Malware

SAP-Linked npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity experts have uncovered a sophisticated supply chain attack targeting SAP-related npm packages, exposing developers and enterprise environments to large-scale credential theft. The campaign, identified as “Mini Shai-Hulud,” has been linked to techniques previously associated with the TeamPCP threat actor group. Compromised Packages in SAP Ecosystem The attack impacted several widely used packages within SAP’s JavaScript and […]

SAP-Linked npm Packages Compromised in Credential-Stealing Supply Chain Attack Read More »

New DPRK Campaign Uses AI-Injected npm Malware, Fake Companies, and RATs in Cyber Attacks

Cybersecurity researchers have uncovered a sophisticated cyber campaign linked to North Korean threat actors, combining AI-generated malicious code, fake corporate identities, and advanced malware to compromise developers, particularly in the Web3 and cryptocurrency ecosystem. The operation, tracked as PromptMink, has been attributed to Famous Chollima, also known as Shifty Corsair, a group previously associated with long-running

New DPRK Campaign Uses AI-Injected npm Malware, Fake Companies, and RATs in Cyber Attacks Read More »

Brazilian LofyGang Returns After Three Years With Minecraft-Based LofyStealer Campaign

A Brazil-linked cybercrime group has resurfaced after more than three years, launching a fresh malware campaign aimed at Minecraft players. The operation introduces a new information-stealing tool known as LofyStealer, also referred to as GrabBot. Malware Disguised as a Minecraft Tool According to findings from ZenoX, the malware is distributed under the guise of a Minecraft

Brazilian LofyGang Returns After Three Years With Minecraft-Based LofyStealer Campaign Read More »

VECT 2.0 Ransomware Permanently Destroys Files Larger Than 131KB Across Windows, Linux, and ESXi

Cybersecurity analysts have raised alarms about a ransomware operation known as VECT 2.0, which behaves more like a destructive wiper than traditional ransomware. A major flaw in its encryption logic causes permanent data loss, even if victims decide to pay the ransom. Ransomware That Cannot Restore Data Unlike typical ransomware, VECT 2.0 fails to properly

VECT 2.0 Ransomware Permanently Destroys Files Larger Than 131KB Across Windows, Linux, and ESXi Read More »

PhantomCore Leverages TrueConf Vulnerabilities to Compromise Russian Networks

A pro Ukrainian hacktivist group known as PhantomCore has been linked to a series of cyberattacks targeting servers running TrueConf video conferencing software across Russia since September 2025. Security researchers report that the campaign involves a carefully built exploitation chain that allows remote command execution and deep network infiltration. Exploitation of TrueConf Security Flaws According

PhantomCore Leverages TrueConf Vulnerabilities to Compromise Russian Networks Read More »

Researchers Discover 73 Malicious VS Code Extensions Spreading GlassWorm v2 Malware

Cybersecurity researchers have uncovered a large-scale malicious campaign involving fake extensions targeting developers through Visual Studio Code. The operation is linked to an evolving malware strain known as GlassWorm v2. Malicious Extensions Hidden in Open VSX The fraudulent extensions were discovered on the Open VSX platform, where attackers uploaded cloned versions of legitimate tools. A

Researchers Discover 73 Malicious VS Code Extensions Spreading GlassWorm v2 Malware Read More »

IT Help Desk

UNC6692 Poses as IT Help Desk via Microsoft Teams to Deploy SNOW Malware

Security researchers have uncovered a previously unknown threat activity group designated as UNC6692, which has been conducting targeted attacks using social engineering tactics deployed through Microsoft Teams messaging platform. The campaign focuses on distributing a specialized malware toolkit designed to establish persistent access to corporate networks. According to findings released by Google-owned Mandiant, the threat

UNC6692 Poses as IT Help Desk via Microsoft Teams to Deploy SNOW Malware Read More »

Bitwarden CLI Breached in Ongoing Supply Chain Attack Linked to Checkmarx

A significant cybersecurity incident has emerged involving the popular password management system Bitwarden, with its command-line interface becoming the target of a sophisticated attack campaign linked to compromised software development infrastructure. Security researchers from JFrog and Socket have disclosed that version 2026.4.0 of the @bitwarden/cli package contained malicious code embedded within a file named ‘bw1.js’.

Bitwarden CLI Breached in Ongoing Supply Chain Attack Linked to Checkmarx Read More »

China-Linked GopherWhisper Compromises 12 Mongolian Government Systems Using Go-Based Backdoors

A newly identified advanced persistent threat group, tracked as GopherWhisper, has been linked to a cyber espionage campaign targeting government systems in Mongolia. Security researchers have uncovered a sophisticated toolkit used to infiltrate networks and maintain long-term access. argeted Government Systems Compromised According to findings by ESET, at least 12 systems within Mongolian government infrastructure were successfully

China-Linked GopherWhisper Compromises 12 Mongolian Government Systems Using Go-Based Backdoors Read More »

Malicious KICS Docker Images and VS Code Extensions Target Checkmarx in Supply Chain Attack

A serious software supply chain attack has been uncovered targeting developer tools associated with Checkmarx. Security researchers warn that compromised Docker images and Visual Studio Code extensions were used to steal sensitive data and spread malware across development environments. Poisoned Docker Images Discovered According to findings from Socket, attackers managed to manipulate the official “checkmarx/kics” Docker Hub

Malicious KICS Docker Images and VS Code Extensions Target Checkmarx in Supply Chain Attack Read More »