Nigeria Ranks Third in Sub-Saharan Africa for Compromised Accounts, Surfshark Report Reveals Nigeria has recorded 24.1 million compromised user accounts since 2004, making it the third most affected country in Sub-Saharan Africa, according to a recent report by cybersecurity firm Surfshark. The analysis, covering global data breach trends for Q1 2026, found that Nigeria experienced 281,500 leaked accounts between January and March 2026, ranking it 34th globally during that period. Globally, 210.3 million accounts were breached in Q1 2026 a sharp increase from previous quarters. The United States led with 29% of all reported breaches, followed by France, India, Brazil, and the UK. Nigerian users faced escalating risks, including identity theft, account hijacking, extortion, and financial fraud, with 7.5 million unique email addresses and 13 million passwords exposed since 2004. The report highlighted that over half of breached Nigerian users remain vulnerable, with 10% of the population affected by data leaks. Compromised data included highly sensitive information, such as: - 3,900 Social Security-related records - 1,600 payment card details - 1.9 million phone numbers - 925,000 residential addresses Surfshark attributed the surge in breaches to the rapid adoption of AI technologies, which has expanded the volume of user data collected and stored. 20.2% of companies used AI in 2025 up from 8.7% in 2023 increasing attack surfaces for cybercriminals. The firm’s Chief Security Officer, Tomas Stamulis, warned that AI-driven systems, while boosting efficiency, also create new vulnerabilities, as hackers exploit combo lists datasets combining old and new leaks for fraud and identity theft. The report further noted that global breaches in Q1 2026 tripled year-over-year and rose 22% from Q4 2025, underscoring the growing sophistication of cyberattacks.

Silver Fox APT Targets Chinese-Speaking Users with Stealthy AtlasCross RAT Campaign A Chinese-nexus advanced persistent threat (APT) group, tracked as Silver Fox (also known as Void Arachne and SwimSnake), is conducting a sophisticated campaign targeting Chinese-speaking users and professionals. Security researcher Maurice Fielenbach of Hexastrike uncovered the operation, which leverages typosquatted domains impersonating trusted brands like Surfshark, Signal, and Zoom to distribute malware. The attackers use stolen Extended Validation (EV) code-signing certificates issued to a Vietnamese entity, DUC FABULOUS CO.,LTD (valid until May 2027) to bypass security checks and establish deep persistence in enterprise networks. Victims are lured into downloading a ZIP archive containing a triple-nested Setup Factory installer, which deploys a trojanized Autodesk component (Schools.exe) alongside legitimate decoy applications like UltraViewer to avoid suspicion. The malware employs advanced evasion techniques, including Process Environment Block (PEB) walking and ROR13 hashing, to dynamically resolve APIs and evade static analysis. It retrieves a second-stage shellcode payload from its command-and-control (C2) server over raw TCP, then loads the AtlasCross RAT entirely in memory using a reflective loader, leaving no disk footprint. At the core of the attack is AtlasCross RAT, which integrates a custom PowerShell execution engine (PowerChell). This framework disables critical security mechanisms, including: - Antimalware Scan Interface (AMSI) - Event Tracing for Windows (ETW) - Constrained Language Mode (CLM) - ScriptBlock logging The RAT communicates with its C2 infrastructure using ChaCha20 encryption and hardware-generated random keys. To maintain persistence, it terminates TCP connections used by Chinese security tools like 360 Total Security and Huorong, preventing signature updates without killing processes. Additional tactics include DLL injection into WeChat (Wxfun.dll) for data harvesting and RDP session hijacking via tscon.exe. The campaign, active between November 2025 and March 2026, demonstrates Silver Fox’s evolution from driver-based process termination to network-level disruption, signaling a rapidly maturing threat actor. Key indicators of compromise (IOCs) include the stolen EV certificate (2C1D12F8BBE0827400A8440AF74FFFA8DCC8097C), C2 domain (bifa668.com), and typosquatted domains (www-surfshark[.]com, signal-signal[.]com). Security teams are advised to monitor for non-standard processes loading System.Management.Automation.dll and scheduled tasks under \Microsoft\Windows\AppID\.

Global Data Breaches Reach Record Highs, Exposing Over 1 Billion Accounts in 2025 A recent report by Surfshark, published on October 14, 2025, and analyzed by Statista, reveals a sharp rise in global data breaches, with over 1 billion user accounts exposed worldwide between the first quarter of 2020 and the third quarter of 2025. The data, compiled from cybersecurity tracking, highlights a persistent and escalating threat landscape, with breaches affecting individuals and organizations across 150+ countries. The report underscores a steady upward trend in account exposures, driven by increasingly sophisticated cyberattacks, including ransomware, phishing, and supply chain vulnerabilities. While the exact breakdown of affected sectors remains unspecified, the scale of the breaches suggests widespread impact across industries, from finance and healthcare to e-commerce and social media. The findings serve as a stark indicator of the growing challenges in cybersecurity, with attackers leveraging both technical exploits and human error to compromise sensitive data. The report’s timeline spanning five years of quarterly data provides a longitudinal view of the evolving threat environment, offering critical context for security professionals and policymakers.