A recent attempt at a destructive cyberattack on Poland’s power grid has prompted the Cybersecurity and Infrastructure Security Agency to publish a warning for U.S. critical infrastructure owners and operators.
Tuesday’s alert follows a Jan. 30 report from Poland’s Computer Emergency Response Team concluded the December attack overlapped significantly with infrastructure used by a Russian government-linked hacking group, and that it targeted 30 wind and photovoltaic farms, among others.
CISA said its warning was meant to “amplify” that Polish report. In particular, CISA said the attack highlighted the threats to operational technology and industrial control systems, most commonly used in the energy and manufacturing sectors.
And CISA’s alert continues a recent agency focus on securing edge devices like routers or firewalls, after a binding operational directive last week to federal agencies to strip unsupported products from their systems.
“The malicious cyber activity highlights the need for critical infrastructure entities with vulnerable edge devices to act now to strengthen their cybersecurity posture against cyber threat activities targeting OT and ICS,” the alert reads.
“A malicious cyber actor(s) gained initial access in this incident through vulnerable internet-facing edge devices, subsequently deploying wiper malware and causing damage to remote terminal units (RTUs),” it states. “The malicious cyber activity caused loss of view and control between facilities and distribution system operators, destroyed data on human machine interfaces (HMIs), and corrupted system firmware on OT devices. While the affected renewable energy systems continued production, the system operator could not control or monitor them by their intended design.”
CISA urged owners and operators to review the Polish report, as well as security guidance from other U.S. agencies.
The attack directed at Poland — which its CERT compared to “deliberate arson,” and had a “purely destructive objective” at a time when the nation was struggling with cold temperatures and snowstorms — has had ripples in other parts of the world, too.
“Operators of UK critical national infrastructure (CNI) must not only take note but, as we have said before, act now,” Jonathon Ellison, director for national resilience at the United Kingdom’s National Cyber Security Centre, said in a LinkedIn post Monday.
Dragos, a cybersecurity firm that specializes in industrial control systems, said the attack represented a new frontier.
“This is the first major cyber attack targeting distributed energy resources (DERs), the smaller wind, solar, and CHP [combined heat and power] facilities being added to grids worldwide,” the company wrote in a report last month. “Unlike the centralized systems impacted in electric grid attacks in 2015 and 2016 in Ukraine, these distributed systems are more numerous, require extensive remote connectivity, and often receive less cybersecurity investment. This attack demonstrates they are now a valid target for sophisticated adversaries.”
Poland’s analysis concluded that the infrastructure used in the attack overlapped with that used by the group known alternately as Static Tundra, Berserk Bear, Ghost Blizzard and Dragonfly.
More details are emerging daily from the January 30 release of more than three million pages of documents by the US Department of Justice (DOJ), exposing the extraordinary breadth of Jeffrey Epstein’s social and financial circle, which included some of the world’s most powerful people.
Epstein was an American financier and convicted sex offender who used his vast wealth and high-profile social connections to orchestrate a decade-long sex trafficking ring involving dozens of underage girls.
As news organisations and citizen journalists work their way through the vast amount of material, Al Jazeera gives you the background you need to know about Epstein, his criminal cases, infamous island, inner circle, and the latest DOJ release to help you better understand the story.
How can you access the Epstein files?
Under the Epstein Files Transparency Act, which was signed into law in the United States on November 19, 2025, the DOJ was meant to release all unclassified records related to Epstein and his accomplice Ghislaine Maxwell within 30 days.
In total, the DOJ identified six million pages of evidence. But so far, it has only released 3.5 million pages, including some 180,000 images and 2,000 videos.
The pages consist of email chains, text messages, internal investigative reports, news articles and other material tied to Epstein, including bank statements, wire transfer records, flight logs, and FBI interview summaries.
The files are organised into 12 separate data sets, each containing different categories of evidence as follows:
Data Sets 1-8: Contain the bulk of FBI interview summaries and police reports from Palm Beach, Florida, between 2005 and 2008.
Data Set 9: Contains email evidence, including private correspondence between Epstein and high-profile individuals, as well as internal DOJ correspondence regarding the 2008 non-prosecution agreement that granted broad federal immunity to Epstein and his potential coconspirators.
