https://www.tiktok.com/@cisomarketplace
The notorious ransomware group with ties to Vice Society claims another victim as security experts warn of accelerating attacks into 2026. In the early morning hours of February 6, 2026, the RHYSIDA ransomware group updated their dark web leak site with a new victim: an organization identified only as "
A coordinated social engineering campaign targeting single sign-on credentials demonstrates that the human factor remains cybersecurity's weakest link Executive Summary In January 2026, the notorious ShinyHunters cybercrime group executed a sophisticated social engineering campaign that breached three major technology platforms—Crunchbase, SoundCloud, and Betterment—by impersonating Okta cybersecurity
A Nation-State APT That Breached 9 US Carriers Is Operating in Allied Nations. Here's What Your Organization Needs to Know—and Do—Right Now. Executive Summary: This Is Not Just Norway's Problem On February 6, 2026, Norway's Police Security Service (PST) publicly confirmed what
A vulnerability in an unnamed email service provider has potentially exposed the personal information of 35 million Flickr users—and the photo-sharing giant won't say which vendor is responsible. On February 6, 2026, Flickr users around the world woke up to an unsettling email notification. The subject line
The popular newsletter platform Substack has confirmed a significant data breach that exposed the personal information of hundreds of thousands of users. In what security researchers are describing as a serious incident for the publishing industry, an unauthorized third party accessed user data including email addresses, phone numbers, and extensive
A holiday weekend breach at one of America's largest digital banks raises fresh questions about fintech security as the industry continues its explosive growth. The Digital Bank That Promised Something Different When SoFi—short for Social Finance—launched in 2011, it represented a new vision for personal finance.
When one of Wall Street's most prestigious law firms gets hacked, high-net-worth investors from JPMorgan and Goldman Sachs funds learn that their Social Security numbers, passport data, and financial information were sitting on a shared network drive — accessible to anyone who compromised a single user account. Executive Summary
The cybercriminal operation behind seven years of zero-day exploitation campaigns continues its expansion. With 97 victims claimed in the past 30 days and active exploitation targeting Cleo and Oracle systems, Clop has established itself as one of the most persistent ransomware threats facing enterprises today. Clop Ransomware: Inside One of
In the depths of a Polish winter, Russian military intelligence orchestrated one of the most significant cyberattacks on European critical infrastructure in a decade. On December 29-30, 2025, approximately 30 distributed energy facilities across Poland fell victim to a coordinated wiper malware campaign attributed to Sandworm (also known as ELECTRUM)
A state-aligned cyberespionage group operating out of Asia has compromised at least 70 government and critical infrastructure organizations in 37 countries over the past year—and they're just getting started. Executive Summary In what security researchers are calling one of the most expansive nation-state espionage campaigns exposed in
The University of Pennsylvania's October 2025 data breach has become a case study in disputed impact claims, aggressive litigation, and the long shadow of institutional cybersecurity failures—even as Penn claims only 10 people were actually affected. Executive Summary The University of Pennsylvania completed its investigation into a
The $600,000 Dallas County settlement confirms what every pentester already feared — even authorized security work can land you in handcuffs. The news that Dallas County, Iowa has agreed to a $600,000 settlement with two penetration testers who were arrested in 2019 — despite being contracted and authorized to assess