The Good, the Bad and the Ugly in Cybersecurity – Week 19

Executive summary: This report covers three high-impact developments: (1) U.S. sentencing of a key Karakurt ransomware negotiator connected to an extortion operation that has allegedly extracted roughly $56M; (2) SentinelLabs’ disclosure of PCPJack, a sophisticated cloud worm/credential-theft framework that hunts and evicts a separate threat group while harvesting cloud keys, tokens, and secrets at scale; and (3) an actively exploited, critical PAN-OS zero-day (CVE-2026-0300) enabling unauthenticated remote code execution with a CVSS of 9.3 and over 5,000 exposed devices identified — the report includes recommended mitigations for each issue.