Data Set 10: Contains 180,000 images and 2,000 videos seized from Epstein’s properties. These materials are heavily redacted, featuring numerous blacked-out boxes that the DOJ says are in place to protect potential victims. However, this has been criticised for allowing some victims to remain identifiable while shielding potential perpetrators.
Data Set 11: Contains financial ledgers, flight manifests to Epstein’s island in the US Virgin Islands, and property seizure records.
Data Set 12: Contains late productions and supplemental items of approximately 150 documents that require more detailed legal review.
Compared to large data leaks and investigations, the Epstein files rank among some of the largest in terms of the number of documents.
Who was Jeffrey Epstein?
Epstein was born in Brooklyn, New York on January 20, 1953.
Despite not graduating from university, he was hired to teach physics and mathematics at the age of 21 at the Dalton School, an elite private institution in Manhattan.
After being connected by the father of one of his students, he began working at Wall Street investment bank Bear Stearns, but left the firm following a regulatory violation related to his misconduct.
Epstein then founded his own financial management and consulting firm, which serviced ultra-wealthy clients and built his fortune. He leveraged his wealth to cultivate relationships with powerful figures across politics, business, royalty and academia.
In 1991, Epstein met Ghislaine Maxwell, the daughter of the late British media tycoon Robert Maxwell. The two became romantically involved, and she became his primary coconspirator.
Timeline of Epstein’s criminal cases
In 2005, the Palm Beach Police Department began an investigation into Epstein after the parents of a 14-year-old girl reported that he had molested their daughter.
In July 2006, the FBI launched a federal investigation into Epstein, identifying 36 girls who were minors at the time of their abuse.
In May 2007, federal prosecutors had prepared a draft indictment of 60 counts against Epstein. However, in September that year, US Attorney for the Southern District of Florida Alexander Acosta signed a non-prosecution agreement that granted immunity to Epstein, four named coconspirators and “any potential coconspirators”.
US President Donald Trump listens as then-US Labor Secretary Alexander Acosta speaks during a meeting of the President’s National Council for the American Worker in the Roosevelt Room of the White House, on September 17, 2018 [Evan Vucci/AP Photo]
In 2008, under a secret arrangement, Epstein pleaded guilty to just two state charges of solicitation of prostitution and solicitation of prostitution from someone under the age of 18. He was sentenced to 18 months in a minimum-security facility, but was allowed work release for 12 hours per day.
He was released five months early in 2009 after serving less than 13 months at the Palm Beach County Stockade, and had to register as a sex offender.
In the decade that followed, Epstein faced allegations from multiple women who claimed they were victims of his sexual abuse.
In November 2018, the Miami Herald published a series of investigative pieces revisiting Epstein’s case. The coverage received renewed public interest and, in July 2019, Epstein was arrested on federal sex trafficking charges after prosecutors in New York concluded they were not bound by the terms of the earlier non-prosecution agreement.
While awaiting trial, on August 10, 2019, Epstein was found dead in his cell. Investigators ruled it a suicide by hanging.
The case continued with charges against Epstein’s longtime associate and former girlfriend, Ghislaine Maxwell. In July 2020, federal prosecutors in New York charged Maxwell with helping to recruit underage girls, who she and Epstein then sexually abused.
Maxwell was convicted in December 2021 of sex trafficking, conspiracy and transportation of a minor for illegal sexual activity, and sentenced to 20 years in prison in 2022.
Where was Epstein’s island?
In 1998, Epstein purchased a private island, Little Saint James, located in the US Virgin Islands, for $8m.
The island provided extreme isolation, requiring access by boat or helicopter, and became Epstein’s primary residence. It served as the central location for his trafficking operation, with released documents including island blueprints, photographs, Little Saint James logbooks, and multiple logs of boat trips.
In 2016, Epstein expanded his Caribbean holdings by purchasing Great Saint James, a larger island neighbouring Little Saint James.
In May 2023, billionaire Stephen Deckoff, the founder of the private equity firm Black Diamond Capital Management, announced the acquisition of the Great Saint James and Little Saint James islands for $60m.
