Cybersecurity researchers have uncovered a fresh wave of the ongoing Contagious Interview campaign, revealing that North Korean threat actors uploaded 26 malicious packages to the npm registry. These packages were disguised as legitimate developer utilities but secretly delivered credential stealing malware and a cross platform remote access trojan, RAT. The activity, tracked by Socket and […]
The North Korean threat group known as ScarCruft has been linked to a sophisticated cyber espionage campaign that leverages cloud storage services and removable media to infiltrate even isolated environments. Security researchers at Zscaler ThreatLabz have named the operation Ruby Jumper. The campaign, uncovered in December 2025, introduces several new malware families designed to conduct surveillance, move laterally across
ScarCruft Uses Zoho WorkDrive and USB Malware to Infiltrate Air Gapped Networks Read More »
Google has announced a coordinated effort with industry partners to dismantle the infrastructure of a suspected China linked cyber espionage group identified as UNC2814. The campaign is confirmed to have compromised at least 53 organizations across 42 countries, making it one of the most extensive cyber espionage operations uncovered in recent years. According to a
Google Disrupts UNC2814 GRIDTIDE Campaign Following 53 Breaches in 42 Countries Read More »
A Russia aligned cyber threat group has been linked to a targeted social engineering campaign against a European financial institution, marking a potential expansion beyond its usual Ukraine focused operations. The activity has been attributed to UAC-0050, also known as DaVinci Group. Threat intelligence firm BlueVoyant tracks the cluster under the name Mercenary Akula. The attack reportedly targeted
UAC-0050 Targets European Financial Institution Using Spoofed Domain and RMS Malware Read More »
The North Korea aligned threat collective Lazarus Group, also tracked under alternative names such as Diamond Sleet and Pompilus, has been linked to fresh ransomware activity impacting organizations in the Middle East and the United States healthcare sector. According to research published by the Symantec and Carbon Black Threat Hunter Team, part of Broadcom, the group leveraged
Lazarus Group Deploys Medusa Ransomware in Middle East and U.S. Healthcare Attacks Read More »
The threat cluster known as UnsolicitedBooker has expanded its targeting footprint, moving from earlier operations in Saudi Arabia to telecommunications providers in Kyrgyzstan and Tajikistan. Security researchers report that the campaign involves two custom backdoors, LuciDoor and MarsSnake, deployed through carefully crafted phishing operations. According to findings released by Positive Technologies, the attackers relied on uncommon
UnsolicitedBooker Targets Central Asian Telecoms with LuciDoor and MarsSnake Backdoors Read More »
A state sponsored cyber espionage group known as APT28 has been linked to a fresh cyber campaign directed at selected entities across Western and Central Europe. The operation, identified by the threat intelligence unit LAB52 of S2 Grupo, remained active from September 2025 through January 2026. Researchers have named the activity Operation MacroMaze, highlighting its structured yet deceptively simple
APT28 Targeted European Organizations with Webhook Based Macro Malware Read More »
The Iranian state aligned threat group MuddyWater, also tracked as Earth Vetala, Mango Sandstorm, and MUDDYCOAST, has initiated a fresh cyber espionage campaign aimed at organizations and individuals across the Middle East and North Africa region. The latest operation, named Operation Olalampo, demonstrates the group’s continued evolution in malware development and operational tactics. According to
MuddyWater Targets MENA Organizations Using GhostFetch, CHAR, and HTTP_VIP Read More »
Cybersecurity researchers have uncovered a new cyber espionage campaign, dubbed CRESCENTHARVEST, that appears to target individuals supporting ongoing protests in Iran. The operation is designed to deploy a remote access trojan, RAT, capable of long term surveillance, credential theft, and sensitive data exfiltration. Security analysts warn that the campaign reflects a broader pattern of nation
CRESCENTHARVEST Campaign Targets Iran Protest Supporters with RAT Malware Read More »
A previously undocumented cyber threat actor has been tied to malware attacks against Ukrainian organizations using a strain known as CANFAIL, according to Google Threat Intelligence Group (GTIG). GTIG notes that this group is likely connected to Russian intelligence services and has primarily targeted defense, military, government, and energy entities within Ukraine at both regional