:

RANSOMWARE NEGOTIATOR PLEADS GUILTY TO BLACKCAT ATTACKS

SECURITY DESK1 MIN READ
TUE, APR 21, 2026

■ AI-SUMMARIZED FROM 2 SOURCES ▸ TIMELINE

Angelo Martino, 41, a former cybersecurity incident response employee at DigitalMint, has pleaded guilty to participating in BlackCat (ALPHV) ransomware attacks targeting U.S. companies in 2023.

Martino's role at DigitalMint gave him insider knowledge of victim networks and negotiation strategies, which he leveraged to facilitate BlackCat operations. The guilty plea marks a significant development in the ongoing investigation into the ALPHV ransomware-as-a-service operation, one of the most active threat groups in recent years. BlackCat has been linked to hundreds of attacks on organizations across critical infrastructure, healthcare, finance, and manufacturing sectors. The group is known for its sophisticated double-extortion tactics and use of the Rust programming language in its malware. Martino's case underscores the insider threat risk in cybersecurity firms, where employees possess detailed knowledge of corporate security postures and incident response procedures. Federal prosecutors have not yet announced sentencing details or whether additional charges are pending. The investigation into BlackCat operations continues across multiple jurisdictions.

■ SOURCES

TechCrunchBleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Microsoft has released a patch for a zero-day vulnerability in Windows Defender that could allow attackers to exhaust hard disk space. The flaw was discovered and reported by security researcher NightmareEclipse.

9H AGOIndustry Desk

A software defect from 2006 triggered a cascading network failure that knocked out Telstra's national phone service Wednesday morning. The bug, related to daylight savings time processing, created a 'digital domino chain' that locked customers out across the country.

9H AGOIndustry Desk

The EU Parliament is advancing legislation that would require tech companies to scan for child sexual abuse material (CSAM), reviving a proposal rejected in March. End-to-end encrypted services like WhatsApp would be exempt from the requirements.

11H AGOIndustry Desk

Hackers compromised the Injective Labs SDK repository on GitHub and published a malicious package to npm that steals cryptocurrency wallet private keys and seed phrases from developers.

11H AGODev Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.