Epstein owned at least six properties around the world, including:
Townhouse in Manhattan, New York: A large Upper East Side mansion at 9 East 71st Street, which sold for about $51m in 2021 to Michael Daffey, a former Goldman Sachs executive.
Zorro Ranch, New Mexico: A large ranch near Stanley, New Mexico that was sold in 2023.
Mansion in Palm Beach, Florida: A waterfront estate at 358 El Brillo Way was a key site where prosecutors say many sex crimes were committed. The property was demolished by a developer in 2021 to “erase the legacy” of the site.
Little Saint James: Epstein’s primary private island residence in the Caribbean.
Great Saint James: A larger island, neighbouring Little Saint James.
Apartment in Paris, France: A luxury apartment at 22 Avenue Foch in the 16th arrondissement, which sold for $10.4m to Bulgarian plastic packaging tycoon Georgi Tuchev.
At the time of his death in 2019, Epstein’s real estate portfolio was valued at around $180m, though most of it was eventually sold at a discount.
Who was in Epstein’s inner circle?
Epstein ran a deep, multilayered operation that depended on several key figures who enabled his criminal activities over decades.
The Justice Department shared a diagram mapping Epstein’s inner circle in the released documents in January, with a number of names and faces redacted. Below is a list of some of the most prominent figures.
American financier Jeffrey Epstein’s inner circle [US Department of Justice]
Ghislaine Maxwell: Her intimate friendship with Epstein dated back to the 1990s. She played a significant role in recruiting girls and young women.
Jean-Luc Brunel: The French modelling agent was financed by Epstein in 2004, launching MC2 Model Management. Many victims have testified that Brunel helped recruit girls for Epstein. He also died by suicide in his cell at La Sante Prison in Paris in 2022 before his trial.
Darren Indyke: Epstein’s personal lawyer was involved in the inner workings of Epstein’s finances. He was named in Epstein’s will to receive $50m.
Richard Kahn: Epstein’s accountant, along with Indyke, served as coexecutor of Epstein’s estate. Kahn was named to receive $25m in Epstein’s will.
Harry Beller: Epstein’s financial adviser worked under the direction of Kahn as part of a tight-knit team managing some of the most delicate parts of Epstein’s financial life.
Lesley Groff: She was one of three personal assistants who prosecutors had been prepared to indict in 2007. Victims alleged she helped coordinate travel and logistics for the trafficking operation.
The document also lists several of Epstein’s other employees and associates, who are redacted. American billionaire businessman Les Wexner, former CEO of the lingerie company Victoria’s Secret, was another longtime prominent figure. For years, he was Epstein’s most important financial benefactor, with Epstein having power of attorney.
Who has been named in the files?
Elite circles spanning royalty, senior politicians and technology magnates demonstrated remarkable comfort in their associations with Epstein in emails and other messages documented in the files. Names mentioned in the files do not automatically indicate wrongdoing.
Some of the most high-profile names in the files include:
Andrew Mountbatten-Windsor: The younger brother of Britain’s King Charles was stripped of his royal title in October last year. British Prime Minister Keir Starmer called for Mountbatten-Windsor to testify before a US congressional committee earlier this month. Police have also said they were reviewing allegations that a woman was taken to an address in Windsor for sexual purposes in 2010.
Peter Mandelson: The United Kingdom’s former US ambassador, who resigned from the Labour Party last week and is under police investigation. Emails suggest he leaked market-sensitive government information during the 2008 financial crisis.
Donald Trump: The US president has been mentioned more than 4,000 times in the files. Trump has denied any wrongdoing in relation to Epstein, and says he severed contact decades ago.
Mette-Marit Hoiby: The crown princes of Norway exchanged emails with Epstein after his 2008 conviction.
Ehud Barak: the former Israeli prime minister is mentioned in multiple documents, with evidence of correspondence on several occasions after Epstein was convicted. One exchange in 2017 shows plans for Barak to stay at Epstein’s New York residence. Barak has acknowledged his interactions with Epstein, but says he was never involved in inappropriate behaviour.
Bill Gates: There are multiple emails from the Microsoft cofounder dating back to 2013.
