Latest updates from top security sources
RubyGems, the official package manager for the Ruby programming language, has temporarily suspended new account registrations following a significant supply chain attack. According...
Checkmarx has confirmed that threat actors from TeamPCP published a malicious version of the Jenkins AST plugin to the Jenkins Marketplace. The compromised version, 2.0.13-829.vc72...
Security researchers at QiAnXin XLab have identified active exploitation of CVE-2026-41940, a critical authentication bypass vulnerability affecting cPanel and WebHost Manager (WHM...
A sophisticated supply chain attack has been uncovered on Hugging Face after a malicious repository impersonating OpenAI's legitimate Privacy Filter model climbed to the platform's...
A sophisticated malvertising campaign is leveraging Google Ads and the public chat‑sharing feature of Anthropic’s Claude.ai to distribute a macOS backdoor. Victims who search for "...
The official website for JDownloader, a widely used open‑source download manager, was compromised earlier this week. Attackers altered the download links for both Windows and Linux...
A fraudulent repository masquerading as OpenAI’s "Privacy Filter" project has been discovered on Hugging Face, the popular model‑sharing hub. The repo, which briefly made the platf...
Security researchers have identified a new self‑propagating threat, named PCPJack, that behaves like a worm while simultaneously purging systems infected by the earlier TeamPCP mal...
Kaspersky researchers have uncovered a convergence between the pro‑Ukraine hacktivist group BO Team and the advanced threat actor Head Mare, revealing that the two have begun shari...
Security researchers at the Threat Intelligence Lab have uncovered a previously undocumented Brazilian banking trojan, named TCLBANKER, which is now actively targeting 59 banking, ...
Trend Micro researchers have identified a cluster of four Android applications on the Google Play Store that masqueraded as tools to view any phone number’s call history. The apps,...
Security researchers at SentinelLabs have uncovered a previously undocumented Linux remote access trojan, codenamed Quasar Linux RAT (QLNX), that is being deployed in a campaign ai...
Cybersecurity researchers have disclosed a previously unknown Linux backdoor called PamDOORa that is being actively advertised on the Russian cybercrime forum Rehub for $1,600 by a...
Cybersecurity researchers have uncovered a new credential‑stealing framework called PCPJack that aggressively targets exposed cloud infrastructure and propagates in a worm‑like fas...
Researchers at SentinelLabs have uncovered a new supply‑chain threat targeting developers who rely on the Python Package Index (PyPI). The campaign, tracked as ‘ZulipSnatch’, consi...
Security researchers have identified a new banking trojan, named TCLBanker, that is actively spreading through WhatsApp messages and Outlook emails. The campaign lures victims with...
Security researchers have identified a new malware framework designated PCPJack that is actively targeting exposed cloud infrastructure environments. The threat operates as a crede...
The Australian Cyber Security Centre (ACSC) has issued a high‑priority advisory warning that a sophisticated malware campaign is actively using the ClickFix social‑engineering tech...
Security researchers at Unit 42 have uncovered a new cloud‑targeting malware family they are calling PCPJack, which has quietly replaced the earlier TeamPCP implant. PCPJack distin...
Security researchers have uncovered a phishing campaign that spoofs the official Anthropic Claude AI portal to distribute a new Windows backdoor dubbed “Beagle.” The fraudulent sit...
Cybersecurity researchers have identified a new Mirai-variant botnet designated as xlabs_v1 that actively exploits the Android Debug Bridge (ADB) interface to compromise internet-c...
Security analysts have uncovered a sophisticated intrusion campaign leveraging the CloudZ remote access trojan (RAT) alongside a previously undocumented plugin called Pheno to targ...
Researchers at Cisco Talos have uncovered a new variant of the VoidStealer Trojan that successfully circumvents Google Chrome’s App‑Bound Encryption (ABE). The malware, tracked as ...
Over the past two decades, a succession of high‑impact incidents has reshaped the cyber risk landscape, forcing organizations to constantly recalibrate their defenses. From the rev...
Security researchers have uncovered a sophisticated cyberattack campaign leveraging the Windows Phone Link application to steal text messages and circumvent two-factor authenticati...
Security researchers at Dark Reading have disclosed a novel technique that allows the VoidStealer Trojan to circumvent Google Chrome's App-Bound Encryption (ABE), a security mechan...
Disc Soft Limited, the vendor behind the popular disc‑imaging utility DAEMON Tools Lite, acknowledged on March 8 2026 that a malicious update had been pushed through its official d...
A sophisticated supply‑chain compromise has been uncovered in the popular disc‑imaging suite DAEMON Tools, after security researchers at Kaspersky detected a malicious payload embe...
