Trending Topics

Scattered Lapsus$ Expands to Targeted Recruitment

The cybercriminal group Scattered Lapsus$ (SLSH), a successor to the disbanded Lapsus$ collective known for high-profile breaches of Microsoft, NVIDIA, and Okta, is reportedly recruiting women to bolster its social engineering operations. According to a Telegram post by Dataminr intelligence, the group offers $500–$1,000 per call, depending on “success and hit rate.” Applicants contact a “Support” account, complete screening questions, and follow a scripted call sequence once approved. The goal is to trick IT help desk employees into sharing or resetting login credentials, echoing the group’s history of manipulating corporate support teams. Experts note that seeking female voices represents a strategic adaptation, a move likely aimed at evading established attacker profiles that IT teams are trained to recognize. This is not the group’s first recruitment effort. In October 2025, SLSH offered Bitcoin payments to individuals willing to harass corporate executives during extortion attempts, underscoring its outsourced, crowdsourced model of cybercrime. The activity comes amid a broader rise in ransomware and data breaches, with allied groups like ShinyHunters claiming responsibility for recent intrusions into CarGurus and Panera Bread. Experts urge organizations to tighten identity verification procedures, strengthen firewall rules, and enforce credential protection protocols to defend against these evolving manipulation tactics.

AWS Confirms Drone Strikes Disrupted Middle East Datacenters, Urges Regional Failover 

AWS has confirmed that drone strikes in the ongoing Iran–US/Israel conflict directly impacted its datacenters in the Middle East, disrupting multiple availability zones in the UAE and Bahrain and prompting customers to move workloads to other regions. On March 2, AWS reported that two facilities in its Middle East (UAE) Region (ME-CENTRAL-1) were struck, causing fires, power outages, and water damage from sprinkler activation, hampering recovery efforts. A separate drone strike near an AWS facility in the Middle East (Bahrain) Region (ME-SOUTH-1) led to localized power loss and physical damage to infrastructure. With two of three zones in the UAE region impaired, services such as S3 experienced high failure rates for data ingest and egress, and some SaaS providers, including Snowflake, reported downstream service disruptions in the region. AWS has warned that the broader operating environment in the Middle East remains unpredictable and advised customers running workloads there to back up their data and consider migrating them to alternative AWS regions. The incidents highlight the physical risk exposure of cloud infrastructure as the Middle East has rapidly developed into a major data center hub, with hundreds of facilities across the region and heavy investment from both local operators and global cloud providers such as AWS, Microsoft, Google, and Oracle.

Update: AI-Powered CyberStrikeAI Tool Linked to Fortinet FortiGate Mass Exploitation

The threat actor behind the recent AI-assisted campaign targeting Fortinet FortiGate appliances used an open-source, AI-native offensive security framework called CyberStrikeAI to automate scanning and exploitation at scale. Public reporting attributes the activity to a suspected Russian-speaking actor that compromised more than 600 FortiGate devices across 55 countries using a mix of generative AI services and integrated security tools. CyberStrikeAI, written in Go and maintained by a China-based developer known as “Ed1s0nZ,” aggregates over 100 tools for vulnerability discovery, attack chain analysis, and knowledge retrieval, effectively serving as an AI-driven red-team platform. The same developer maintains multiple offensive-leaning projects, including ransomware, privilege-escalation scanners, AI jailbreak prompt collections, and data-leak monitoring utilities, and has publicly interacted with Chinese security contractors previously linked to Ministry of State Security–aligned operations. Investigators have observed CyberStrikeAI infrastructure distributed across Asia, Europe, and North America, indicating early but growing adoption by threat actors. Analysts note that the developer recently removed references to a contribution award from China’s CNNVD vulnerability database, which some see as an attempt to downplay state-linked connections as the tool gains notoriety. Together, these findings underscore how AI-augmented, open-source offensive platforms like CyberStrikeAI are lowering the barrier for large-scale, automated exploitation of edge devices such as FortiGate, accelerating both the speed and reach of campaigns.