Bill Clinton: There are several photos of the former US president in the Epstein files. He was also photographed with Epstein in the 1990s and 2000s.
Elon Musk: Documents reveal emails between the tech billionaire and Epstein dating back to 2012 and detailing travel plans to visit Epstein, although Musk says he never travelled to Epstein’s island.
Richard Branson: The British entrepreneur and Virgin Group cofounder appears in hundreds of files. However, Branson has maintained that his meetings were limited to group and business settings.
Sarah Ferguson: Known as “Fergie”, Mountbatten-Windsor’s ex-wife appears in multiple emails.
Steve Bannon: Trump’s former top adviser appears to have sent and received thousands of messages, mostly between 2018 and 2019.
Howard Lutnick: The billionaire businessman, now the US Commerce Department secretary, had planned to visit Epstein in Little Saint James with his family.
Noam Chomsky: The intellectual appeared in multiple documents, with some suggesting he advised Epstein on media coverage of sex-trafficking allegations.
Deepak Chopra: The self-help guru appears in files that show communication after Epstein’s 2008 conviction.
Ariane de Rothschild: The head of Edmond de Rothschild Group met Epstein multiple times in New York and Paris before his 2019 arrest.
Miroslav Lajcak: The Slovakian national security adviser resigned after emails about young women surfaced with correspondence dating to 2018 when he was foreign minister.
Sergey Brin: The cofounder of Google visited Epstein’s island and had made plans to visit Epstein’s New York home.
Thorbjorn Jagland: The former prime minister of Norway is now subject to a criminal investigation for corruption based on email exchanges with Epstein.
Other names include: Peter Thiel, Palantir cofounder; Larry Summers, US President Bill Clinton’s former treasury secretary; Steve Tisch, coowner of the New York Giants; Jack Lang, former French culture minister; his daughter Caroline Lang, who partnered with Epstein in 2016 in the company Pyrtanee LLC; Borge Brende, World Economic Forum CEO; Mona Juul, Norway’s ambassador to Jordan and Iraq; Terje Rod-Larsen, Juul’s husband and Oslo Accords architect; Brad Karp, chairman of prestigious law firm Paul Weiss; Casey Wasserman, chairman of the Los Angeles 2028 Olympic Games; and Brett Ratner, director of the new documentary on US First Lady Melania Trump.
An Afghan national has been found guilty of abducting and raping a 12-year-old girl in Warwickshire.
Ahmad Mulakhil targeted the child after spotting her in a park in Nuneaton last July, prosecutors said.
Mulakhil was unanimously convicted at Warwick Crown Court of child abduction, rape, two counts of sexual assault and taking an indecent video of his victim.
He had told the court he did not force the girl to do anything, and did not threaten her family, but had filmed her, at her insistence, during a brief period of sexual activity.
Mulakhil was cleared of a second count of rape.
Co-defendant Mohammad Kabir, also an Afghan national, was acquitted of intentional strangulation, committing an offence with intent to commit a sexual offence and attempting to abduct a child.
Mulakhil was remanded in custody and will be sentenced on a date to be fixed.
This breaking news story is being updated and more details will be published shortly.
Please refresh the page for the fullest version.
You can receive Breaking News alerts on a smartphone or tablet via the Sky News App. You can also follow @SkyNews on X or subscribe to our YouTube channel to keep up with the latest news.
An Ohio father of two was found dead inside a CVS trash compactor after his wife tracked his cell phone to the store when he failed to return home from work, according to reports.
Andrew “Andy” Strand, 34, of Brunswick, Ohio, was working as a contractor at the Shaker Heights CVS when he was found dead inside the trash compactor at the rear of the store on Wednesday, Cleveland 19 News reported, citing police.
According to the outlet, a search for Strand was prompted after he failed to return home from work and his wife raised the alarm. The Shaker Heights Police Department searched the CVS premises in the 1700 block of Chagrin Boulevard after she traced his phone to the location.
Andrew “Andy” Strand, 34, of Brunswick, Ohio, was found in a compactor at a CVS store, according to reports. (Andy Jeffrey va Facebook; Google Maps)
Shaker Heights Police Commander John Cole said Strand’s wife called police just before 10 p.m. Wednesday.
