Dataproof Communications

Key Findings Consolidation after peak fragmentation: The top 10 ransomware groups accounted for 71% of all Q1 2026 victims, a sharp reversal from the fragmentation seen in Q3 2025. The ransomware ecosystem is once again consolidating around fewer, more dominant operators. Volume stabilization at historically high levels: There were 2,122 victims posted on data leak sites (DLS), making this period the...

- Read more

Learn how malicious Claude Code skills can abuse dynamic context commands to execute before model-level prompt injection defenses can intervene. - Read more

AI agents are not a future concern. They are already changing how enterprise systems are accessed, automated, and abused. And the security implication is clear: the more autonomous systems rely on APIs, the more important it becomes to know exactly which APIs exist, how they are being used, and whether they are being misused. If your organization cannot answer those questions,...

Information published. - Read more

A highly sophisticated Brazilian banking trojan named TCLBANKER, tracked under the campaign REF3076, this malware represents a major update to the older Maverick and SORVEPOTEL families. It stands out because it uses a fake, signed Logitech installer to infect systems and spreads automatically via WhatsApp and Microsoft Outlook. The attack begins when a user downloads a malicious ZIP file....

ShinyHunters-linked attackers defaced Canvas portals, disrupting finals week access and exposing SaaS security risks for schools. The post ShinyHunters Extorts Universities in New Instructure Canvas Hack appeared first on TechRepublic. - Read more

The five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap” that CSOs must avoid, says an expert. “Patch today to survive the weekend,” said Robert Enderle of the Enderle Group, “but start planning your exit from legacy MDM as soon as possible.” He was commenting...

Spring cleanupThis week’s Metasploit updates focused on foundational improvements and expanded target reach. Key enhancements were made to the recently released Copy Fail exploit module, which now benefits from payload fixes in linux/x64/exec and linux/armle/exec. These changes expand its capability, enabling the use of the cmd/unix/python/meterpreter/reverse_tcp payload on x64 targets and introducing support for ARMLE Linux. Additionally, the exploit/multi/http/shiro_rememberme_v124_deserialize module has been improved to allow operators...

ACSC warns over a campaign targeting organizations which uses ClickFix to deliver Vidar infostealer malware - Read more