Network Security

It’s that time of year where we re-visit the wins and challenges from 2025 in our special year-end edition of The Good, The Bad and the Ugly. Here are the biggest stories that defined the best, the worst, and the ugliest cybersecurity moments from this past year. The Best 2025 has been a year of […]

The Good | Authorities Dismantle Global Fraud Ring and Crypto Laundering Network Eurojust officials have dismantled a transnational fraud ring running call centers in Ukraine that scammed European victims out of more than €10 million. In collaboration with authorities from the Czech Republic, Latvia, Lithuania, and Ukraine, police arrested 12 suspects and conducted 72 searches

The Good | U.S. & Spanish Officials Crack Down on Hacktivist & Identity Theft Activities U.S. officials have charged Ukrainian national Victoria Dubranova for allegedly supporting Russian state-backed hacktivist groups in global critical infrastructure attacks. Extradited earlier this year, Dubranova faces trials in February and April 2026 tied to her suspected involvement in NoName057(16) and

CyberVolk is a pro-Russia hacktivist persona we first documented in late 2024, tracking its use of multiple ransomware tools to conduct attacks aligned with Russian government interests. After seemingly lying dormant for most of 2025 due to Telegram enforcement actions, the group returned in August with a new RaaS offering called VolkLocker (aka CyberVolk 2.x).

As we close out 2025 and look ahead to 2026, nothing is as we might have expected even a year ago. AI has disrupted, and will continue to disrupt, every corner of modern life. In threat intelligence, SentinelLABS has not only recognized this shift but actively pivoted to meet it. At the same time, geopolitical

A critical remote code execution (RCE) vulnerability, dubbed ‘React2Shell’, affecting React Server Components (RSC) and Next.js, is allowing unauthenticated attackers to perform server-side code attacks via malicious HTTP requests. Discovered by Lachlan Davidson, the flaw stems from insecure deserialization in the RSC ‘Flight’ protocol and impacts packages including react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. Exploitation is highly

The Good | Authorities Jail WiFi Hacker, Seize €1.3B Crypto Mixer & Charge Two Malicious Insiders An Australian national has received just over seven years in prison for running “evil twin” WiFi networks on various flights and airports to steal travelers’ data. Using a ‘WiFi Pineapple’ device as an access point, he cloned legitimate airport

The Good | Poland Detains Russian Hacker Amid Rising Moscow-Linked Sabotage Poland’s Central Bureau for Combating Cybercrime (CBZC) has arrested a Russian national in Kraków on suspicion of breaching the IT systems of local companies, marking the latest incident tied to what Warsaw describes as Russia’s expanding sabotage and espionage campaign across Europe. According to

Shai-Hulud Worm 2.0 is a major escalation of the NPM supply chain attack, now executing in the preinstall phase to harvest credentials across AWS, Azure, and GCP and establish persistence via GitHub Actions. The following SentinelOne Flash Report was sent to all SentinelOne customers and partners on Tuesday, November 25, 2025. It includes an in-depth

This is an era defined by relentless pressure on cybersecurity professionals. As environments and attack surfaces have expanded, endpoint, cloud, identity, and now AI signals continue to pile up faster than teams can interpret them. Meanwhile, rapidly evolving TTPs, fueled by ransomware-as-a-service (RaaS) and other off-the-shelf tooling have enabled motivated threat actors to move with