Cole said the circumstances surrounding the incident remain under investigation and the Cuyahoga County medical examiner is determining the cause and manner of death.
Fox News Digital has reached out to the Shaker Heights Police Department for additional comment.
Andrew “Andy” Strand, 34, of Brunswick, Ohio. Police said Strand was found dead inside a trash compactor at a CVS pharmacy in Shaker Heights.(Jaymie Mariah via Facebook)
Strand, who was a mechanic, had recently started his own company, which friends said he was “absolutely loving,” according to a GoFundMe.
The fundraiser said Strand’s death was “sudden and unexpected,” leaving his family “in disarray.”
“He was a mechanic for many years and played hockey for many years, influencing his son’s life to love both cars and hockey,” the fundraiser said.
The rear view of a CVS Pharmacy in Shaker Heights, Ohio, where contractor Andrew Strand was found dead inside a trash compactor.(Google Maps)
“He was a loving, involved father; coaching his son’s hockey and baseball teams. He loved supporting his daughter in dance as well as gymnastics. His wife and children were the center of his life and he loved them immensely.”
The fundraiser was organized by Danielle Gorbe, who described Strand as “my husband’s good friend for nearly 12 years.”
The funds raised are being used to support Strand’s family and Strands’ funeral service.
Michael Dorgan is a writer for Fox News Digital and Fox Business.
You can send tips to michael.dorgan@fox.com and follow him on Twitter @M_Dorgan.
Microsoft is investigating an outage that blocks some administrators with business or enterprise subscriptions from accessing the Microsoft 365 admin center.
While the company has yet to disclose which regions are affected by this ongoing service degradation, it is tracking it on its official service health status page to provide impacted organizations with up-to-date information.
“Some users in the North America region may be unable to access the Microsoft 365 admin center. We’re reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan,” Microsoft said when it acknowledged the issue.
“Initial reports indicate that the issue is occurring in the North America and Canada regions. We’ll provide more information once identified.”
Although Microsoft didn’t disclose how many customers are impacted, the company has classified this issue as an incident, which usually involves noticeable user impact.
On the outage-tracking website DownDetector, thousands of Microsoft customers have reported issues, including connection problems and an extremely slow admin portal.
In an update to the original incident report, Microsoft said that the outage also affects the M365 app and that it’s now collecting telemetry data to identify the root cause.
“Users able to access the admin center may be experiencing degraded functionality. As functionality is degraded, users may be unable to raise support tickets through the Microsoft 365 admin center. Additionally, users may be unable to access the M365 app,” Microsoft noted.
“We’re continuing to analyze diagnostic data from the Microsoft 365 admin center infrastructure, with a current focus on usage patterns and Central Processing Unit (CPU) utilization levels. Additionally, we’re reviewing HTTP Archive (HAR) files provided by impacted users to support our investigation.
More than a year ago, in January, Microsoft addressed another critical service issue that blocked login attempts and prevented users and administrators from accessing Microsoft 365 services and the admin center.
In July 2025, it mitigated a similar outage that triggered ‘Runtime Error’ messages, preventing access to the admin portal.
Over the weekend, the company restored Microsoft Store and Windows Update services that had been taken down after a data center power outage, causing “failures or timeouts when installing or updating Microsoft Store apps, or when downloading Windows updates.”
This is a developing story …
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
Israeli Prime Minister Benjamin Netanyahu is heading to Washington to meet US President Donald Trump, saying Iran negotiations will be the “first and foremost” topic of discussion.
Ukraine is gathering support from European governments to oppose FIFA’s moves to end Russia’s ban from international football.
Ukrainian sports minister Matvii Bidnyi told Sky News that allowing Russia back into World Cups would be legitimising Vladimir Putin’s aggression.
European football leaders are gathering for their annual congress in Brussels today, four years after booting out Russian teams at the start of the all-out war on Ukraine.
FIFA president Gianni Infantino is set to attend the UEFA Congress, a week after telling Sky News: “This ban has not achieved anything, it has just created more frustration and hatred.”
Responding to the football boss, Mr Bidnyi said: “It’s a very strange position… nothing changed. This condemnation of all of the world, of the sports community, is very important for international pressure on the aggressor.”
