FBI Seizes RAMP Cybercrime Forum Used by Ransomware Gangs
Article Link: https://www.bleepingcomputer.com/news/security/fbi-seizes-ramp-cybercrime-forum-used-by-ransomware-gangs/
- Federal Bureau of Investigation (FBI) seized the RAMP cybercrime forum, a platform long used to advertise ransomware operations, malware, and illicit access services.
- The forum’s Tor site and Clearnet domain now display a seizure notice tied to coordination with the U.S. Department of Justice (DOJ) and federal prosecutors in Florida.
- Investigators may now have access to user data such as messages, email addresses, and IP information, which could support identification of forum participants.
- A former operator confirmed the takeover, marking the shutdown of one of the last forums that openly allowed ransomware promotion.
U.S. Charges 31 Suspects in Nationwide ATM Jackpotting Scam
Article Link: https://hackread.com/us-charges-atm-jackpotting-scam-suspects/
- U.S. Department of Justice (DOJ) charged 31 additional suspects in a nationwide ATM jackpotting scheme, raising the total number of defendants to 87 across multiple states.
- Prosecutors said the group used malware to send unauthorized commands to ATMs, forcing machines to dispense cash during coordinated operations.
- Investigators linked some defendants to the Tren de Aragua organization and said stolen funds were used to support other criminal activity.
- Officials credited joint task force work by federal and local agencies and said prosecutions are continuing as cases move through court.
Nike Investigates Data Breach After Extortion Gang Leaks Files
Article Link: https://www.bleepingcomputer.com/news/security/nike-investigates-data-breach-after-extortion-gang-leaks-files/
- Nike said it is investigating a potential security incident after the World Leaks extortion group claimed to leak 1.4 terabytes of company files.
- The group alleged it stole nearly 190,000 internal documents and briefly listed Nike on its data-leak site before removing the entry.
- Nike has not confirmed the claims and the outlet reporting the incident was unable to verify whether the files contained legitimate corporate data.
- Reporting linked World Leaks to earlier ransomware operations that shifted from encryption to data theft and pressure tactics aimed at large organizations.
Poland’s Grid Attack: A Wake-Up Call for Distributed Energy Security
Article Link: https://threatwiredaily.com/article/polands-grid-attack-a-wake-up-call-for-distributed-energy-security-1769666473243
- An organized December attack struck distributed energy resources across Poland, affecting about 30 facilities tied to combined heat and power along with wind and solar dispatch systems.
- The activity focused on decentralized components rather than a single large plant, reflecting a shift toward targeting smaller, connected operational systems.
- The article notes that many organizations rely on interconnected operational technology and control systems similar to those involved in the incident.
- The event is presented as a signal that decentralized designs broaden risk across energy, industrial, and building management environments.
Fortinet Confirms New Zero-Day Behind Malicious SSO Logins
Article Link: https://www.darkreading.com/vulnerabilities-threats/fortinet-new-zero-day-malicious-sso-logins
- Fortinet confirmed that a newly identified authentication bypass flaw was responsible for a wave of malicious logins through its FortiCloud single sign-on (SSO) feature.
- The vulnerability, tracked as CVE-2026-24858, allowed attackers with valid FortiCloud accounts to access other users’ devices when FortiCloud SSO was enabled.
- The disclosure followed weeks of reports showing unauthorized access continuing even after earlier fixes, raising concerns about a new attack path affecting edge devices.
- Fortinet temporarily disabled FortiCloud SSO across all accounts, blocked use on affected software versions, and said customers can move to fixed releases to reduce exposure.
Social Engineering Hackers Target Okta Single Sign On
Article Link: https://www.databreachtoday.com/social-engineering-hackers-target-okta-single-sign-on-a-30614
- Okta warned customers about an active campaign using voice phishing to gain access to corporate environments through single sign-on accounts.
- Researchers said attackers linked to ShinyHunters use live phone calls and real-time phishing tools to capture credentials and session tokens during login attempts.
- Once inside, the threat actors move through internal tools, target higher-privilege users, and extract data for extortion, with up to 150 organizations appearing to be in scope.
- Firms tracking the activity said stronger authentication methods and tighter oversight of login activity can limit exposure to these high-interaction attacks.
The New Face of Cyber Threats: From Scattered Spider to North Korea’s Phantom Workforce
Article Link: https://www.cyberdefensemagazine.com/the-new-face-of-cyber-threats-from-scattered-spider-to-north-koreas-phantom-workforce/
- The article contrasts two modern threat models, the Scattered Spider criminal network and North Korea’s covert IT worker program, showing how both rely on identity misuse rather than technical exploits.
- Scattered Spider, linked to high-profile intrusions at firms, such as MGM Resorts, uses phone-based deception, SIM swaps, and login manipulation to move quickly inside organizations.
- North Korea’s program places fake developers inside real companies, generating revenue while gaining trusted access to code, systems, and internal data.
- The analysis argues these approaches succeed when intelligence about adversaries remains siloed, limiting an organization’s ability to recognize patterns across identity, behavior, and risk.
Federal IT Buyers Told to Plan for Post-Quantum Cryptography
Article Link: https://www.databreachtoday.com/federal-buyers-told-to-plan-for-post-quantum-cryptography-a-30607
- Cybersecurity and Infrastructure Security Agency (CISA) released new guidance telling federal agencies to factor post-quantum cryptography into future technology purchasing decisions.
- The guidance outlines broad product categories such as cloud services, collaboration software, networking equipment, and endpoint tools where post-quantum support is available or expected to mature.
- Officials said the category list will be updated over time as vendors add capabilities, giving agencies flexibility while setting expectations for long-term procurement planning.
- Analysts noted that while the framework supports future federal migration mandates, gaps in validation, configuration readiness, and interoperability could complicate adoption if buyers misread listings as deployment-ready.
U.S. Cyber Defense Chief Accidentally Uploaded Secret Government Info to ChatGPT
Article Link: https://arstechnica.com/tech-policy/2026/01/us-cyber-defense-chief-accidentally-uploaded-secret-government-info-to-chatgpt/
- CISA’s acting director Madhu Gottumukkala reportedly uploaded sensitive government contracting documents to a public version of ChatGPT, triggering internal security alerts.
- The material was marked “for official use only,” raising concerns about unintended disclosure through a widely accessible AI platform used by hundreds of millions of people.
- The incident occurred after Gottumukkala received temporary approval to access ChatGPT, bypassing standard DHS-approved AI tools designed to keep data inside federal networks.
- The disclosure has intensified scrutiny of Gottumukkala’s leadership amid staffing reductions, internal investigations, and congressional questioning over preparedness, governance, and handling of sensitive information.
- The incredible experts at FRSecure recommend strong controls, such as endpoint data loss prevention (DLP), role-based AI access approvals, mandatory AI-use training, and to update acceptable use policies to list only organization-approved AI platforms.
