Crimson Collective claims ‘sophisticated attack’ Internet service provider Brightspeed confirmed that it’s investigating criminals’ claims that they stole more than a million customers’ records and have listed them for sale for three bitcoin, or about $276,370. … READ MORE HERE…

Crim used infostealer to get cloud credentials If you don’t say “yes way” to MFA, the consequences can be disastrous. Sensitive data belonging to about 50 global enterprises is listed for sale – and, in some cases, has already been sold – on the dark web following a major infostealer campaign, with apparent victims including American utility engineering firm Pickett and Associates; Japan’s homebuilding giant Sekisui House; and Spain’s largest airline Iberia.… READ MORE HERE…

A subpoena has been issued, apparently Resecurity offered its “congratulations” to the Scattered Lapsus$ Hunters cybercrime crew for falling into its threat intel team’s honeypot – resulting in a subpoena being issued for one of the data thieves. Meanwhile, the notorious extortionists have since removed their claims of gaining “full access” to the security shop’s systems.… READ MORE HERE…

Also, Korean Air hacked, EmEditor installer hijacked, a perfect 10 router RCE vuln, and more infosec in brief  The Trump administration has cleared a trio of individuals sanctioned by the Biden administration for involvement with the Intellexa spyware consortium behind the Predator surveillance tool, removing restrictions that had barred them from doing business with the US.… READ MORE HERE…

Lock ’em down interview  AI agents represent the new insider threat to companies in 2026, according to Palo Alto Networks Chief Security Intel Officer Wendi Whitmore, and this poses several challenges to executives tasked with securing the expected surge in autonomous agents.… READ MORE HERE…