Today’s roundup
Iran ’s Internet near-totally blacked out amid US, Israeli strikes
CISA warns that RESURGE malware can be dormant on Ivanti devices
APT37 hackers use new malware to breach air-gapped networks
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
Who is the Kimwolf Botmaster “Dort”?
Europol-led crackdown on The Com hackers leads to 30 arrests
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute
EU lawmakers propose that youth under 16 be barred from social media without parental consent
Summary
Iran experienced a near-total internet blackout on Saturday, February 28, 2026, coinciding with US and Israeli military strikes. Network monitoring by NetBlocks and Cloudflare indicated national connectivity dropped to as low as 4% of normal levels, with traffic effectively reaching zero by 18:45 UTC. This disruption mirrored previous measures used during last year’s conflict, suggesting intentional restrictions by authorities to curb information flow and mitigate cyber threats amid escalating tensions. Large-scale cyberattacks also reportedly struck Iranian media platforms, including IRNA and ISNA.
CISA has issued new details regarding RESURGE, a malicious implant utilized in zero-day attacks against Ivanti Connect Secure devices. The malware exploits CVE-2025-0282, a vulnerability allowing threat actors to breach Ivanti systems. Organizations using Ivanti devices are warned that RESURGE can remain dormant on compromised systems, posing a persistent threat.
North Korean hacking group APT37 is deploying new malware to infiltrate air-gapped networks. These tools facilitate data exfiltration between internet-connected and isolated systems, propagating through removable drives. The operation also includes capabilities for covert surveillance, highlighting advanced persistent threat tactics against highly secure environments.
Cybersecurity researchers have uncovered a malicious Go module, github[.]com/xinfeisoft/crypto, impersonating the legitimate "golang.org/x/crypto" codebase. This module is designed to harvest passwords, establish persistent SSH access, and deploy a Linux backdoor named Rekoobe. The injected malicious code exfiltrates sensitive information entered via terminal password prompts, posing a supply chain risk for Go developers.
The Shadowserver Foundation reports that over 900 Sangoma FreePBX instances remain infected with web shells. These compromises stem from attacks that exploited a command injection vulnerability starting in December 2025. The majority of affected instances, 401, are located in the U.S., with others identified in Brazil, Canada, Germany, and France, indicating a widespread, ongoing threat.
KrebsOnSecurity has identified "Dort," the operator behind the Kimwolf botnet, as Jacob Butler, a Canadian individual previously known for Minecraft cheats and affiliations with groups like LAPSUS$. Following the exposure of a Kimwolf vulnerability, Dort retaliated by launching DDoS attacks, doxing, and orchestrating a swatting incident against the security researcher who disclosed the flaw and the author.
Europol, in a yearlong operation dubbed "Project Compass," has coordinated a major crackdown on "The Com," an online cybercrime collective targeting children and teenagers. The operation resulted in 30 arrests and identified 179 suspects associated with the group, underscoring significant law enforcement action against cyber exploitation of minors.
The U.S. Department of Justice announced the seizure of $61 million worth of Tether cryptocurrency. These funds were linked to widespread "pig butchering" schemes, which are sophisticated cryptocurrency investment scams. The confiscated assets were traced to addresses used for laundering illicit proceeds stolen from victims.
Anthropic, an artificial intelligence (AI) developer, has been designated a "supply chain risk" by the U.S. Pentagon. This decision, directed by Secretary of Defense Pete Hegseth, followed months of unresolved negotiations where Anthropic requested exceptions for its Claude AI model regarding mass domestic surveillance and fully autonomous weapons, highlighting concerns over ethical AI use in national security.
EU lawmakers are proposing new regulations that would prohibit individuals under the age of 16 from accessing social media platforms without parental consent. The proposal also explicitly states that children under 13 should not be permitted social media access under any circumstances, aiming to enhance online safety and privacy for minors across the European Union.
Want to dig deeper?
Vulnerabilities
Cyber Groups
| APT37 | InkySquid, ScarCruft, Reaper, Group123, TEMP.Reaper, Ricochet Chollima |