All news with #insider threat tag

⚠️Orchid Security's Identity Gap: Snapshot 2026 reveals that unseen, unmanaged identity elements now exceed visible ones, with 'identity dark matter' at 57% versus 43%. The report warns that rapid adoption of Agent AI amplifies risk because autonomous agents look for the most efficient access paths, often exploiting hard-coded or orphaned credentials and excessive privileges. Orchid urges strengthening identity and access management controls and using its readiness checklist to mitigate exposures.

🔒 Cybercriminals are applying the ransomware playbook to steal freight, using phishing and compromised email accounts to alter shipments, register fraudulent carriers, and redirect loads to criminal warehouses. These tactics affect high-value and perishable goods and frequently go unreported, amplifying losses for small and midsized fleets. NMFTA highlights controls and resources and invites practitioners to the 2026 cybersecurity conference.

🔒 Ransomware campaigns are increasingly paired with explicit threats of physical harm, with a Semperis study finding 40% of incidents involved intimidation and 46% in the US. Reported tactics include threatening notes left at homes, phone calls reciting staff addresses and identity details, and extortionists recruiting local actors to carry out violence. The FBI and vendors warn of a growing pattern — described as violence-as-a-service — and advise organisations to treat employee data as critically sensitive and update incident response plans to manage physical-threat scenarios.

🔒 Two former hosting-company employees allegedly deleted dozens of customer and federal databases after being fired; one brother was convicted on computer-fraud and related charges. Investigators say one used a public AI chatbot to ask how to clear SQL and Windows logs, aiding evidence destruction. Experts warn this underscores failures in off-boarding and privileged access controls and call for stronger AI guardrails and real-time revocation.

⚠️Analysis by the Anti-Corruption Data Collective found significant insider activity on Polymarket. Long-shot wagers—bets of $2,500 or more at implied odds of 35% or less—had an average win rate of about 52% in markets on military and defense actions. By contrast, those long-shot bets won roughly 25% in politics-focused markets and only 14% platform-wide. Author Bruce Schneier warns that permitting such activity risks warping political and military outcomes far more severely than insider sports betting.

🔒 A jury found former federal contractor Sohaib Akhter guilty of conspiring to destroy dozens of government databases after being fired during a remote meeting in February 2025. Prosecutors say Akhter and his twin brother Muneeb ran write-protect commands and deleted roughly 96 databases hosting sensitive investigative and FOIA records for more than 45 agencies. They allegedly sought to hide their activity — even consulting an AI assistant about clearing system logs — and destroyed evidence; sentencing is set for September 9, 2026.

🔒 A 20-year-old California man, Marlon Ferro (aka GothFerrari), was sentenced to 78 months in prison after pleading guilty to serving as a home invader and money launderer for a criminal ring that stole over $250 million in cryptocurrency. Arrested on May 13, 2025, Ferro was found carrying two firearms and a fraudulent ID and was ordered to pay $2.5 million in restitution and serve three years of supervised release. Authorities say the conspiracy combined social engineering, hacking attempts, and physical burglaries to seize hardware wallets and launder funds through exchanges and mixers.

🔒 A Cifas survey of 2,000 UK employees at firms with 1,000+ staff found 13% admitted to selling corporate logins in the past year or knew someone who had. The report highlights even higher tolerance among senior managers and executives, with justification rates rising to 32-43% and 81% for business owners. Cifas urges organisations to build fraud-aware cultures and deliver counter-fraud training to curb insider risk.

🔒 Vimeo disclosed an April breach tied to compromised Anodot credentials that allowed the ShinyHunters extortion group to exfiltrate data. After failed extortion, the group published a 106GB archive and Have I Been Pwned says roughly 119,200 email addresses and some names were exposed. Vimeo states that user login credentials, payment card data, and video content were not accessed, and it disabled the Anodot integration while engaging third-party investigators and notifying law enforcement.

⚠ Polymarket, a platform for betting on real-world events, faces serious integrity problems. Participants have attempted to manipulate outcome verification — including threats to a journalist whose reporting served as an adjudicating source and physical tampering with weather sensors (using hair dryers) to rig weather markets. The site also suffers widespread insider trading, creating legal and ethical exposure. These dynamics undermine trust and the reliability of event-based markets.

🔒 Two American cybersecurity workers, Ryan Goldberg and Kevin Martin, were each sentenced to four years in prison for helping the BlackCat (ALPHV) ransomware gang carry out attacks in 2023, the US Department of Justice said. The pair — who pleaded guilty in December 2025 — worked with a former negotiator, Angelo Martino, and shared proceeds from ransoms, including a $1.2m Bitcoin payout. Prosecutors said they abused specialist cyber skills; the FBI tracked Goldberg across ten countries before his arrest.

