Cyberattacks newsletter
Every day a cyberattack deserves your attention: a multi-million-record breach, ransomware paralyzing a hospital or municipality, an APT publishing indicators, a compromised supply chain affecting your stack. We cover it the way you'd want to read it if you had to mitigate tomorrow: clear timeline, IOCs when published, careful attribution (no rock-throwing), real impact, and what you should do in your organisation if you use technology X. No clickbait, no FUD. Just what matters to defend better tomorrow.
Latest Ciberataques articles
Megalodon malware hits 5,500+ GitHub repos in 6 hours
Megalodon malware pushed malicious commits to 5,500+ GitHub repos in six hours, stealing developer credentials and secrets.
JINX-0164 hits crypto firms with fake recruiter macOS malware
JINX-0164 uses fake recruiter lures to deploy custom macOS malware against crypto firms and steal digital assets.
Dutch police arrest admins of bulletproof hosting used by Russian hackers
Dutch authorities arrested two admins of a bulletproof hosting service — infrastructure that ignores legal takedown requests — used by Russia-aligned threat actors.
Dutch police seize 200+ servers, kill 17M-device botnet
Dutch police take down a 17-million-device botnet and seize 200+ servers from a local hosting provider.
Kali365 PhaaS bypasses Microsoft 365 MFA via OAuth device code
FBI warns about Kali365 PhaaS platform stealing Microsoft 365 session tokens by abusing OAuth device code flow to bypass MFA.
Megalodon: 5,500 GitHub repos backdoored via Actions workflows
Over 5,500 GitHub repositories backdoored with malicious Actions workflows silently exfiltrating CI/CD secrets, keys, and credentials.
China's Webworm hits EU govs via Discord and Microsoft Graph
Chinese APT Webworm targets EU governments using Discord and Microsoft Graph API as covert command-and-control channels.
Linux rootkits, router 0-day, AI intrusions: 25 attacks
Attackers exploit trusted tokens, packages, and accounts across 25 incidents reported this week.
Megalodon: 5,561 GitHub repos hit with malicious CI/CD workflows
5,718 malicious commits pushed to 5,561 GitHub repos in six hours to steal CI/CD pipeline secrets.
FBI shuts down First VPN used by dozens of ransomware gangs
FBI shut down First VPN, a criminal VPN service used by dozens of ransomware groups for network reconnaissance and corporate intrusions.
Infosecurity Europe 2026: what to watch
Infosecurity Europe 2026 brings together ransomware, offensive AI, and critical infrastructure defense as the dominant themes in London.
Ciberataques — frequently asked questions
What is ransomware and how does it spread?
Ransomware is malware that encrypts a victim's files and demands payment for the decryption key. Common vectors: phishing with malicious attachments, exposed RDP with weak credentials, compromised supply chain (MSP, library), or exploitation of unpatched public vulnerabilities. Crypto payments, often with double extortion (exfil + encryption).
What is an APT and why track them by name?
APT (Advanced Persistent Threat) is an actor with resources and long-term objectives, often state-sponsored. They get named (APT28, Lazarus, Webworm) because their techniques, infrastructure and targets are consistent and allow tracking over time. Tracking APTs helps defend against specific TTPs.
What should I do if I'm affected by a data breach?
1) Change your password on the affected service and anywhere else you reused it. 2) Enable 2FA where you haven't. 3) Monitor HaveIBeenPwned for your email. 4) Watch for targeted phishing (attackers use leaked data to impersonate). 5) If banking data leaked, notify your bank.











