News • 2026-02-27 09:59 • thehackernews.com
The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025.
Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France.
The non-profit entity said the compromises are likely
https://thehackernews.com/2026/02/900-sangoma-freepbx-instances.html - CISA warns that RESURGE malware can be dormant on Ivanti devices
BleepingComputer • 2026-02-27 07:57 • www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. […]
https://www.bleepingcomputer.com/news/security/cisa-warns-that-resurge-malware-can-be-dormant-on-ivanti-devices/ - Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
The Hacker News • 2026-02-27 07:33 • thehackernews.com
Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe.
The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate “golang.org/x/crypto” codebase, but injects malicious code that’s responsible for exfiltrating secrets entered via terminal password
https://thehackernews.com/2026/02/malicious-go-crypto-module-steals.html - Third-Party Patching and the Business Footprint We All Share
BleepingComputer • 2026-02-27 07:00 • www.bleepingcomputer.com
Everyday tools like PDF readers, email clients, and archive utilities quietly define the real attack surface. Action1 explains how third-party software drift increases exploit risk and why consistent patching reduces exposure across endpoints. […]
https://www.bleepingcomputer.com/news/security/third-party-patching-and-the-business-footprint-we-all-share/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