⚖️ He pleaded guilty after secretly working for a ransomware gang while ostensibly negotiating payments for victims. The arrangement permitted a trusted intermediary to funnel information and influence negotiations in the gang’s favor, undermining client trust and incident response. Prosecutors say the conduct included clandestine communications that advantaged criminals and complicated recovery. The plea underscores risks in relying on third-party negotiators without robust oversight.

🔒 The U.S. Department of Justice has sentenced two cybersecurity professionals to four years in prison for their roles in deploying ALPHV/BlackCat ransomware against multiple U.S. victims between April and December 2023. Ryan Goldberg and Kevin Martin pleaded guilty in December 2025 after conspiring with Angelo Martino to gain access to the ransomware in exchange for a share of ransoms. Authorities say one extortion yielded approximately $1.2 million in Bitcoin, which the defendants laundered, and that the men abused their security expertise while employed by Sygnia and DigitalMint.

🔒The FBI warned transportation and logistics firms of a marked increase in cyber-enabled cargo thefts, estimating losses in the U.S. and Canada could reach nearly $725 million in 2025. Criminals are using phishing, typosquatting domains, and account compromise to post fraudulent load listings and impersonate carriers, rerouting high-value shipments. The bureau urged multi-factor authentication, dual-channel verification of shipment requests, and reporting incidents to IC3 and local law enforcement.

🔒 A developer at an AI startup downloaded a dubious Roblox script onto a work laptop, a single error that cascaded into a costly breach and caused roughly $2 million in remediation. The episode also highlights the long-standing SS7 telecom weakness that enables pervasive mobile tracking and interception. Host Graham Cluley and guest James Ball interview Rob Edmondson of CoreView about how to lock down Microsoft 365 before misconfigurations are exploited.

🔒Angelo Martino, a 41-year-old former ransomware negotiator, has pleaded guilty to conspiring with the BlackCat (ALPHV) ransomware group after secretly supplying negotiation and insurance details from clients to the gang. While working for incident response firm Digital Mint, he passed policy limits and internal positions to maximize extortion profits and was paid for the information. He also admitted collaborating with associates to deploy ransomware between April and November 2023, and authorities have seized about $10m in assets; he faces up to 20 years and will be sentenced on July 9.

🔒 Angelo Martino, a former ransomware negotiator, pleaded guilty to conspiring with the BlackCat ransomware group to extort U.S. companies in 2023. From April through November 2023, he provided confidential negotiation details — including victims' insurance limits and internal bargaining positions — to maximize ransom demands in exchange for payment. Martino admitted collaborating with incident responders Ryan Goldberg and Kevin Martin while working at DigitalMint and Sygnia, and authorities say the defendants extorted at least $1.2 million in a single case. Investigators seized roughly $10 million in assets; Martino faces up to 20 years and is scheduled for sentencing on July 9, 2026.

🔐 Microsoft Defender Security Research outlines a human-operated intrusion playbook where attackers abuse cross-tenant Microsoft Teams collaboration to impersonate IT/helpdesk staff and socially engineer users into granting remote assistance. With user consent, adversaries gain interactive access via Quick Assist or similar tools, then execute attacker modules by side-loading them into trusted vendor-signed applications. The chain leverages native administrative protocols such as WinRM and commercial RMM tooling to move laterally and stage sensitive business data for exfiltration. Microsoft Defender provides correlated identity, endpoint, and collaboration telemetry to surface and disrupt this pathway.

🔒 Two US nationals were sentenced after admitting they helped operate a scheme that placed North Korean remote IT workers into roles at more than 100 US organisations, including several Fortune 500 firms. Court filings say Kejia Wang (42) and Zhenxing Wang (39) used the stolen identities of at least 80 Americans, received laptops at their US addresses, provided remote access to DPRK-based operators and set up shell companies to launder payments to DPRK. They received prison terms of 108 and 92 months respectively after pleading guilty to conspiracy charges including wire fraud and money laundering; Zhenxing Wang also pleaded guilty to conspiracy to commit identity theft.

🔒 Two U.S. nationals were sentenced to prison for facilitating a scheme that placed North Korean IT workers as faux U.S. employees at more than 100 American companies, including Fortune 500 firms. Between 2021 and October 2024 the pair generated over $5 million for DPRK-linked operations and caused roughly $3 million in corporate losses by using the stolen identities of more than 80 U.S. citizens. They set up shell companies, fake websites, bank accounts, and even hosted company-issued laptops in U.S. homes to mask the remote workers' true locations.