A previously undocumented cyber threat actor has been tied to malware attacks against Ukrainian organizations using a strain known as CANFAIL, according to Google Threat Intelligence Group (GTIG). GTIG notes that this group is likely connected to Russian intelligence services and has primarily targeted defense, military, government, and energy entities within Ukraine at both regional […]
Several state-sponsored and criminal cyber groups from China, Iran, North Korea, and Russia have increasingly targeted the defense industrial base (DIB), according to the latest findings from the Google Threat Intelligence Group (GTIG). GTIG reports that these attacks revolve around four main strategies: targeting defense entities using battlefield technologies during the Russia-Ukraine conflict, exploiting employees
A previously unknown threat actor, tracked as UAT-9921, has been linked to sophisticated campaigns targeting technology and financial services organizations. The adversary employs a modular malware framework named VoidLink, capable of long term, stealthy access across Linux and Windows systems, according to findings by Cisco Talos. VoidLink demonstrates advanced capabilities, including kernel level rootkits, on-demand plugin compilation, and
UAT-9921 Deploys VoidLink Malware Against Technology and Financial Sectors Read More »
Browser extensions are once again under scrutiny after multiple investigations revealed coordinated campaigns abusing Google Chrome add ons to steal business intelligence, authentication codes, emails, and browsing history. Security researchers have identified several malicious extensions impersonating productivity tools, AI assistants, and social media customization plugins. These threats specifically target platforms such as Meta Business Suite, Facebook Business Manager, Google Chrome,
Google has reported that the North Korea-linked threat actor UNC2970 is using its generative AI model Gemini for reconnaissance, highlighting a growing trend of hacking groups weaponizing AI to accelerate cyber attack operations. These capabilities include information gathering, model extraction, and enhancing attack efficiency. According to the Google Threat Intelligence Group (GTIG), UNC2970 leveraged Gemini
Cybersecurity researchers have uncovered a new wave of malicious packages in the npm and Python Package Index (PyPI) ecosystems linked to the North Korea-backed Lazarus Group. The campaign, dubbed graphalgo, has been active since May 2025 and leverages fake recruitment efforts to compromise developer systems. Campaign Overview Attackers create a convincing narrative around a fictitious company
Lazarus Campaign Injects Malicious Packages into npm and PyPI Ecosystems Read More »
A critical security vulnerability has been discovered in the WPvivid Backup and Migration plugin for WordPress, a widely used tool installed on more than 900,000 websites. The flaw could allow unauthenticated attackers to execute arbitrary code on vulnerable sites, potentially leading to full website compromise. The vulnerability is tracked as CVE-2026-1357 and carries a CVSS
WordPress Plugin with 900K Installations Exposed to Critical RCE Vulnerability Read More »
A large majority of recent exploitation attempts targeting a critical Ivanti Endpoint Manager Mobile, EPMM, vulnerability have been linked to a single IP address operating from bulletproof hosting infrastructure associated with PROSPERO. Threat intelligence company GreyNoise reported observing 417 exploitation sessions between February 1 and February 9, 2026, originating from eight distinct source IP addresses.
83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure Read More »
Cybersecurity researchers have uncovered what is believed to be the first malicious Microsoft Outlook add-in observed in active attacks. The discovery highlights a new evolution in supply chain threats targeting trusted software marketplaces. According to security firm Koi Security, an unidentified attacker hijacked a previously legitimate but abandoned Outlook add-in domain to host a fraudulent
First Malicious Outlook Add-In Discovered Stealing Over 4,000 Microsoft Credentials Read More »
Indian government-linked entities and defense sector organizations are facing a new wave of cyber espionage operations attributed to Pakistan-aligned threat groups APT36, also known as Transparent Tribe, and its suspected sub-cluster SideCopy. The coordinated campaigns are designed to infiltrate both Windows and Linux systems using advanced Remote Access Trojans, RATs, capable of stealing sensitive information
APT36 and SideCopy Conduct Cross-Platform RAT Campaigns Targeting Indian Organizations Read More »