Skip to content
The Nexus
Source profile

CyberScoop

163 articles tracked since Apr 14 · 20:27 UTC. 10 in the last 7 days, 35 in the last 30.

Total
163
Last 7 days
10
Last 30 days
35
Last seen
Jul 10 · 20:13 UTC

Top coverage areas

security133technology14politics11crime3business2

Most-mentioned entities

Aggregated across the most recent 200 articles from CyberScoop.

Recent articles

Last 20
  1. security2026-07-10
    Armenian national pleads guilty to Ryuk ransomware attacks

    An Armenian national, Karen Serobovich Vardanyan, pleaded guilty to participating in Ryuk ransomware attacks against three U.S. organizations in 2019-2020. He agreed to pay $1.2 million in restitution and faces up to 15 years in prison, with co-conspirators accused of extorting over $15 million in Bitcoin from victims.

  2. security2026-07-10
    CISA looks to remedy ailments from big May credential leak

    CISA responded to a May 2023 credential leak by improving protections for sensitive materials, enhancing vulnerability reporting processes, and developing incident response plans. The leak, involving exposed Amazon AWS GovCloud keys on GitHub, led to no customer data exposure, and CISA implemented measures like endpoint monitoring and secret rotation. A security researcher praised CISA’s transparency in acknowledging both successful and flawed aspects of its response.

  3. crime2026-07-10
    Former DigitalMint ransomware negotiator who duped clients sentenced to 70 months in jail

    Angelo John Martino III, a ransomware negotiator for DigitalMint, was sentenced to 70 months in jail for deceiving clients and colluding with ransomware affiliates to extort $75.3 million from five U.S. companies. Martino shared confidential information with BlackCat affiliates to maximize payments, while DigitalMint claims it had no knowledge of his actions.

  4. security2026-07-08
    French nonprofit starts global intelligence and research hub for AI cyber threats

    The Paris Peace Forum, a French non-profit, is launching the Integrated Network for Trusted AI in Cyberspace (INTAiC) to address AI-related threats to global internet infrastructure. The initiative will unite experts from governments, private sector, and civil society to analyze current and future AI cyber risks, create forward-looking reports, and establish a rapid-response coalition. Key partners include Microsoft, Cyber Threat Alliance, and Orange Cyberdefense.

  5. security2026-07-08
    Found fast, fixed slow: The gap the AI clearinghouse must close

    President Donald Trump's executive order mandated the creation of an AI cybersecurity clearinghouse within 30 days to coordinate vulnerability discovery and patching in critical infrastructure. The article highlights risks that the clearinghouse may become a stalled committee rather than an effective solution, emphasizing the bottleneck between AI-driven vulnerability detection and the slower human processes required for validation, patching, and deployment.

  6. security2026-07-07
    Spain arrests suspected hacker linked to Russian hacktivist campaign

    Spain arrested a man suspected of providing logistical support to a Ukrainian hacker linked to the pro-Russian hacktivist group Cyber Army of Russia Reborn. The FBI collaborated with Spanish authorities in the arrest, part of Operation Riptide targeting cybercriminal networks. The suspect also allegedly supported the pro-Russian group NoName057(16) and was involved in facilitating the escape of another hacker to Russia via Poland and Belarus.

  7. crime2026-07-07
    Deepfake CSAM lawsuit against xAI, Grok expands

    A class-action lawsuit against xAI's Grok tool has expanded to include two teenage plaintiffs alleging nonconsensual deepfake child sexual assault material (CSAM) was created using their photos. The lawsuit claims Grok's accessibility enabled a stepfather and an unrelated adult to generate and distribute thousands of illicit images, with xAI failing to assist law enforcement in identifying perpetrators. Stability AI is also named for its Stable Diffusion model's alleged use of CSAM-trained data.

  8. security2026-07-07
    Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities

    China-aligned attackers exploited Roundcube vulnerabilities to breach U.S. and Canadian university networks, targeting physics and engineering departments to steal data and establish persistent access. The campaign, linked to the UNK_MassTraction cluster, used CVE-2024-42009 and CVE-2025-49113 to execute JavaScript and gain mailserver access via phishing emails.

  9. security2026-07-06
    US Army websites defaced with pro-Kurdish sentiments, insults to Trump

    US Army websites oil.army.mil and ai2c.army.mil were defaced with pro-Kurdish messages and insults targeting President Donald Trump and Ambassador Tom Barrack. The defacements, achieved via 404 hijacking, affected error pages on subdomains hosted on WordPress and Microsoft cloud infrastructure. The Army took the sites offline, stating they were hosted on a legacy third-party platform unrelated to its enterprise network.

