Cyber Security

TeamPCP Compromises Checkmarx GitHub Actions Using Stolen CI Credentials

Security researchers have reported that the cloud-native cybercriminal group TeamPCP has expanded its supply chain operations by targeting Checkmarx GitHub Actions workflows. This latest activity follows their notorious compromise of the Trivy vulnerability scanner and associated GitHub Actions. The compromised workflows include: How the Attack Works According to cloud security firm Sysdig, the attackers used a […]

TeamPCP Compromises Checkmarx GitHub Actions Using Stolen CI Credentials Read More »

U.S. Sentences Russian Hacker to 6.75 Years in Prison for $9M Ransomware Scheme

A U.S. federal court has sentenced a 26-year-old Russian national, Aleksei Olegovich Volkov, to 6.75 years in prison for his involvement in facilitating ransomware attacks that caused millions in damages. The case highlights the growing role of cybercrime networks and initial access brokers in enabling large-scale ransomware operations targeting organizations worldwide. Key Role in Ransomware Attacks

U.S. Sentences Russian Hacker to 6.75 Years in Prison for $9M Ransomware Scheme Read More »

CISA Known Exploited Vulnerabilities Catalog logo

CISA Adds Apple, Craft CMS, and Laravel Vulnerabilities to KEV and Urges Patching by April 3, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The agency has directed federal organizations to apply security patches by April 3, 2026, to reduce the risk of ongoing attacks. Affected Vulnerabilities Across Apple and Web Platforms The newly listed vulnerabilities affect systems

CISA Adds Apple, Craft CMS, and Laravel Vulnerabilities to KEV and Urges Patching by April 3, 2026 Read More »

Trivy GitHub Actions Compromised, 75 Tags Hijacked to Steal CI CD Secrets

A major supply chain security incident has affected the widely used open-source vulnerability scanner Trivy, maintained by Aqua Security. Attackers compromised its GitHub Actions ecosystem and manipulated version tags to distribute malware designed to steal sensitive CI/CD secrets. The attack targeted repositories including aquasecurity/trivy-action and aquasecurity/setup-trivy, which are commonly used in CI/CD pipelines to scan

Trivy GitHub Actions Compromised, 75 Tags Hijacked to Steal CI CD Secrets Read More »

U.S. DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

The U.S. Department of Justice announced the seizure of approximately 61 million dollars in Tether connected to large scale cryptocurrency fraud operations commonly referred to as pig butchering scams. Authorities stated that the confiscated digital assets were traced to wallet addresses used to launder proceeds stolen from victims of fraudulent crypto investment schemes. Federal investigators

U.S. DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams Read More »

Over 900 Sangoma FreePBX Instances Compromised in Active Web Shell Attacks

More than 900 internet facing FreePBX systems from Sangoma Technologies remain compromised with web shells following exploitation of a serious command injection vulnerability, according to findings released by Shadowserver Foundation. The large scale compromise began in December 2025 and continues to impact organizations worldwide. Of the affected instances, 401 are located in the United States, 51 in Brazil,

Over 900 Sangoma FreePBX Instances Compromised in Active Web Shell Attacks Read More »

Malicious Go Crypto Module Steals Passwords and Installs Rekoobe Backdoor

Cybersecurity researchers have uncovered a harmful Go programming module that impersonates a trusted cryptography library while secretly stealing passwords and deploying a Linux backdoor known as Rekoobe. The rogue package, published under the path github[.]com/xinfeisoft/crypto, mimics the legitimate Go cryptography repository golang.org/x/crypto. However, instead of providing safe cryptographic utilities, it embeds hidden functionality designed to intercept sensitive

Malicious Go Crypto Module Steals Passwords and Installs Rekoobe Backdoor Read More »

ScarCruft Uses Zoho WorkDrive and USB Malware to Infiltrate Air Gapped Networks

The North Korean threat group known as ScarCruft has been linked to a sophisticated cyber espionage campaign that leverages cloud storage services and removable media to infiltrate even isolated environments. Security researchers at Zscaler ThreatLabz have named the operation Ruby Jumper. The campaign, uncovered in December 2025, introduces several new malware families designed to conduct surveillance, move laterally across

ScarCruft Uses Zoho WorkDrive and USB Malware to Infiltrate Air Gapped Networks Read More »

Trojanized Gaming Tools Distribute Java Based RAT Through Browsers and Chat Platforms

Cybersecurity researchers are warning that attackers are disguising malicious software as popular gaming utilities to infect unsuspecting users. The campaign relies on browser downloads and chat platform sharing to deliver a Java based remote access trojan, enabling full control over compromised systems. According to the Microsoft Threat Intelligence team, the infection process begins with a malicious downloader

Trojanized Gaming Tools Distribute Java Based RAT Through Browsers and Chat Platforms Read More »

Meta Files Lawsuits Against Brazil, China, and Vietnam Advertisers Over Celebrity Bait Scams

Meta has announced a sweeping legal campaign aimed at disrupting fraudulent advertising operations running across its platforms. The company confirmed it has filed lawsuits against advertisers located in Brazil, China, and Vietnam who allegedly orchestrated large scale celebrity bait scams and deceptive ad schemes. According to Meta, the enforcement action includes suspending payment methods, shutting down related advertising accounts,

Meta Files Lawsuits Against Brazil, China, and Vietnam Advertisers Over Celebrity Bait Scams Read More »