Lotus Wiper Malware Targets Venezuela’s Energy Sector
A newly discovered cyberweapon is raising serious concerns about the security of critical infrastructure. Lotus Wiper malware was deployed against energy and utility organizations in Venezuela in late 2025, and unlike most malicious software, it was built for one purpose: permanent destruction. There was no ransom demand, no data theft, and no path to recovery. Once Lotus Wiper malware executes,
NGate Android Malware Steals Card Data via HandyPay
A dangerous piece of Android malware is back with a new disguise. NGate, which security researchers first identified in 2024, now poses as a legitimate NFC payment app called HandyPay. Once installed, it silently captures data from the victim's physical bank card and sends it straight to an attacker waiting at an ATM. No card theft required. The NGate Android
ZionSiphon Malware Targets Israel’s Water Supply
A newly discovered piece of malware is raising serious alarms about the security of critical water infrastructure. Called ZionSiphon malware, it was built with one goal: to infiltrate and sabotage water treatment and desalination systems in Israel. Researchers at AI-powered cybersecurity firm Darktrace uncovered the threat and published a detailed analysis of its capabilities, its targets, and the political messaging
AgingFly Malware Hits Ukrainian Hospitals and Government
A newly discovered threat called AgingFly malware has been striking Ukrainian hospitals, emergency services, and local government bodies in a campaign that ran from March through April 2026. The attacks, identified by Ukraine's Computer Emergency Response Team (CERT-UA), are designed to steal login credentials, extract sensitive data from messaging apps, and hand attackers full remote control over infected systems. The
Storm Infostealer Hijacks Sessions Without Touching Passwords
A new malware called Storm infostealer appeared on criminal underground markets in early 2026, and it works differently from anything most security tools are built to catch. Instead of decrypting stolen browser data on the victim's machine, Storm ships the encrypted data to attacker-controlled servers and decrypts it there. Defenders have no visibility into that infrastructure. By the time the
LucidRook Malware Targets NGOs and Universities in Taiwan
A sophisticated new threat has emerged from the cybersecurity research community's radar. LucidRook malware is the name researchers have given to a newly identified tool used in highly targeted spear-phishing attacks against non-governmental organizations and universities in Taiwan. The attacks, first observed in October 2025, were not the work of opportunistic criminals. They bear the hallmarks of a disciplined, well-resourced
VENOM Phishing Campaign Targets Executives, Bypasses MFA
A sophisticated new phishing operation is going after the people at the top. The VENOM phishing campaign, uncovered by researchers at Abnormal AI, has been quietly targeting CEOs, CFOs, and other senior executives since at least November 2025. It uses a purpose-built platform to steal Microsoft 365 credentials and maintain access to corporate accounts — even after victims change their
Bitcoin Depot Data Breach: $3.6M in Bitcoin Stolen
The Bitcoin Depot data breach has put one of North America's largest crypto ATM operators in the spotlight for all the wrong reasons. Hackers broke into the company's internal systems and walked away with approximately 50.9 Bitcoin — worth around $3.665 million — from corporate settlement accounts. The company disclosed the incident via an SEC filing on April 8, 2026,
US Cybercrime Losses Record: $16.6 Billion Lost in FBI Report
Americans lost more money to cybercrime in 2024 than ever before. The FBI's Internet Crime Complaint Center received over 859,000 complaints last year, with reported losses reaching a record $16.6 billion — a 33% surge from the year before. The US cybercrime losses record reflects not just more attacks, but more damaging ones, with the average victim losing nearly $19,400.
