Cyber threats aren’t just growing. They’re converging. 🫣

Our Cyber Security Report 2026 reveals how AI, ransomware, identity abuse, and hybrid environments are colliding into faster, more coordinated attacks... and why traditional defenses are struggling to keep up.

This isn’t a prediction. It’s insight backed by real-world global attack data.

👇 Read the full LinkedIn article: https://www.linkedin.com/feed/update/urn:li:ugcPost:7424152138534182912/

#CyberSecurity #ThreatLandscape #AI

If you're working in a SOC, and you need to be able to detect the threat actors, their tools and techniques (TTPs), all that make up the #threatlandscape relevant to your company, its vertical, region etc., then how do you know that you are in fact able to detect everything you should be able to? This is called detection coverage and it used to be impossible to measure. No more.

How do you build detection coverage?

How do you gain visibility on your detection coverage?

How do you maintain firm control over your detection estate over time, even when your unicorns leave the team?

Can you actually build detection capability without a SIEM?

How do you make your #redteam and your #CTIteam force multipliers for your #detectionengineering team?

Can multiple #SOC teams collaborate and become force multipliers for each other?

How do you collect the right CTI data and then make it actionable for the real customers of it?

Find out answers to all of these questions and so much more at the #BSidesLuxembourg2026 #DetectionEngineeringVillage!

Early bird tickets still available, a few more days on pretix https://pretix.eu/BSidesLux/2026/

Impersonation of AECOM HR - The malicious actors continue to target individuals on the search for their next job.

Yesterday I spent the afternoon writing up a response to (what I thought) a reach out by AECOM for potential roles with the company. Having crafted thoughtful responses to the questions, I went to reply –

And realized this was fake. This is a scammer.

The tell-tale signs I missed at first:
· The name not matching the email address
· Weird subject line
· The email coming from GMail rather than their aecom.com domain
· The work signature block including a LinkedIn profile URL
· Email interaction tracking URL

This sample was specifically targeted as they pulled background from LinkedIn regarding my background and experience, hence my blocking the other telltale signs.

These threat actors are using mailsuite [DOT] com a Gmail plugin to track their targeted individuals (aka the u.list-opt-center [DOT] com URL). This appears to be a legit service being used for malicious activities. I have reached out to Mailsuite but have not received a response.

They are impersonating a pamlevesque [AT] aecom.com; I have reached out on LinkedIn Pam Levesque to warn them & connect with their abuse team but have not received a response. I also reached out to multiple other individuals in InfoSec/Risk/Abuse roles at AECOM with no response.

#jobsearch #fraud #impersonation #informationsecurity #abuse #risk #riskmanagement #gethired #hiring #threatlandscape #getFediHired #threatIntel #threatInteligence #cybersecurity #phishing

The full documentation of the initial interaction is on my Github:
https://github.com/obrientg/Analysis/blob/main/Impersonation%20of%20AECOM%20HR%202026Feb-3

and my #Linkedin posting:
https://www.linkedin.com/posts/activity-7425234187286351872-z1Wx
#stinkedin

Incognito Market operator sentenced to 30 years after running a $105M+ dark web narcotics operation using crypto-based internal banking.

Dark web anonymity continues to erode under sustained investigations.

https://www.technadu.com/incognito-market-operator-rui-siang-lin-sentenced-to-30-years-in-major-dark-web-case/619600/

#DarkWeb #CyberCrime #CryptoCrime #ThreatLandscape

CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.

The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.

This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.

Source: https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html

Community insight welcome.
Follow TechNadu for ongoing vulnerability and threat intelligence updates.

#Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense

French law enforcement, supported by Europol’s EC3, is investigating alleged criminal activity linked to platform X, including the dissemination of illegal content such as deepfakes and child sexual abuse material.

Authorities conducted investigative measures in France, with Europol providing on-site analytical and cybercrime expertise. The investigation remains active, with no final findings disclosed.

From a security and governance standpoint, this case underscores ongoing challenges around platform-level controls, detection mechanisms, and regulatory compliance across jurisdictions.

How do you see enforcement evolving for large social platforms?

Source: https://www.europol.europa.eu/media-press/newsroom/news/europol-supports-french-investigation-alleged-criminal-activity-linked-to-platform-x

Share insights below and follow @technadu for fact-driven cybersecurity and policy reporting.

#Cybercrime #PlatformRisk #OnlineAbuse #ThreatLandscape #DigitalGovernance #Europol #InfoSec

Is your 2026 security strategy focused on code or 𝘱𝘦𝘰𝘱𝘭𝘦?

The threats you face are becoming more psychological than technical. You’re no longer just defending against exploits; you’re defending against AI-driven manipulation.

