South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

The Crowded Battle: Key Insights from the 2025 State of Pentesting Report

Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse

Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.
The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN).
"LAGTOY can be

Headline

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

The Hacker News: Latest News