While stopping Russia playing at World Cups is a symbol of the country’s isolation and pariah status, it has not ended the conflict and killing.
“If we start to make our policy softer… what sign do you make for the world?” Mr Bidnyi said.
“The ban, it’s an important part of international efforts to stop the aggressor… it’s a crime and you want to justify, you want to legitimise this crime.”
Mr Bidnyi wants a statement opposing football sanctions on Russia being lifted – as was secured last year from 28 European governments, including the UK, calling on the Paralympics to restore their ban.
FIFA boss apologises to fans for ‘joke’
‘Irresponsible and infantile’
“I think we are close to it,” he told Sky News. “And I would think it would (have) a big resonance.”
The Ukrainian government would welcome a first visit to the country by Mr Infantino since the war started.
“His actions look irresponsible and infantile,” Mr Bidnyi said, citing children being killed playing football or seriously injured after Russian strikes.
The ban was imposed because European rivals were refusing to play Russian teams or host their matches on neutral integrity – as FIFA and UEFA came under pressure from politicians to apply sporting sanctions.
Within FIFA there is discussion about why they should have to cut ties with Russia when governments advocating for the ban on teams still allow trading with the country with non-sanctioned products.
“It’s wrong, but we can see now it’s become less and less,” Mr Bidnyi said.
Culture Secretary Lisa Nandy last week criticised the International Olympic Committee and FIFA for moving towards restoring Russian teams, arguing “if anything the situation in Ukraine has got worse” since the original bans were imposed.
“We followed up with the airport to understand how this happened, reached out directly to the customer to apologize for his experience and offered travel credits and reimbursement,” the spokesperson said.
“We always advise customers to monitor the signs at the gate and boarding announcements to make sure the aircraft they board is going to their intended destination,” they added.
A Los Angeles traveler headed to Nicaragua accidentally flew to Tokyo on a United Airlines flight. The airline reached out to the customer directly “to understand how this happened,” the airline said. (United Airlines)
The passenger reportedly realized mid-flight that he or she was on the wrong flight — and asked the flight attendant why the trip to Houston was taking six hours, rather than just over three hours.
The person landed at Haneda Airport in Tokyo, Japan — and stayed at a hotel for two nights while United sorted out a travel itinerary to the original destination.
The airline allegedly first offered a $300 travel credit as an apology — but later offered $1,000 in travel credits, the blog “View from the Wing” reported.
A Reddit user posted the mishap in the “r/unitedairlines” forum, sparking a debate about users.
“I’d love to go to Japan by mistake,” wrote one person on social media about the incident. (Robert Alexander/Getty Images)
“Yeah… [if] by 6 hours you haven’t arrived in Houston, something is wrong,” wrote one person. “I’d love to go to Japan by mistake, though.”
Another person wrote, “Not saying it happened here, but several airports have two or even three gates connected to the same area. Once you scan your ticket, you can get onto any of the planes.”
“They typically announce the flight’s destination at least one time before they close the door. Perhaps a lack of technology or a language barrier was involved here,” said a different user.
A user wrote, “My childhood fear … I used to travel at that age and always checked the flight map on screen [to see if I was] going to the correct destination.”
“Yeah… [if] by 6 hours you haven’t arrived in Houston, something is wrong,” said one person about the inadvertent trip to Tokyo. (iStock)
“How do you accidentally board the wrong flight? There are so many things this guy should’ve noticed,” said one individual.
bangladesh The interim government led by Mohammad Yunus, chief adviser to the Hindu minority, was killed in a fundamentalist mob attack in Mymensingh district last year. Dipu Chandra Das Has announced a compensation of 25 lakh taka to the family. Two months after the brutal murder of Dipu Chandra Das, the interim government has announced financial assistance to his family to build a house, just two days before the general elections in Bangladesh.
The government said that Dipu Das was the only earning member of his family and the government had assured long-term financial help to Dipu’s family. In such a situation, the government has allocated 25 lakh taka as financial assistance to build a permanent house for the family, so that their future can be secure. Apart from this, his family will also be given cash financial assistance. The government will give Taka 10 lakh to Dipu Das’s father and wife. Along with this, FDR of 5 lakh taka will also be made to secure the future of their child.
