Cyber Security

Lazarus Campaign Injects Malicious Packages into npm and PyPI Ecosystems

Cybersecurity researchers have uncovered a new wave of malicious packages in the npm and Python Package Index (PyPI) ecosystems linked to the North Korea-backed Lazarus Group. The campaign, dubbed graphalgo, has been active since May 2025 and leverages fake recruitment efforts to compromise developer systems. Campaign Overview Attackers create a convincing narrative around a fictitious company […]

Lazarus Campaign Injects Malicious Packages into npm and PyPI Ecosystems Read More »

WordPress Plugin with 900K Installations Exposed to Critical RCE Vulnerability

A critical security vulnerability has been discovered in the WPvivid Backup and Migration plugin for WordPress, a widely used tool installed on more than 900,000 websites. The flaw could allow unauthenticated attackers to execute arbitrary code on vulnerable sites, potentially leading to full website compromise. The vulnerability is tracked as CVE-2026-1357 and carries a CVSS

WordPress Plugin with 900K Installations Exposed to Critical RCE Vulnerability Read More »

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure

A large majority of recent exploitation attempts targeting a critical Ivanti Endpoint Manager Mobile, EPMM, vulnerability have been linked to a single IP address operating from bulletproof hosting infrastructure associated with PROSPERO. Threat intelligence company GreyNoise reported observing 417 exploitation sessions between February 1 and February 9, 2026, originating from eight distinct source IP addresses.

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure Read More »

APT36 and SideCopy Conduct Cross-Platform RAT Campaigns Targeting Indian Organizations

Indian government-linked entities and defense sector organizations are facing a new wave of cyber espionage operations attributed to Pakistan-aligned threat groups APT36, also known as Transparent Tribe, and its suspected sub-cluster SideCopy. The coordinated campaigns are designed to infiltrate both Windows and Linux systems using advanced Remote Access Trojans, RATs, capable of stealing sensitive information

APT36 and SideCopy Conduct Cross-Platform RAT Campaigns Targeting Indian Organizations Read More »

More Than 60 Software Vendors Release Security Updates Across OS, Cloud, and Network Platforms

As part of the latest Patch Tuesday cycle, more than 60 technology vendors have rolled out security updates addressing vulnerabilities affecting operating systems, cloud infrastructure, enterprise applications, and network devices. The coordinated wave of patches reflects the ongoing effort to strengthen cybersecurity defenses across global IT environments. Microsoft Addresses 59 Vulnerabilities Microsoft issued fixes for

More Than 60 Software Vendors Release Security Updates Across OS, Cloud, and Network Platforms Read More »

Microsoft Fixes 59 Security Flaws, Including Six Actively Exploited Zero Days

Microsoft has released security updates addressing 59 vulnerabilities across its software, including six zero-day flaws currently exploited in the wild. The patch rollout was announced on Tuesday, highlighting the urgent need for users and organizations to apply fixes. Severity Breakdown Of the 59 vulnerabilities, five are marked Critical, 52 Important, and two Moderate. Privilege escalation

Microsoft Fixes 59 Security Flaws, Including Six Actively Exploited Zero Days Read More »

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits

Cybersecurity researchers have uncovered a newly identified botnet operation named SSHStalker, which leverages the Internet Relay Chat, IRC, protocol as its command-and-control infrastructure. The campaign specifically targets Linux systems by exploiting outdated kernel vulnerabilities, many of which date back more than a decade. According to security firm Flare, the operation combines stealth-focused techniques with older Linux

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits Read More »

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Organizations

Security researchers have revealed that North Korean cyber operatives are increasingly targeting global companies by impersonating legitimate professionals on LinkedIn. The threat actors are applying for remote roles using real LinkedIn accounts, often tied to verified email addresses and identity badges, to make their applications appear authentic. This long-running campaign, tracked as Jasper Sleet, PurpleDelta, and Wagemole,

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Organizations Read More »

Reynolds Ransomware Uses BYOVD Driver to Disable EDR Security Tools

Cybersecurity analysts have identified a newly emerging ransomware strain named Reynolds, notable for embedding a built-in Bring Your Own Vulnerable Driver (BYOVD) mechanism directly within its ransomware payload. This approach is designed to bypass endpoint security defenses before file encryption begins. BYOVD is a well-known attacker technique that abuses legitimate but vulnerable kernel drivers to escalate

Reynolds Ransomware Uses BYOVD Driver to Disable EDR Security Tools Read More »

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Operations

Singapore’s Cyber Security Agency (CSA) has confirmed that a China linked cyber espionage group known as UNC3886 carried out a coordinated and targeted campaign against the country’s telecommunications sector. According to CSA, the operation was deliberate, highly organized, and carefully executed. All four major telecommunications providers in Singapore, M1, SIMBA Telecom, Singtel, and StarHub, were

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Operations Read More »