Manufacturing Intelligence
Threats targeting industrial control systems, OT networks, and manufacturing operations.
LockBit 5.0 Deploys AI-Powered Ransomware with Automated Network Mapping
LockBit 5.0 features AI module for automated reconnaissance, high-value target identification, and optimized encryption timing.
Cl0p Claims 200 New Victims from Cleo Campaign — Threatens Mass Data Release
Cl0p adds 200 organizations to its leak site from the Cleo file transfer campaign. Threatens mass data release starting April 1 if ransoms unpaid.
Cl0p Mass Exploits Cleo File Transfer Zero-Day — 600+ Organizations Hit
Cl0p launches fourth major file transfer campaign exploiting Cleo Harmony, VLTrader, and LexiCom zero-day. Systematic data exfiltration ongoing.
LockBit Affiliate Arrested — Europol Seizes $14M in Cryptocurrency
Europol arrests LockBit affiliate in Ukraine and seizes $14M in cryptocurrency. Suspect linked to attacks on 150+ organizations.
Black Basta Ransomware Pivots to Microsoft Teams Social Engineering
Black Basta affiliates using Microsoft Teams messages and Quick Assist for initial access, bypassing email security controls entirely.
APT28 Compromises European Defense Contractor via Outlook Zero-Day
APT28 exploits Outlook NTLM relay zero-day to compromise a major European defense contractor. Classified project data at risk.
Play Ransomware Targets Managed Service Providers for Downstream Access
Play ransomware compromises three MSPs to deploy ransomware across 120+ downstream client organizations simultaneously.
ALPHV Successor RansomHub Becomes Top Ransomware Threat in Q1 2026
RansomHub, believed to include former ALPHV/BlackCat operators, claims 185+ victims in Q1 2026 alone. Now the most prolific ransomware operation.
FBI Warns of AI-Generated Deepfake Voice Attacks Targeting Corporate Executives
FBI issues alert on rising deepfake voice attacks using AI-cloned executive voices to authorize fraudulent wire transfers. $68M stolen in Q1 2026.
Black Basta Internal Chat Logs Leaked — Reveal Operations and Targets
Leaked internal communications from Black Basta ransomware group reveal operational structure, target selection process, and connections to former Conti members.
Australia Cyber Security Centre Warns of Attacks on Critical Infrastructure OT Networks
ACSC issues urgent advisory on increased targeting of Australian critical infrastructure OT networks by state-sponsored actors.
Iranian APT Targets US Defense Industrial Base with New MalwareLoader
Iranian threat actor Peach Sandstorm deploys novel loader in campaign against US defense industrial base. Targets include drone and satellite manufacturers.
Major US Airport Systems Hit by Coordinated Ransomware Attack
Coordinated ransomware attack disrupts systems at four major US airports. Flight information, baggage handling, and check-in systems affected.