Dipu Das’s murder is shameful for the entire country: Dr. Abrar
Bangladesh’s education advisor Dr. CR Abrar said on Tuesday (February 10, 2026) that the murder of Dipu Chandra Das is a heinous crime. For which there is no place in society. He said that the help given by the government to the family cannot compensate for someone’s life, but the government will definitely ensure justice for it.
He further said that this murder due to communal frenzy is shameful for the entire country and only justice can remove this stigma.
Dipu Chandra Das was brutally murdered on 18th December.
Dipu Chandra Das was beaten to death and burnt to death while hanging from a tree in Square Masterbari area of Bhaluka Upazila of Mymensingh district of Bangladesh on December 18, 2025. The fundamentalist mob of Bangladesh accused Dipu of making objectionable remarks, beat him mercilessly and then tied him to a tree and set him on fire.
Deepu’s murder raised questions on the safety of Hindus
Dipu’s murder had raised questions on the safety of life of people of minority and Hindu community in Bangladesh. This incident was widely seen as communal violence, which was condemned by many countries including India.
Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself.
BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection and Response (EDR) solutions so that malicious activities go unnoticed. The strategy has been adopted by many ransomware groups over the years.
“Normally, the BYOVD defense evasion component of an attack would involve a distinct tool that would be deployed on the system prior to the ransomware payload in order to disable security software,” the Symantec and Carbon Black Threat Hunter Team said in a report shared with The Hacker News. “However, in this attack, the vulnerable driver (an NsecSoft NSecKrnl driver) was bundled with the ransomware itself.”
Broadcom’s cybersecurity teams noted that this tactic of bundling a defense evasion component within the ransomware payload is not novel, and that it has been observed in a Ryuk ransomware attack in 2020 and in an incident involving a lesser-known ransomware family called Obscura in late August 2025.
In the Reynolds campaign, the ransomware is designed to drop a vulnerable NsecSoft NSecKrnl driver and terminate processes associated with various security programs from Avast, CrowdStrike Falcon, Palo Alto Networks Cortex XDR, Sophos (along with HitmanPro.Alert), and Symantec Endpoint Protection, among others.
It’s worth noting that the NSecKrnl driver is susceptible to a known security flaw (CVE-2025-68947, CVSS score: 5.7) that could be exploited to terminate arbitrary processes. Notably, the driver has been put to use by a threat actor known as Silver Fox in attacks designed to kill endpoint security tools prior to delivering ValleyRAT.
Over the past year, the hacking group has previously wielded multiple legitimate but flawed drivers – including truesight.sys and amsdk.sys – as part of BYOVD attacks to disarm security programs.
By bringing together defense evasion and ransomware capabilities into one component, it makes it harder for defenders to stop the attack, not to mention obviating the need for an affiliate to separately incorporate this step into their modus operandi.
“Also of note in this attack campaign was the presence of a suspicious side-loaded loader on the target’s network several weeks prior to the ransomware being deployed,” Symantec and Carbon Black said. “Also of note in this attack campaign was the presence of a suspicious side-loaded loader on the target’s network several weeks prior to the ransomware being deployed.”
Another tool deployed on the target network a day after the ransomware deployment was the GotoHTTP remote access program, indicating that the attackers may be looking to maintain persistent access to the compromised hosts.
“BYOVD is popular with attackers due to its effectiveness and reliance on legitimate, signed files, which are less likely to raise red flags,” the company said.
“The advantages of wrapping the defense evasion capability in with the ransomware payload, and the reason ransomware actors might do this, may include the fact that packaging the defense evasion binary and the ransomware payload together is “quieter”, with no separate external file dropped on the victim network.”
The finding coincides with various ransomware-related developments in recent weeks –
A high-volume phishing campaign has used emails with Windows shortcut (LNK) attachments to run PowerShell code that fetches a Phorpiex dropper, which is then used to deliver the GLOBAL GROUP ransomware. The ransomware is notable for carrying out all activity locally on the compromised system, making it compatible with air‑gapped environments. It also conducts no data exfiltration.
