Threat

Years of leaks from JSONFormatter and CodeBeautify have exposed thousands of passwords and API keys, creating major security risks

A new investigation has uncovered that sensitive credentials from governments, telecoms, financial institutions, and critical infrastructure have been unintentionally exposed through popular online code formatting tools such as JSONFormatter and CodeBeautify. These websites, commonly used to validate or beautify JSON and other code snippets, have become unintended repositories of private information due to users pasting […]

Years of leaks from JSONFormatter and CodeBeautify have exposed thousands of passwords and API keys, creating major security risks Read More »

JackFix spreads multiple stealers via fake Windows Update pop ups on adult sites.

A newly uncovered malware campaign is exploiting adult themed phishing sites and deceptive ClickFix style lures to trick users into executing malicious Windows commands disguised as urgent security updates. Cybersecurity researchers from Acronis have identified the activity, warning that the threat actors are using highly convincing fake Windows update screens to distribute multiple information stealers.

JackFix spreads multiple stealers via fake Windows Update pop ups on adult sites. Read More »

ToddyCat’s new tools steal Outlook emails and Microsoft 365 tokens, threatening users and organizations.

The threat group known as ToddyCat has introduced new techniques designed to infiltrate corporate email systems and extract sensitive data from targeted organizations. According to a technical report by Kaspersky, the group is now using a custom tool called TCSectorCopy to obtain access to Microsoft Outlook data and OAuth 2.0 tokens. Kaspersky noted that this

ToddyCat’s new tools steal Outlook emails and Microsoft 365 tokens, threatening users and organizations. Read More »

CISA Alerts on Active Spyware Campaigns Targeting High Value Signal and WhatsApp Users

The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory warning that multiple threat groups are conducting active spyware operations aimed at users of secure messaging platforms, particularly Signal and WhatsApp. The agency said attackers are deploying commercial spyware and remote access trojans to breach mobile devices through targeted social engineering

CISA Alerts on Active Spyware Campaigns Targeting High Value Signal and WhatsApp Users Read More »

ShadowPad Malware Exploits a WSUS Vulnerability to Gain Full System Access

A recently addressed security flaw in Microsoft Windows Server Update Services, also known as WSUS, is being actively abused by attackers to deploy the advanced ShadowPad malware. According to a report from the AhnLab Security Intelligence Center, the threat actors used CVE 2025 59287 as the initial entry point into targeted Windows servers. Attackers Use

ShadowPad Malware Exploits a WSUS Vulnerability to Gain Full System Access Read More »

Chinese DeepSeek R1 AI Produces Insecure Code When Prompts Reference Tibet or Uyghurs

A new investigation by CrowdStrike has uncovered that DeepSeek R1, a reasoning model developed by the Chinese company DeepSeek, generates significantly more insecure code when prompts include topics considered politically sensitive by China. The researchers noted that the model introduces severe security flaws up to fifty percent more frequently whenever such trigger terms appear. Sensitive

Chinese DeepSeek R1 AI Produces Insecure Code When Prompts Reference Tibet or Uyghurs Read More »

Second Sha1 Hulud Wave Impacts More Than 25,000 Repositories Through npm Preinstall Credential Theft

A new supply chain attack has been identified across the npm ecosystem, marking a second wave of activity similar to the earlier Shai Hulud incident. Security companies report that thousands of repositories and hundreds of npm packages were compromised between November 21 and 23, 2025. The latest campaign has been named Sha1 Hulud and involves

Second Sha1 Hulud Wave Impacts More Than 25,000 Repositories Through npm Preinstall Credential Theft Read More »

China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services

A long running cyber espionage operation linked to the China based advanced persistent threat group APT31 has quietly infiltrated multiple Russian information technology companies between 2024 and 2025. According to researchers Daniil Grigoryan and Varvara Koloskova from Positive Technologies, the attackers focused on contractors and integrators that provide services to Russian government agencies, remaining unnoticed

China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services Read More »

Matrix Push C2 Uses Browser Notifications for Fileless and Cross Platform Phishing Attacks

Cybersecurity analysts have identified a new trend in phishing operations, where browser notifications are being misused to push malicious links through a command and control platform known as Matrix Push C2. According to a recent report from BlackFog researcher Brenda Robb, the framework operates entirely within the browser environment, using push alerts, fake system style

Matrix Push C2 Uses Browser Notifications for Fileless and Cross Platform Phishing Attacks Read More »

APT24 Deploys BADAUDIO in Long Running Espionage Targeting Taiwan and Over 1,000 Domains

A suspected China-linked cyber threat group known as APT24 has been actively deploying a previously undocumented malware called BADAUDIO as part of a prolonged espionage campaign. The operation, ongoing for nearly three years, has targeted organizations in Taiwan and compromised over 1,000 domains. Google Threat Intelligence Group (GTIG) researchers Harsh Parashar, Tierra Duncan, and Dan

APT24 Deploys BADAUDIO in Long Running Espionage Targeting Taiwan and Over 1,000 Domains Read More »