The Doors Were Already Open May 2026 Ransomware in Review
Blog The Doors Were Already Open May 2026 Ransomware in Review Every month the ransomware reports look roughly the same, and every month there’s something underneath the averages worth pausing on. May 2026 is no exception. ThreatMon counted 747 victims across the month, nine groups did the heavy lifting in the ten headline cases, and […]
What Was a 45-GPU Cracking Farm Built For?
Blog What Was a 45-GPU Cracking Farm Built For? A 45-GPU Cracking Rig and 74,000 Records: Inside the Global FortiGate Access Campaign Most credential leaks are messy. Someone dumps a pile of raw data, half of it stale, and walks away. What ThreatMon’s research team pulled apart in June 2026 was the opposite: a clean, […]
Why Would an Adversary Collect 74,000 FortiGate
Blog Why Would an Adversary Collect 74,000 FortiGate ThreatMon Analysis of a Global FortiGate Access Collection Operation Executive Summary In June 2026, security researcher Volodymyr “Bob” Diachenko disclosed the existence of a large dataset associated with internet-facing FortiGate deployments worldwide. The disclosure immediately attracted attention due to the scale of the exposed information and the […]
The Cyber War Nobody’s Talking About at the FIFA World Cup
The pipelines keep running. The rigs keep drilling. But somewhere in the background, threat actors are quietly doing their own kind of work stealing credentials, probing control systems, and waiting for the right moment to pull the trigger on a ransomware payload. The 2026 threat intelligence picture for the oil and gas sector is not pretty, and if you’re involved in energy security, it deserves your full attention.
Oil & Gas Under Siege: What the 2026 Cyber Threat Landscape Actually Looks Like
The pipelines keep running. The rigs keep drilling. But somewhere in the background, threat actors are quietly doing their own kind of work stealing credentials, probing control systems, and waiting for the right moment to pull the trigger on a ransomware payload. The 2026 threat intelligence picture for the oil and gas sector is not pretty, and if you’re involved in energy security, it deserves your full attention.
GitHub’s Source Code Is for Sale And They’ve Confirmed It
Blog GitHub’s Source Code Is for Sale And They’ve Confirmed It On May 19, 2026, a threat actor going by the handle TeamPCP posted a sale listing on the Breached cybercrime forum offering roughly 4,000 private GitHub repositories including the company’s core Rails application for a starting price of $50,000. By the time researchers caught […]
One Month. Hundreds of Victims. A Growing Ransomware Crisis
Blog Ransomware Is No Longer About Encrypting Files. It’s About Putting Pressure On Organizations The people who do ransomware attacks are getting faster and targeting kinds of companies. They are not just stopping computers from working they are making it hard for organizations to do their jobs. This is happening to all kinds of organizations […]
Seedworm Expands Operations with Stealth-Focused Espionage Campaign
Blog Seedworm Expands Operations with Stealth-Focused Espionage Campaign ThreatMon researchers identified a new espionage campaign linked to Seedworm, the Iran-aligned threat actor also known as MuddyWater and Static Kitten. The activity affected organizations across multiple industries, including manufacturing, finance, government, aviation, and education. The campaign shows a clear shift toward stealth and operational security. Instead […]
Ransomware Isn’t Slowing Down It’s Changing Shape
Blog Ransomware Isnt Slowing Down Its Changing Shape Ransomware Ransomware isn’t new. But the way it operates in 2026 feels fundamentally different. It’s faster. More targeted. More business-aware. And most importantly it’s no longer just a technical problem. A Threat That Doesn’t Care Where You Are If there’s one thing this month’s data makes clear, […]
Financial Sector Under Siege The New Cyber Threat Reality (2025–2026)
Blog Financial Sector Under Siege The New Cyber Threat Reality (2025–2026) Financial Sector Under Siege The financial sector has always been a target for cybercriminals. Now attacks are no longer just isolated incidents. They are part of a connected and evolving cyber ecosystem. According to ThreatMon analysis todays attacks are not about breaching systems. They […]