Ransomware Negotiators Sentenced: Sygnia and DigitalMint Employees Get 4 Years for Acting as BlackCat Affiliates

Ryan Goldberg (Sygnia) and Kevin Martin (DigitalMint) were sentenced to 4 years in federal prison for acting as BlackCat ransomware affiliates while employed as incident response professionals — attacking the same clients they were hired to help.

Shadow-Earth-053: Trend Micro Confirms China Spy Group Targets Journalists and Activists Alongside Governments and Defense

Trend Micro publishes full technical attribution of Shadow-Earth-053 — confirming the China-linked group targets journalists and civil society activists alongside governments and defense sectors across Asia and one NATO member state.

Scattered Spider Member "Bouquet" Arrested in Finland — Peter Stokes, 19, Charged With Four Intrusions Starting at Age 16

Peter Stokes (alias "Bouquet"), 19, was arrested in Finland on April 10 while boarding a flight to Tokyo — charged with four Scattered Spider intrusions since age 16, including an $8M ransom demand against a luxury retailer.

Europol IOCTA 2026: AI, Encryption, and Cybercrime-as-a-Service Are Widening the Velocity Gap Between Criminals and Defenders

Europol's IOCTA 2026 warns that cybercrime has industrialized — AI, encryption, and CaaS are widening the velocity gap between criminal innovation and law enforcement capability, with 120+ ransomware variants and $10.5T in projected 2026 costs.

Cordial Spider and Snarky Spider: Two New Com-Affiliated Groups Are Running the Scattered Spider Playbook at Scale

CrowdStrike documents Cordial Spider and Snarky Spider — two new Com-affiliated groups running vishing and SSO phishing campaigns against enterprise SaaS environments with seven-figure extortion demands and no malware deployed.

CISA Orders Federal Agencies to Patch Critical cPanel Authentication Bypass CVE-2026-41940 by Sunday

CISA added CVE-2026-41940 in cPanel and WHM to its KEV catalog with a binding 48-hour patch mandate for all federal agencies — a critical authentication bypass already exploited in the wild granting full host takeover.

PyTorch Lightning Compromised in Supply Chain Attack — Malware Steals Credentials Automatically on Import

Versions 2.6.2 and 2.6.3 of PyTorch Lightning were compromised in a supply chain attack — executing credential-stealing malware automatically on import, targeting SSH keys, cloud credentials, GitHub tokens, and crypto wallets.

France Arrests 15-Year-Old "breach3d" for Hacking ANTS National ID Agency — 11.7 Million Accounts Exposed

A 15-year-old operating as "breach3d" breached France's ANTS national ID agency exposing 11.7 million accounts with passport and driver's license data — and listed 12–19 million records for sale on criminal forums.

Europol Operation PowerOFF Sends 75,000 Warning Letters to DDoS-for-Hire Customers Across 21 Nations

Operation PowerOFF enters its prevention phase — 75,000 warning letters to identified DDoS-for-hire customers, 53 domains seized, 4 arrests, and 3 million criminal accounts as a persistent enforcement asset.

FBI Warns Cyber-Enabled Cargo Theft Surged to $725M in 2025 — Hackers Are Hijacking Freight Before It Leaves the Dock

The FBI warns cybercriminals stole nearly $725M in cargo in 2025 — a 60% surge — by hacking freight broker systems and posting fraudulent load board listings to hijack high-value shipments.

Krebs Investigation: Anti-DDoS Firm Huge Networks Found Enabling Botnet That Attacked Brazilian ISPs

Krebs on Security reveals Huge Networks — a Brazilian DDoS protection firm — was enabling a Mirai-based botnet attacking other Brazilian ISPs, with the CEO's own SSH keys found in the malicious attack archive.

ShinyHunters Claims 9.4M Amtrak Records via Salesforce — 2.1M Accounts Confirmed on Have I Been Pwned

ShinyHunters claims 9.4 million Amtrak records via Salesforce — 2.1 million accounts independently confirmed on Have I Been Pwned. The latest target in the group's coordinated 2026 campaign that has hit ADT, Udemy, Medtronic, Vimeo, and Cisco.