Security researchers have linked a newly tracked China‑nexus threat cluster, designated UAT‑8302, to a wave of cyber‑espionage operations targeting government agencies in South Ame...
Security researchers at VulnCheck have identified active exploitation of a critical remote‑code‑execution flaw in MetInfo, an open‑source content management system. The vulnerabili...
The North Korea‑aligned advanced persistent threat (APT) group ScarCruft, also tracked as Group 123 and Reaper, has resurfaced with a fresh supply‑chain intrusion that targets a po...
Security researchers have uncovered a previously undocumented Linux implant, dubbed Quasar Linux (QLNX), that is actively targeting software developers. Discovered during an invest...
On April 8, 2026, Disc Soft Ltd. confirmed that the official DAEMON Tools Pro installer (version 8.0.0.0634) had been trojanized and was being distributed through its website. The ...
Security researchers have uncovered a new variant of the CloudZ remote‑access trojan (RAT) that delivers a previously undocumented plugin named Pheno. This plugin exploits the Micr...
The North Korean threat group APT37, also tracked as ScarCruft, has been observed delivering an Android variant of its BirdCall backdoor through a supply‑chain compromise of a popu...
Since April 2025, a sophisticated phishing operation has targeted more than 80 organizations by abusing legitimate Remote Monitoring and Management (RMM) platforms, SimpleHelp and ...
On December 4, 2025, Japanese law enforcement agencies apprehended a 17‑year‑old, identified as Kaito Matsumoto, in Osaka for allegedly running a piece of AI‑generated malicious co...
The China-based advanced persistent threat (APT) group Silver Fox, also tracked as Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne, has launched a sophi...
Security researchers at Volexity have uncovered a sophisticated phishing campaign leveraging legitimate remote monitoring and management (RMM) tools to maintain persistent access w...
Security researchers have uncovered a sophisticated campaign by the China-backed advanced persistent threat (APT) group Silver Fox, targeting organizations in India and Russia with...
On March 15, 2024, the Python Package Index (PyPI) removed a trojanized version of the popular deep‑learning wrapper "pytorch‑lightning" after security analysts at Cisco Talos iden...
Cybersecurity researchers have uncovered a large‑scale fraud operation that exploits Telegram’s Mini App feature to conduct crypto scams, impersonate reputable brands, and deliver ...
Cybersecurity researchers have uncovered a sophisticated espionage operation linked to Chinese state actors, targeting a broad spectrum of victims across Asia and a NATO member sta...
The U.S. Department of Justice announced that two former cybersecurity professionals have each been sentenced to four years in federal prison for their roles in enabling BlackCat r...
Security researchers at SentinelLabs have uncovered a sophisticated supply‑chain campaign, dubbed "Nightshade," that embeds dormant malicious code in popular Ruby Gems and Go modul...
Threat actors have once again exploited the open‑source supply chain, compromising the popular Python libraries PyTorch Lightning and Intercom‑client. By obtaining the maintainer’s...
Security researchers at SentinelOne and WithSecure have uncovered a sophisticated Python-based backdoor named DEEP#DOOR that leverages legitimate tunneling services to establish co...
Atos Threat Research Center (TRC) uncovered in March 2026 a highly resilient malicious operation that distributes a remote‑access trojan called EtherRAT. The campaign abuses GitHub...
A Brazilian technology firm that markets itself as a specialist in mitigating distributed denial-of-service (DDoS) attacks has been uncovered as the operator of a botnet responsibl...
A threat actor identified as TeamPCP has extended its supply‑chain assault to the SAP cloud application development ecosystem, compromising several npm packages that are integral t...
A newly identified ransomware strain named Vect 2.0 has been observed executing wiper‑style attacks against organizations compromised through the TeamPCP software supply chain. The...
A coordinated cyberattack leveraging a newly identified wiper malware, named Lotus Wiper, has struck several energy companies and utility providers in Venezuela, according to a rep...
Cybersecurity researchers at Aikido Security have uncovered a new supply chain attack campaign that has compromised several npm packages associated with SAP software. The malicious...
Cybersecurity researchers have identified a fresh wave of attacks linked to North Korean state‑actors that combine artificial‑intelligence‑generated code, malicious npm packages, a...
Vidar has emerged as the dominant infostealer in the cybercriminal ecosystem, filling the vacuum left by last year's coordinated law enforcement operations against Lumma Stealer an...
Security researchers have observed a persistent escalation of the GlassWorm campaign, in which threat actors publish seemingly innocuous extensions for Visual Studio Code on the Op...
