The article dissects the May 2026 leak of the ransomware‑as‑a‑service group The Gentlemen, detailing its rapid rise, profit‑sharing model, edge‑device entry points, AI‑assisted tool development, supply‑chain attacks, internal breach, and concrete blue‑team mitigation recommendations.
In 2025, twin brothers with prior cyber‑crime convictions exploited a privileged‑account gap at a federal‑service contractor, erased 96 government databases within six minutes, used AI to seek log‑clearing methods, and triggered a multi‑layered forensic and legal response that highlights critical gaps in identity‑access management, backup integrity, and insider‑threat detection.
The article explains how Anthropic’s Claude Skills framework enables AI agents to execute expert-level cybersecurity tasks by organizing 734+ MITRE ATT&CK‑mapped skills, detailing their structure, progressive loading, real‑world workflows, deployment steps, customization, and the operational benefits for SOCs, detection engineers, and incident responders.
TeamPCP, a newly identified cloud‑native threat group, has compromised at least 60,000 servers worldwide by exploiting exposed Docker APIs, Kubernetes clusters, Redis instances, and the React2Shell vulnerability, employing automated tools such as proxy.sh, kube.py, and react.py, with detailed MITRE ATT&CK mapping and concrete defense recommendations.
In March 2026 Hunt.io researchers uncovered an open directory on the Russian bullet‑proof host Proton66 that contains the full TheGentlemen ransomware toolkit, complete with Mimikatz credential logs, ngrok tokens, and 21 MITRE ATT&CK techniques, providing a detailed view of the attackers' reconnaissance, privilege‑escalation, defense‑evasion, credential‑access, persistence, and encryption‑preparation stages.
Aura, a provider of identity‑theft protection services, disclosed that a phone‑phishing (vishing) attack in March 2026 exposed roughly 900,000 customer names and email addresses, prompting analysis of the attack vector, MITRE ATT&CK mapping, and lessons on supply‑chain risk and defense‑in‑depth.
The article examines how a 2025 supply‑chain poisoning incident sparked a paradigm shift toward adversarial testing, introducing new roles, AaaS platforms, and dual‑cycle processes that move testing teams from merely finding bugs to building resilient, attack‑aware systems by 2026.
