Blogs
Subscribe to learn about new product features, the latest in technology, solutions, and updates.
Latest Blogs
All Blogs

Accenture Data Breach 2026: Source Code, RSA/SSH Keys, and Azure Credentials Exposed
On July 8, 2026, Accenture confirmed it had suffered a security breach after a threat actor “888” claimed to have stolen 35 GB of source code ,RSA and SSH keys, Azure credentials, and configuration files containing potentially sensitive environment details. Subsequently, it confirmed an isolated breach and said it had remediated the source.
Jul 08, 2026
Lynx Ransomware and Its Evolution from the INC Lineage
Lynx is a financially motivated Ransomware-as-a-Service (RaaS) operation that emerged in July 2024 and has established itself as a mature double-extortion threat through a structured affiliate model and well-developed operational infrastructure. Analysis of publicly disclosed victim data identified 414 victims across 48 countries, with the United States representing the most affected region, while Business Services and Manufacturing accounted for nearly 40% of observed victims. The group's operations employ diverse initial access techniques—including phishing, compromised credentials, RDP compromise, VPN exploitation, and credential abuse—followed by enterprise-wide reconnaissance, lateral movement, data exfiltration, and ransomware deployment supported by dedicated Tor-based negotiation and leak infrastructure. Observed infrastructure overlaps also indicate a potential operational relationship between the FortiBleed credential harvesting campaign and the broader Lynx/INC ransomware ecosystem, highlighting the possible integration of large-scale credential harvesting with enterprise ransomware operations. The group's operational maturity, technical flexibility, and global targeting demonstrate its continued capability to conduct sophisticated ransomware campaigns against organizations across multiple sectors and geographic regions.
Jul 08, 2026
Ransomware Report - June 2026
This report provides an in-depth assessment of ransomware victim distribution by sector and geography during June 2026, including a comparative analysis with May 2026 to identify shifts in threat actor activity, sector targeting patterns, geographic impact, and overall victim volume. The findings are intended to support cybersecurity leaders and response teams in strengthening defensive posture and operational preparedness.
Jul 02, 2026
PEAR Threat Profile: Redefining Ransomware Through Data Exposure
PEAR (Pure Extraction and Ransom) is an emerging data-extortion threat group that operates using an exfiltration-first model, focusing on stealing and publicly exposing sensitive data rather than deploying encryption-based ransomware. Active since June 2025, the group has rapidly scaled operations to over 92 victims across 9 countries, with a strong concentration in the United States and a diverse cross-sector footprint led by Business Services and Healthcare. Its operations rely on externally obtained access, large-scale data exfiltration, and direct victim engagement through manual communication channels, supported by a TOR-based leak ecosystem and distributed file servers for data publication. The group employs a multi-layer extortion strategy—including direct pressure, double extortion, and staged data leaks—indicating a structured yet evolving operational model centered on data monetization and exposure rather than system disruption.
Jun 23, 2026
FortiBleed: Inside the Credential Heist That Exposed 73,000+ Fortinet Firewalls Worldwide
A large-scale, ongoing credential harvesting campaign — dubbed "FortiBleed" has compromised over 73,932 unique Fortinet FortiGate firewall URLs spanning 194 countries, exposing verified login credentials for VPN gateways and administrative interfaces belonging to some of the world's largest enterprises and government organizations. highly automated operation believed to be orchestrated by a Russian-speaking, multi-operator cybercriminal group. The attackers weaponized previously stolen credentials sourced from infostealer malware and historic Fortinet breaches, firing them at internet-exposed FortiGate devices at industrial scale an estimated 1.16 billion credential attempts against over 320,000 FortiGate targets alone. What makes FortiBleed especially alarming is not a novel zero-day exploit, but rather the ruthless exploitation of fundamental security failures: default administrator accounts, unrotated passwords from prior breaches, exposed management interfaces, and outdated credential hashing mechanisms. The attackers then leveraged compromised firewalls as listening posts, siphoning additional credentials from traversing traffic to fuel further compromise in a self-reinforcing cycle of access. FortiBleed represents a strategic wake-up call: perimeter security is only as strong as the credentials protecting it.
Jun 17, 2026
CMD Organization: Threat Profile of an Emerging Auction-Based Ransomware Operation
CMD Organization is an emerging ransomware operation observed since March 2026, leveraging a hybrid extortion model that combines data exfiltration, encryption, and a unique auction-based monetization strategy. Unlike traditional ransomware groups, CMD integrates public bidding mechanisms that allow third parties to purchase stolen data, reducing reliance on direct victim negotiations. The group operates a segmented infrastructure across TOR and clearnet environments, enabling both anonymity and accessibility, while targeting data-rich organizations across multiple sectors and regions. Although technically limited and reliant on commodity tooling, CMD demonstrates evolving operational capability through its platform-driven approach, positioning stolen data as a tradable asset and indicating a shift toward marketplace-based cybercrime models.
Jun 15, 2026
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
A critical security flaw in ServiceNow was exploited in early June 2026, allowing unauthenticated attackers to access sensitive enterprise data. The vulnerability stemmed from a misconfigured API endpoint that bypassed authentication controls. Although initially reported through bug bounty submissions, evidence confirmed that a subset of customer instances was successfully queried before a patch was deployed. This marks the first confirmed case in recent months where attackers accessed data prior to remediation.
Jun 11, 2026
Krybit Ransomware: Threat Profile of an Emerging RaaS Operation
Krybit is an emerging ransomware-as-a-service (RaaS) group active since March 2026, targeting 40+ organizations globally through phishing, compromised credentials, and exposed services, followed by data exfiltration and multi-platform ransomware deployment. It operates via an affiliate-driven model with centralized leak operations, indicating scalable infrastructure, though its full capabilities and attribution remain partially unverified.
Jun 06, 2026
Ransomware Report - May 2026
This report provides an in-depth assessment of ransomware victim distribution by sector and geography during May 2026, including a comparative analysis with April 2026 to identify shifts in threat actor activity, sector targeting patterns, geographic impact, and overall victim volume. The findings are intended to support cybersecurity leaders and response teams in strengthening defensive posture and operational preparedness.
Jun 01, 2026
The Gentlemen Ransomware Leak Breakdown-From Attackers to Victims
The Gentlemen RaaS operation suffered an internal compromise, likely via third-party infrastructure, exposing credentials, internal chats, and operational data. The leak revealed a credential-driven attack model involving Active Directory abuse and GPO-based deployment, along with the evaluation of vulnerabilities such as CVE-2024-55591, CVE-2025-32433, and CVE-2025-33073. Despite the breach and data monetization, the group continued operations, showing strong resilience and a mature affiliate-driven ransomware model.
May 25, 2026
GitHub Internal Repository Breach: TeamPCP Exfiltrates ~3,800 Private Data via Poisoned VS Code Extension.
TeamPCP reportedly used a malicious VS Code extension to compromise a GitHub employee’s device, steal credentials, and exfiltrate data from about ~3,800 internal repositories. The leak appears to involve GitHub’s internal source code and engineering systems, not customer repositories, and the actor allegedly tried to sell the data afterward.
May 22, 2026
Ransomware Report - April 2026
This report provides an in-depth assessment of ransomware victim distribution by sector and geography during April 2026, including a comparative analysis with March 2026 to identify shifts in threat actor activity, sector targeting patterns, geographic impact, and overall victim volume. The findings are intended to support cybersecurity leaders and response teams in strengthening defensive posture and operational preparedness.
May 02, 2026