  10. security2026-07-06
    Finding vulnerabilities was never the hard part

    The article discusses how security leaders struggle not with finding vulnerabilities but prioritizing them, as AI's acceleration of vulnerability discovery exacerbates the problem of overwhelming data without clear risk context. It highlights that organizations focus on visibility metrics rather than contextual risk assessment, leading to inefficient resource allocation.

  11. security2026-07-03
    Someone infected a spyware probe overseer with spyware

    The European Parliament's PEGA Committee discovered that substitute member Stelios Kouloglou, a Greek journalist and former European Parliament member, was infected with Pegasus spyware twice in 2022 and 2023, as revealed by the University of Toronto's Citizen Lab. The infections occurred during critical phases of the committee's work on spyware abuses, highlighting failures to implement its own recommendations.

  12. security2026-06-30
    Citrix patches a new NetScaler flaw with echoes of CitrixBleed

    Citrix disclosed six vulnerabilities in NetScaler ADC and Gateway, including a high-severity memory disclosure flaw (CVE-2026-8451) linked to the CitrixBleed vulnerability class. Researchers at watchTowr and others identified the flaws, which involve memory management issues and require patching and configuration adjustments to mitigate risks.

  13. politics2026-06-30
    Trump budget boss Russell Vought open to re-staffing CISA

    Trump administration budget chief Russell Vought indicated openness to re-staffing the Cybersecurity and Infrastructure Security Agency (CISA) following personnel cuts. CISA director Markwayne Mullin requested hiring 600 additional personnel, though Vought noted no formal request had been received and emphasized the complexity of federal hiring processes.

  14. security2026-06-30
    How ransomware syndicates weaponize corporate-style organization

    The Black Basta ransomware group operated with a corporate-style structure, using organized teams, outsourcing tasks, and performance-based payments to extort victims. They targeted 520 victims across 39 industries, collecting $107 million in bitcoin, and employed tactics like phishing, malware, DDoS attacks, and data audits to maximize ransom demands.

  15. technology2026-06-29
    Warner bill would create federally vetted list for secure, trustworthy AI agents

    A Senate draft bill proposed by Sen. Mark Warner aims to establish a federally vetted list of AI agent providers to ensure security and accountability on online platforms. The AI AGENT Act would require the FTC to certify providers that meet privacy and data security standards, link AI agents to human operators, and allow users to control permissions. The bill seeks to address risks like unreliable AI purchases and data leaks as agentic AI becomes more prevalent.

  16. politics2026-06-29
    Supreme Court approves mail-in ballots that arrive after Election Day

    The Supreme Court ruled 5-4 that states can count mail-in ballots postmarked by Election Day even if they arrive up to five days later. The decision rejected the Republican National Committee's challenge to Mississippi's election rules, affirming that federal law does not require ballots to be received by Election Day and allowing states to set their own receipt timelines.

  17. technology2026-06-29
    Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling

    The Supreme Court ruled 6-3 that collecting phone location data from a geographic area via geofence warrants constitutes a Fourth Amendment search, marking a significant decision for tech privacy. The ruling in Chatrie v. The United States aligns with 2018's Carpenter decision, emphasizing privacy protections for cell-site location data even when shared with third-party tech companies like Google.

  18. security2026-06-29
    What the post-quantum executive order really demands of CISOs

    The executive order on post-quantum cryptography (PQC) establishes deadlines for federal systems to transition to PQC by 2030 for key establishment and 2031 for digital signatures. It emphasizes urgency due to 'Harvest Now, Decrypt Later' attacks, where adversaries collect encrypted data for future decryption via quantum computing. CISOs must shift from awareness to structured ownership, involving cross-functional teams to address embedded cryptographic risks across enterprises.

  19. politics2026-06-26
    ATF cancels controversial commercial geolocation contract

    The Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) canceled a contract with Penlink for ad-tech-based geolocation data after a congressional inquiry revealed over 340 searches using the tool. The pilot project, which provided location data through ad-surveillance technologies, was deemed ineffective. Sen. Ron Wyden praised the cancellation but urged Congress to pass legislation to regulate such practices.

  20. security2026-06-25
    FCC passes new cybersecurity rules for emergency systems, undersea cables

    The FCC approved new cybersecurity rules to strengthen the Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA) against hijacking, requiring measures like strong passwords and authentication IDs. It also updated submarine cable regulations, exempting providers meeting high security standards from stringent national security reviews.

The Nexus tracks 230+ news outlets plus 48 government data feeds. View the full source index or read today’s briefing for synthesis across all of them.