Daily Cyber News

LeakBase Administrator Arrested in Russia Over Massive Stolen Credential Marketplace

Russian authorities have arrested the alleged administrator of the LeakBase cybercrime forum, a platform known for trading stolen personal and corporate data, state media reported. Details of the Arrest According to TASS and MVD Media, the suspect, a resident of Taganrog, was detained for creating and managing a criminal website that allowed stolen databases to be bought and sold since […]

LeakBase Administrator Arrested in Russia Over Massive Stolen Credential Marketplace Read More »

GlassWorm Malware Exploits Solana Dead Drops to Deliver RAT and Steal Browser and Crypto Data

Cybersecurity researchers have uncovered a sophisticated malware campaign dubbed GlassWorm, which delivers a multi-stage attack framework designed to steal credentials, exfiltrate cryptocurrency data, and install a remote access trojan (RAT) disguised as a Google Docs Offline extension. Multi-Stage Attack Mechanism According to Aikido Security, GlassWorm begins by infiltrating systems through compromised packages across npm, PyPI,

GlassWorm Malware Exploits Solana Dead Drops to Deliver RAT and Steal Browser and Crypto Data Read More »

Russian Hacker Sentenced to 2 Years for TA551 Botnet Ransomware Attacks

A Russian cybercriminal has been sentenced in the United States for his involvement in operating a botnet that played a key role in launching ransomware attacks against multiple organizations. Authorities confirmed that Ilya Angelov, aged 40 and originally from Tolyatti, received a two-year prison sentence along with a $100,000 fine. He was known online by aliases such as “milan”

Russian Hacker Sentenced to 2 Years for TA551 Botnet Ransomware Attacks Read More »

Device Code Phishing Targets 340+ Microsoft 365 Organizations Across Five Countries via OAuth Abuse

A widespread device code phishing campaign is actively targeting Microsoft 365 identities in more than 340 organizations across the U.S., Canada, Australia, New Zealand, and Germany. According to Huntress researchers, the campaign was first observed on February 19, 2026, and has accelerated since. The threat actors exploit Cloudflare Workers redirects combined with Railway.com PaaS infrastructure to turn legitimate authentication flows into credential-harvesting mechanisms. Targeted

Device Code Phishing Targets 340+ Microsoft 365 Organizations Across Five Countries via OAuth Abuse Read More »

TeamPCP Backdoors LiteLLM Versions 1.82.7 to 1.82.8 Through Trivy CI CD Supply Chain Compromise

A major supply chain attack campaign has emerged as TeamPCP, the threat actor behind previous Trivy and KICS compromises, has backdoored the popular Python package LiteLLM. Versions 1.82.7 and 1.82.8, released on March 24, 2026, contained a credential harvester, Kubernetes lateral movement toolkit, and a persistent systemd backdoor. Security vendors including Endor Labs and JFrog confirmed the malicious

TeamPCP Backdoors LiteLLM Versions 1.82.7 to 1.82.8 Through Trivy CI CD Supply Chain Compromise Read More »

Tax Themed Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign has been identified targeting users searching for tax-related documents, leading to the deployment of remote access malware and advanced security evasion tools. The campaign, active since early 2026, was analyzed by Huntress, revealing how attackers are abusing online advertisements to distribute malicious software disguised as legitimate tax resources. Malicious Ads Target Tax-Related

Tax Themed Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR Read More »

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

Cybersecurity researchers have uncovered an advanced phishing campaign targeting corporate environments, particularly French-speaking organizations, by distributing fake resumes that secretly deploy malware. The operation, tracked as FAUX#ELEVATE by Securonix, combines credential theft, data exfiltration, and cryptocurrency mining into a single highly efficient attack chain. Malicious Resumes Disguised as Job Applications The campaign begins with phishing emails containing what

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner Read More »

Ghost Campaign Uses Seven Malicious npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new threat campaign targeting developers through malicious npm packages designed to steal cryptocurrency wallets and sensitive system data. The operation, tracked as the Ghost campaign by ReversingLabs, highlights the growing risks within open-source ecosystems where attackers exploit developer trust. Malicious Packages Masquerading as Legitimate Tools The campaign involves several npm packages published under

Ghost Campaign Uses Seven Malicious npm Packages to Steal Crypto Wallets and Credentials Read More »

TeamPCP Compromises Checkmarx GitHub Actions Using Stolen CI Credentials

Security researchers have reported that the cloud-native cybercriminal group TeamPCP has expanded its supply chain operations by targeting Checkmarx GitHub Actions workflows. This latest activity follows their notorious compromise of the Trivy vulnerability scanner and associated GitHub Actions. The compromised workflows include: How the Attack Works According to cloud security firm Sysdig, the attackers used a

TeamPCP Compromises Checkmarx GitHub Actions Using Stolen CI Credentials Read More »

U.S. Sentences Russian Hacker to 6.75 Years in Prison for $9M Ransomware Scheme

A U.S. federal court has sentenced a 26-year-old Russian national, Aleksei Olegovich Volkov, to 6.75 years in prison for his involvement in facilitating ransomware attacks that caused millions in damages. The case highlights the growing role of cybercrime networks and initial access brokers in enabling large-scale ransomware operations targeting organizations worldwide. Key Role in Ransomware Attacks

U.S. Sentences Russian Hacker to 6.75 Years in Prison for $9M Ransomware Scheme Read More »