# Top Stories

German Federal Police (BKA) identified two Russian nationals as leaders of GandCrab and REvil ransomware operations: 31-year-old Daniil Shchukin (alias UNKN) and 43-year-old Anatoly Kravchuk, linking them to over 130 ransomware attacks in Germany between 2019-2021. This represents a major breakthrough in attributing leadership of two of the most destructive ransomware families that caused billions in damages globally.

Fortinet customers face actively exploited zero-day vulnerabilities in FortiClient EMS with only a hotfix available while a full patch remains pending. Two critical defects have been exploited in recent weeks, prompting experts to urge immediate application of temporary fixes to prevent system compromise.

Researchers disclosed GPUBreach, a new attack that exploits Rowhammer bit-flips on GPU GDDR6 memory to escalate privileges and achieve full system compromise. This technique targets graphics processing units rather than traditional system RAM, expanding the attack surface for privilege escalation exploits.

Microsoft reports that Medusa ransomware group deploys zero-day exploits and can complete attacks from initial access to data exfiltration and ransomware deployment within 24 hours. This exceptionally fast attack timeline demonstrates the group's sophisticated capabilities and operational efficiency in compromising enterprise networks.

FBI's Internet Crime Complaint Center (IC3) received 1,008,597 complaints in 2025, with cyber-enabled fraud accounting for 85% of all losses totaling $17.6 billion. The surge includes increased cryptocurrency theft and sophisticated scamming operations targeting victims across multiple platforms.

A disgruntled researcher publicly released exploit code for 'BlueHammer,' an unpatched Windows privilege escalation vulnerability that allows attackers to gain SYSTEM or elevated administrator permissions. The zero-day was previously reported privately to Microsoft but remains unfixed, creating immediate risk for Windows systems.

Iran-linked threat actors conducted password-spraying campaigns targeting over 300 Israeli Microsoft 365 organizations across three attack waves on March 3, 13, and 23, 2026. Check Point identified the campaign as targeting both Israeli and UAE organizations amid ongoing Middle East conflicts.

Drift Protocol revealed that its $280+ million cryptocurrency hack resulted from a sophisticated 6-month social engineering operation by DPRK-linked attackers who built 'a functioning operational presence inside the Drift ecosystem.' The attack demonstrates North Korean APT groups' long-term infiltration capabilities targeting cryptocurrency platforms.

PRT-scan represents the second recent AI-assisted supply chain attack targeting GitHub repositories through automated exploitation of widespread misconfigurations. Threat actors are increasingly leveraging artificial intelligence to scale targeting and exploitation of software development platforms and open-source repositories.

CISA ordered federal agencies to patch actively exploited CVE-2026-35616 in FortiClient Enterprise Management Server by Friday, with Singapore and US authorities warning of ongoing exploitation. The vulnerability allows authentication bypass and represents the latest in a series of Fortinet security flaws being exploited in the wild.