Daily Cyber News

Lazarus Campaign Injects Malicious Packages into npm and PyPI Ecosystems

Cybersecurity researchers have uncovered a new wave of malicious packages in the npm and Python Package Index (PyPI) ecosystems linked to the North Korea-backed Lazarus Group. The campaign, dubbed graphalgo, has been active since May 2025 and leverages fake recruitment efforts to compromise developer systems. Campaign Overview Attackers create a convincing narrative around a fictitious company […]

Lazarus Campaign Injects Malicious Packages into npm and PyPI Ecosystems Read More »

WordPress Plugin with 900K Installations Exposed to Critical RCE Vulnerability

A critical security vulnerability has been discovered in the WPvivid Backup and Migration plugin for WordPress, a widely used tool installed on more than 900,000 websites. The flaw could allow unauthenticated attackers to execute arbitrary code on vulnerable sites, potentially leading to full website compromise. The vulnerability is tracked as CVE-2026-1357 and carries a CVSS

WordPress Plugin with 900K Installations Exposed to Critical RCE Vulnerability Read More »

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure

A large majority of recent exploitation attempts targeting a critical Ivanti Endpoint Manager Mobile, EPMM, vulnerability have been linked to a single IP address operating from bulletproof hosting infrastructure associated with PROSPERO. Threat intelligence company GreyNoise reported observing 417 exploitation sessions between February 1 and February 9, 2026, originating from eight distinct source IP addresses.

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure Read More »

First Malicious Outlook Add-In Discovered Stealing Over 4,000 Microsoft Credentials

Cybersecurity researchers have uncovered what is believed to be the first malicious Microsoft Outlook add-in observed in active attacks. The discovery highlights a new evolution in supply chain threats targeting trusted software marketplaces. According to security firm Koi Security, an unidentified attacker hijacked a previously legitimate but abandoned Outlook add-in domain to host a fraudulent

First Malicious Outlook Add-In Discovered Stealing Over 4,000 Microsoft Credentials Read More »

APT36 and SideCopy Conduct Cross-Platform RAT Campaigns Targeting Indian Organizations

Indian government-linked entities and defense sector organizations are facing a new wave of cyber espionage operations attributed to Pakistan-aligned threat groups APT36, also known as Transparent Tribe, and its suspected sub-cluster SideCopy. The coordinated campaigns are designed to infiltrate both Windows and Linux systems using advanced Remote Access Trojans, RATs, capable of stealing sensitive information

APT36 and SideCopy Conduct Cross-Platform RAT Campaigns Targeting Indian Organizations Read More »

More Than 60 Software Vendors Release Security Updates Across OS, Cloud, and Network Platforms

As part of the latest Patch Tuesday cycle, more than 60 technology vendors have rolled out security updates addressing vulnerabilities affecting operating systems, cloud infrastructure, enterprise applications, and network devices. The coordinated wave of patches reflects the ongoing effort to strengthen cybersecurity defenses across global IT environments. Microsoft Addresses 59 Vulnerabilities Microsoft issued fixes for

More Than 60 Software Vendors Release Security Updates Across OS, Cloud, and Network Platforms Read More »

Microsoft Fixes 59 Security Flaws, Including Six Actively Exploited Zero Days

Microsoft has released security updates addressing 59 vulnerabilities across its software, including six zero-day flaws currently exploited in the wild. The patch rollout was announced on Tuesday, highlighting the urgent need for users and organizations to apply fixes. Severity Breakdown Of the 59 vulnerabilities, five are marked Critical, 52 Important, and two Moderate. Privilege escalation

Microsoft Fixes 59 Security Flaws, Including Six Actively Exploited Zero Days Read More »

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits

Cybersecurity researchers have uncovered a newly identified botnet operation named SSHStalker, which leverages the Internet Relay Chat, IRC, protocol as its command-and-control infrastructure. The campaign specifically targets Linux systems by exploiting outdated kernel vulnerabilities, many of which date back more than a decade. According to security firm Flare, the operation combines stealth-focused techniques with older Linux

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits Read More »

North Korea-Linked UNC1069 Uses AI Lures to Target Cryptocurrency Organizations

The North Korea-associated threat group UNC1069 has intensified its cyber operations against the cryptocurrency sector, leveraging advanced social engineering and artificial intelligence techniques to compromise Windows and macOS systems. The campaign is primarily designed to extract sensitive credentials and enable large-scale financial theft. According to findings from Google Mandiant researchers Ross Inman and Adrian Hernandez, the operation

North Korea-Linked UNC1069 Uses AI Lures to Target Cryptocurrency Organizations Read More »

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Organizations

Security researchers have revealed that North Korean cyber operatives are increasingly targeting global companies by impersonating legitimate professionals on LinkedIn. The threat actors are applying for remote roles using real LinkedIn accounts, often tied to verified email addresses and identity badges, to make their applications appear authentic. This long-running campaign, tracked as Jasper Sleet, PurpleDelta, and Wagemole,

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Organizations Read More »