ThreatVectr

Lucy Green

Data breaches & privacy

Lucy worked breach-notification regulation before moving into journalism. She covers data exposures, the legal aftermath, and what victims should actually do — beyond the platitudes.

Recent stories

AI Agent Identities Are Redrawing Enterprise IAM Budgets
Identity & Access
AI Agent Identities Are Redrawing Enterprise IAM Budgets
New Omdia research finds that the rapid spread of AI agent deployments is forcing organisations to treat non-human identities as a distinct governance category, with budget implications that traditional identity and access management frameworks were not designed to absorb.
May 28
Justice Department Charges Ottawa Man With Operating Kimwolf DDoS Botnet
Policy & Regulation
Justice Department Charges Ottawa Man With Operating Kimwolf DDoS Botnet
Federal prosecutors say Jacob Butler, 23, developed and rented out a variant of the AISURU botnet for paid denial-of-service attacks.
May 28
CERT-UA Attributes Prometheus-Themed Phishing Run Against Ukrainian Government to Ghostwriter (UAC-0057)
Threat Intelligence
CERT-UA Attributes Prometheus-Themed Phishing Run Against Ukrainian Government to Ghostwriter (UAC-0057)
Compromised mailboxes deliver lures impersonating a Ukrainian e-learning platform, with the Belarus-aligned operator tracked as UNC1151 named as the responsible cluster.
May 28
Eight Packagist Projects Hijacked to Pull Linux Payload From GitHub Releases
Threat Intelligence
Eight Packagist Projects Hijacked to Pull Linux Payload From GitHub Releases
The injected code lived in package.json, not composer.json, and targeted JavaScript-shipping Composer projects.
May 28
GRU Operators Drained Microsoft 365 Tokens by Rewriting DNS on 18,000 SOHO Routers
Threat Intelligence
GRU Operators Drained Microsoft 365 Tokens by Rewriting DNS on 18,000 SOHO Routers
Forest Blizzard shifted from targeted router malware to mass DNS hijacking after a UK advisory in August, intercepting OAuth tokens on Outlook on the web.
May 28
npm Introduces Staged Publishing With Mandatory 2FA Gate for Maintainer Approval
Policy & Regulation
npm Introduces Staged Publishing With Mandatory 2FA Gate for Maintainer Approval
GitHub's package registry now requires a human maintainer to clear a two-factor challenge before a release leaves a staging area, a control aimed at the supply chain attacks that have repeatedly compromised the JavaScript ecosystem.
May 28
Agentic AI Quietly Rewrites the NDR Pitch, But Procurement Rules Have Not Caught Up
Policy & Regulation
Agentic AI Quietly Rewrites the NDR Pitch, But Procurement Rules Have Not Caught Up
Network detection vendors say autonomous triage is thinning the alert queue. Buyers are now asking what regulators will let those agents actually do.
May 28
Dutch Authorities Arrest Two Bulletproof Hosting Administrators Linked to Russia-Aligned Threat Actors
Policy & Regulation
Dutch Authorities Arrest Two Bulletproof Hosting Administrators Linked to Russia-Aligned Threat Actors
The two suspects owned Dutch-registered companies that allegedly supplied infrastructure used to support Russia-aligned cybercriminal operations.
May 28
© 2026 Threat Vectr