Security news.
Today's security news highlights significant law enforcement actions against cybercrime infrastructure, with the dismantling of a VPN service used by ransomware groups and the seizure of servers enabling cyberattacks. Additionally, several critical vulnerabilities are under active exploitation, including flaws in Drupal and Trend Micro Apex One, underscoring the ongoing threat landscape for web applications and endpoint security.
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Authorities in Europe and North America have dismantled "First VPN Service," a criminal VPN used by ransomware groups and other cybercriminals to obscure their activities.
Netherlands Seizes 800 Servers of Hosting Firm Enabling Cyberattacks
Financial crime investigators in the Netherlands arrested two individuals and seized 800 servers linked to a web hosting company that facilitated cyberattacks, interference, and disinformation campaigns.
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
Drupal is warning users of active exploitation attempts targeting CVE-2026-9082, a highly critical SQL injection vulnerability, shortly after its disclosure.
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers are demanding answers from CISA after a contractor intentionally published AWS GovCloud keys and other agency secrets on a public GitHub account.
Trend Micro Warns of Apex One Zero-Day Exploited in the Wild
Trend Micro has addressed a zero-day vulnerability (CVE-2026-34926) in Apex One, which is actively being exploited in attacks targeting Windows systems.
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
The Belarus-aligned threat actor Ghostwriter (UAC-0057) is targeting Ukrainian government organizations with phishing emails using lures related to the Prometheus online learning platform.
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
A new automated campaign dubbed "Megalodon" pushed 5,718 malicious commits to 5,561 GitHub repositories, injecting GitHub Actions workflows with base64-encoded bash payloads.
US and Canada Arrest and Charge Suspected Kimwolf Botnet Admin
Authorities in the U.S. and Canada have arrested and charged a Canadian man for allegedly operating the Kimwolf DDoS botnet, which infected nearly two million devices.