🔵 Read more: https://outpost24.com/blog/cybersecurity-threat-landscape-2026/

#CyberThreat #CyberResilience #ThreatLandscape

It's been a busy 24 hours in the cyber world with significant updates on actively exploited zero-days, nation-state attacks on critical infrastructure, sophisticated vishing campaigns, and the evolving threat landscape of AI. Let's dive in:

Ivanti EPMM Zero-Days Under Active Exploitation ⚠️

- Ivanti has patched two critical zero-day vulnerabilities (CVE-2026-1281, CVE-2026-1340) in its Endpoint Manager Mobile (EPMM) product, both rated CVSS 9.8 for unauthenticated remote code execution (RCE).
- These flaws are actively being exploited in a limited number of customer environments, allowing threat actors to gain administrative access, move laterally, and potentially access sensitive data like phone numbers and GPS locations.
- While specific IOCs are scarce, defenders should scrutinise Apache access logs for unusual GET requests with bash commands in In-House Application Distribution and Android File Transfer Configuration features, and look for unexpected web shells or WAR/JAR files. If compromised, a full restore from backup or migration to a new EPMM instance is recommended.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/30/ivanti_epmm_zero_days/

Coordinated Cyber Attacks on Polish Critical Infrastructure 🚨

- CERT Polska has detailed coordinated destructive cyber attacks on over 30 wind and solar farms, a manufacturing company, and a combined heat and power (CHP) plant in Poland on December 29, 2025.
- The attacks, attributed to Russia's FSB-linked Static Tundra (aka Berserk Bear, Ghost Blizzard), involved reconnaissance, firmware damage, file deletion, and deployment of custom wiper malware like DynoWiper and LazyWiper.
- Initial access was gained via vulnerable Fortinet perimeter devices and statically defined accounts lacking two-factor authentication, with attackers also exfiltrating data related to OT network modernisation and SCADA systems from M365 services.

📰 The Hacker News | https://thehackernews.com/2026/01/poland-attributes-december-cyber.html

ShinyHunters-Style Vishing Bypasses MFA for SaaS Data Theft 🔒

- Mandiant has observed an expansion of financially motivated ShinyHunters-style (UNC6240) activity, tracked as UNC6661 and UNC6671, using advanced vishing and fake credential harvesting sites.
- These groups impersonate IT staff to trick employees into providing SSO credentials and MFA codes, then register their own devices for MFA to access cloud SaaS platforms, exfiltrate sensitive data, and extort victims.
- Organisations should enhance help desk verification processes, enforce strong passwords, remove SMS/phone/email as MFA options, restrict management access, and implement robust logging and detection for MFA lifecycle changes and SaaS export behaviours, moving towards phishing-resistant MFA like FIDO2.

📰 The Hacker News | https://thehackernews.com/2026/01/mandiant-finds-shinyhunters-using.html

Iran-Linked RedKitten Uses AI for Human Rights NGO Targeting 🐱

- A Farsi-speaking threat actor, RedKitten, linked to Iranian state interests, is targeting human rights NGOs and activists, likely leveraging large language models (LLMs) for tooling development.
- The campaign uses macro-laced Excel documents (fabricated protestor death details) in 7-Zip archives as lures, dropping a C#-based SloppyMIO implant via AppDomainManager injection.
- SloppyMIO uses GitHub as a dead drop resolver for Google Drive URLs, steganographically retrieving configuration for its Telegram Bot API-based command-and-control, enabling command execution, file exfiltration, and persistence.

📰 The Hacker News | https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html

Agentic AI: The Next Big Attack Surface 🤖

- A Dark Reading poll indicates that agentic AI is widely expected to become the top attack vector by the end of 2026, due to the expanded attack surface from agents' high access and autonomy, especially with insecure code and "shadow AI."
- Experts highlight that the primary vulnerability lies in what compromised AI agents can access, stressing that authentication and access control, rather than AI safety features, are the critical battleground for securing autonomous systems.
- Deepfakes are also rising as a major social engineering vector for high-value targets, while the adoption of phishing-resistant passkeys is lagging, leaving organisations vulnerable as agentic systems proliferate.

🕶️ Dark Reading | https://www.darkreading.com/threat-intelligence/2026-agentic-ai-attack-surface-poster-child

#CyberSecurity #ThreatIntelligence #Vulnerabilities #ZeroDay #RCE #Ivanti #NationState #APT #CriticalInfrastructure #Poland #Russia #Wiper #ShinyHunters #Vishing #MFA #SaaS #Extortion #Iran #RedKitten #LLM #AI #Deepfakes #ThreatLandscape #InfoSec #CyberAttack #Malware #IncidentResponse

U.S. authorities, working with Bulgarian law enforcement and Europol, seized three high-traffic piracy domains allegedly distributing unauthorized digital content.

The operation highlights the use of domain seizures, international coordination, and infrastructure disruption as tools against large-scale copyright infringement.

What long-term impact do these takedowns have on digital abuse ecosystems?

Follow @technadu for unbiased InfoSec and cyber-policy coverage.

#InfoSec #CyberCrime #IPEnforcement #DigitalGovernance #CyberPolicy #ThreatLandscape