Attacks mounted by WantToCry have abused virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider, to host and deliver malicious payloads at scale. Some of the hostnames have been identified in the infrastructure of multiple ransomware operators, including LockBit, Qilin, Conti, BlackCat, and Ursnif, as well as various malware campaigns involving NetSupport RAT, PureRAT, Lampion, Lumma Stealer, and RedLine Stealer.
It’s assessed that bulletproof hosting providers are leasing ISPsystem virtual machines to other criminal actors for use in ransomware operations and malware delivery by exploiting a design weakness in VMmanager’s default Windows templates that reuse the same static hostname and system identifiers every time they are deployed. This, in turn, allows threat actors to set up thousands of VMs with the same hostname and complicate takedown efforts.
DragonForce has created a “Company Data Audit” service to support affiliates during extortion campaigns as part of the continued professionalization of ransomware operations. “The audit includes a detailed risk report, prepared communication materials, such as call scripts and executive-level letters, and strategic guidance designed to influence negotiations,” LevelBlue said. DragonForce operates as a cartel that allows affiliates to create their own brands while operating under its umbrella and gaining access to its resources and services.
The latest iteration of LockBit, LockBit 5.0, has been found to use ChaCha20 to encrypt files and data across Windows, Linux, and ESXi environments, a shift from the AES-based encryption approach in LockBit 2.0 and LockBit 3.0. In addition, the new version features a wiper component, an option to delay execution prior to encryption, track status of encryption using a progress bar, improved anti-analysis techniques to evade detection, and enhanced in-memory execution to minimize disk traces.
The Interlock ransomware group has continued its assault on U.K.- and U.S.-based organizations, particularly in the education sector, in one case leveraging a zero-day vulnerability in the “GameDriverx64.sys” gaming anti-cheat driver (CVE-2025-61155, CVSS score: 5.5) to disable security tools in a BYOVD attack. The attack is also characterized by the deployment of NodeSnake/Interlock RAT (aka CORNFLAKE) to steal sensitive data, while initial access is said to have originated from a MintLoader infection.
Ransomware operators have been observed increasingly shifting their focus from traditional on-premises targets to cloud storage services, especially misconfigured S3 buckets used by Amazon Web Services (AWS), with the attacks leaning on native cloud features to delete or overwrite data, suspend access, or extract sensitive content, while simultaneously staying under the radar.
According to data from Cyble, GLOBAL GROUP is one of the many ransomware crews that sprang forth in 2025, the others being Devman, DireWolf, NOVA, J group, Warlock, BEAST, Sinobi, NightSpire, and The Gentlemen. In Q4 2025 alone, Sinobi’s data leak site listings increased 306%, making it the third-most active ransomware group after Qilin and Akira, per ReliaQuest.
“Meanwhile, the return of LockBit 5.0 was one of Q4’s biggest shifts, driven by a late-quarter spike that saw the group list 110 organizations in December alone,” researcher Gautham Ashok said. “This output signals a group that can scale execution quickly, convert intrusions into impact, and sustain an affiliate pipeline capable of operating at volume.”
The emergence of new players, combined with partnerships forged between existing groups, has led to a spike in ransomware activity. Ransomware actors claimed a total of 4,737 attacks during 2025, up from 4,701 in 2024. The number of attacks that don’t involve encryption and instead rely purely on data theft as a means to exert pressure reached 6,182 during the same period, a 23% increase from 2024.
As for the average ransom payment, the figure stood at $591,988 in Q4 2025, a 57% jump from Q3 2025, driven by a small number of “outsized settlements,” Coveware said in its quarterly report last week, adding threat actors may return to their “data encryption roots” for more effective leverage to extract ransoms from victims.
![Jeffrey Epstein’s inner circle [US Department of Justice]](https://www.aljazeera.com/wp-content/uploads/2026/02/INTERACTIVE-Department-of-Justice-inner-circle-Epstein-1770723053.png?quality=80)
!["Yeah… [if] by 6 hours you haven’t arrived in Houston, something is wrong," said one person about the inadvertent trip to Tokyo.](https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2018/09/1200/675/tokyoistock.jpg?ve=1&tl=1)
