FILTERING BY: CLEAR FILTER

Kimwolf IoT Botnet: Dismantling of the AISURU-based DDoS-for-Hire Infrastructure

An international law enforcement operation, spearheaded by the U.S. Department of Justice and Canadian authorities, has dismantled the Kimwolf IoT botnet and its associated DDoS-for-hire ecosystem. The botnet, operated by Jacob Butler (alias 'Dort'), utilized the AISURU malware strain to weaponize millions of vulnerable, internet-exposed IoT devices. The infrastructure facilitated massive volumetric attacks, reaching unprecedented peaks of 31.4 Tbps, and was managed through 45 seized web-based command platforms. By seizing the Command and Control (C2) infrastructure and over 25,000 attack command logs, this operation effectively neutralized a major segment of the global 'booter' market and mitigated systemic threats to global internet stability.

The Operationalization of Criminal AI-as-a-Service: FraudGPT, BruteForceAI, and Xanthorox

The 2026 threat landscape is defined by the operationalization of Criminal AI-as-a-Service (C-AIaaS), utilizing platforms like FraudGPT, BruteForceAI, and Xanthorox to compress the attack lifecycle. Technical vectors include specialized jailbreak wrappers for LLM safety bypass and virtual camera injection for real-time deepfake KYC bypass. Attackers leverage hijacked enterprise API keys for unauthorized compute and use LLMs to systematically analyze exfiltrated RAG embeddings. This shift has reduced average eCrime breakout times to 29 minutes and increased phishing click-through rates to 54% by eliminating traditional linguistic indicators of fraud.

US DOJ Charges Russian National Denis Obrezko for Facilitating Large-Scale Ransomware Operations

The U.S. Department of Justice has charged Denis Obrezko, a Russian national extradited from Thailand, for providing critical infrastructure to Russia-aligned ransomware syndicates. Obrezko allegedly managed Command and Control (C2) servers, proxy networks, and access brokerage tools used to compromise U.S. corporate entities, including industrial targets like Westinghouse. By facilitating initial access and maintaining persistence via specialized infrastructure, Obrezko enabled the deployment of ransomware strains and the subsequent extortion of victims via cryptocurrency. This operation specifically targets the "facilitator" layer of the cybercrime ecosystem to disrupt the supply chain of access brokerage used by APTs and ransomware groups.

AI Sandboxes: A Unified Threat Model and Measurement Framework

The research identifies systemic vulnerabilities in current AI testing methodologies, specifically the failure of digital-only sandboxes to mitigate kinetic risks in embodied AI. In cyber-physical systems (CPS), AI agents can bypass digital isolation to manipulate physical environments or human operators. This research introduces a formalized taxonomy and a multi-dimensional measurement framework—incorporating fidelity, controllability, and containment—to address sandbox escape vectors and adversarial attacks on the monitoring apparatus. The framework provides a standardized methodology for validating the safety and security of complex AI deployments through high-fidelity simulation and formal evidence composition.

The Resurgence of Infostealers: Katz, Bee, and Acreed Malware Driving Identity-Centric Enterprise Compromise

Infostealer malware, specifically families such as Katz, Bee, and Acreed, has seen an 800% increase in activity, accelerating a shift toward identity-centric attack vectors. These threats target consumer devices via malvertising, phishing, and cracked software to exfiltrate browser cookies, session tokens, and saved credentials. By harvesting valid session data, attackers bypass Multi-Factor Authentication (MFA) through session hijacking. This data is subsequently commoditized through Initial Access Broker (IAB) marketplaces and Telegram-based distribution, providing the requisite access for enterprise-grade ransomware deployment and large-scale espionage operations.

Exploitation of Automatic Tank Gauge ATG Systems in Critical Infrastructure

A coordinated campaign is targeting Automatic Tank Gauge (ATG) systems across the U.S. energy sector, exploiting vulnerabilities in Modbus and proprietary serial-to-IP communication protocols. Attackers are leveraging insecure remote access gateways, such as cellular modems and VPNs, and exploiting hardcoded credentials or unauthenticated interfaces to gain unauthorized access. By injecting commands or spoofing telemetry data, actors can manipulate liquid level and pressure readings, potentially masking containment leaks or triggering false-positive emergency shutdowns. The lack of network segmentation between IT corporate environments and OT tank consoles facilitates lateral movement, creating significant risks of environmental contamination and fuel supply chain instability.


LINK COPIED TO CLIPBOARD