After a three‑year absence, the Brazilian cybercrime group LofyGang has resurfaced with a new campaign targeting Minecraft players. The outfit is deploying a freshly coded stealer ...
The cyber‑crime group behind the VECT 2.0 ransomware has been observed deploying a strain that behaves more like a data‑wiper than conventional ransomware. In recent incidents targ...
Microsoft has updated its security advisory to confirm that a high‑severity vulnerability in Windows Shell, tracked as CVE‑2026‑32202, is being actively exploited in the wild. The ...
Cybersecurity researchers have identified a sophisticated campaign conducted by the threat actor UNC6692, who is combining social engineering, custom malware, and cloud infrastruct...
Researchers at SentinelOne, led by senior threat analyst Alexei Markov, uncovered a previously unknown malware framework they have dubbed "Fast16", dating back to the late 1990s an...
Fast16, a newly identified modular Trojan, has been observed in a wave of attacks that leverage DLL side‑loading to bypass application whitelisting. Discovered by Cisco Talos on 20...
Security researchers have identified 73 malicious Visual Studio Code extensions hosted on the Open VSX registry that are distributing an updated variant of the GlassWorm informatio...
Security researchers at Trend Micro have uncovered a previously unknown Lua‑based malicious framework, dubbed "fast16", that was created several years before the infamous Stuxnet w...
Lazarus, the state‑sponsored advanced persistent threat (APT) group linked to North Korea, has launched a new campaign that specifically targets macOS users in organizations that r...
Security researchers at Secureworks’ Counter Threat Unit (CTU) have uncovered a sophisticated espionage operation conducted by a Chinese state‑sponsored APT that targeted Mongolian...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that an unidentified federal civilian executive branch agency fell victim to the FIRESTARTER backdoor...
Cybersecurity researchers at CleverSight Threat Intelligence have uncovered a cluster of 26 malicious iOS applications that masquerade as popular cryptocurrency wallets such as Tru...
Tropic Trooper, a Chinese‑speaking threat actor tracked by several threat‑intel firms, has launched a new campaign that weaponizes a trojanized version of the popular open‑source P...
China's state-sponsored threat actors are increasingly leveraging automated botnets comprised of compromised IoT devices, routers, and servers to conduct large-scale cyber operatio...
The previously undocumented threat cluster UNC6692 has been observed conducting a social‑engineering campaign that masquerades as an internal IT help desk on Microsoft Teams. The a...
Bitwarden CLI versions 2024.1.0 and earlier have been compromised as part of a supply‑chain campaign linked to the Checkmarx name. Security researcher Alex Petrov of XYZ Security L...
A previously undocumented China‑aligned advanced persistent threat (APT) group, tracked as GopherWhisper, has successfully compromised at least twelve Mongolian government institut...
Security researchers at multiple threat intelligence firms have observed a significant acceleration in The Gentlemen ransomware group's operational tempo and technical capabilities...
Security researchers have uncovered a sophisticated attack campaign linked to Democratic People’s Republic of Korea (DPRK) threat actors that combines fake job offers with a worm‑l...
Security researchers at SentinelOne and CrowdStrike have disclosed three proof‑of‑concept (PoC) exploits that abuse Microsoft Windows Defender’s built‑in components to execute code...
A newly identified Chinese advanced persistent threat (APT) group has launched a coordinated cyber‑espionage campaign against major Indian financial institutions and South Korean p...
Security researchers have identified a sophisticated campaign by North Korean threat actor Sapphire Sleet targeting macOS users through ClickFix attack vectors. The group, tracked ...
Security researchers at SecureSphere Labs have uncovered a new file‑wiping worm they have named CanisterWorm, attributed to a financially motivated threat actor tracked under the a...
The U.S. Department of Justice, together with the Royal Canadian Mounted Police (RCMP) and the German Federal Criminal Police Office (BKA), has dismantled the command‑and‑control (...
A threat actor with documented links to Iran’s Ministry of Intelligence and the Islamic Revolutionary Guard Corps (IRGC) has claimed responsibility for a destructive data‑wiping op...
Cisco Talos researchers have uncovered a coordinated campaign that weaponized four Chrome and Edge extensions—PDF Merger, WebScrap, FastFill, and ReadableView—collectively installe...
Security researchers have uncovered a sophisticated watering‑hole campaign attributed to the advanced persistent threat group TA423, which leverages compromised websites to deliver...
In the summer of 2024, LockBit solidified its standing as the most prolific ransomware‑as‑a‑service (RaaS) operation, accounting for roughly 35 % of all ransomware incidents tracke...
A wave of phishing campaigns masquerading as airline and hotel reservation confirmations is compounding the frustration of travelers already grappling with cancellations and overbo...