Threat

Iranian Hackers Launch SpearSpecter Spy Operation Targeting Defense and Government

A state backed Iranian cyber espionage group, commonly known as APT42, has been observed conducting a new intelligence collection campaign aimed at individuals and organizations connected to national security. The Israel National Digital Agency (INDA) has named this ongoing operation SpearSpecter after identifying its activity in early September 2025. Highly Targeted Social Engineering Operations INDA […]

Iranian Hackers Launch SpearSpecter Spy Operation Targeting Defense and Government Read More »

Chinese Hackers Leveraged Anthropic AI Systems to Run Automated Cyber Espionage Operations

A state sponsored cyber group associated with China carried out an advanced espionage campaign in mid September 2025 by exploiting Anthropic’s artificial intelligence technology. According to Anthropic, the attackers used AI in a way never seen before, transforming it from a supportive tool into an automated engine that performed cyber attacks on its own. AI

Chinese Hackers Leveraged Anthropic AI Systems to Run Automated Cyber Espionage Operations Read More »

More Than 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Campaign

Cybersecurity experts have uncovered a massive spam and worm-like campaign that has flooded the npm registry with more than 67,000 fake packages since early 2024. This operation appears to be a financially motivated attack designed to exploit the open nature of the npm ecosystem. According to a recent report from Endor Labs researchers Cris Staicu

More Than 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Campaign Read More »

Fake Chrome Extension Safery Steals Ethereum Wallet Seed Phrases via Sui Blockchain

bersecurity researchers have discovered a malicious Chrome extension masquerading as a legitimate Ethereum wallet that secretly steals users’ seed phrases through an advanced blockchain-based exfiltration technique. The extension, named “Safery: Ethereum Wallet,” was falsely promoted as a secure Ethereum wallet for managing cryptocurrency with customizable settings. It was first uploaded to the Chrome Web Store

Fake Chrome Extension Safery Steals Ethereum Wallet Seed Phrases via Sui Blockchain Read More »

Google Files Lawsuit Against China-Based Hackers Operating $1 Billion Lighthouse Phishing Network

Google has filed a civil suit in the U.S. District Court for the Southern District of New York against China-based operators of a large Phishing-as-a-Service platform called Lighthouse, alleging the network has ensnared over 1 million victims across 120 countries and generated more than $1 billion in illicit revenue over three years. The complaint seeks

Google Files Lawsuit Against China-Based Hackers Operating $1 Billion Lighthouse Phishing Network Read More »

Amazon Uncovers Cyberattacks Exploiting Cisco ISE and Citrix NetScaler Zero-Day Vulnerabilities

Amazon’s threat intelligence division has discovered an ongoing campaign that exploits two critical zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix NetScaler ADC systems. These flaws are being weaponized by a highly advanced threat actor to deploy custom-built malware aimed at infiltrating enterprise environments. Critical Vulnerabilities Under Attack The attack campaign takes advantage

Amazon Uncovers Cyberattacks Exploiting Cisco ISE and Citrix NetScaler Zero-Day Vulnerabilities Read More »

WhatsApp ‘Maverick’ Malware Hijacks Browser Sessions to Target Brazil’s Biggest Banks

Cybersecurity researchers have uncovered a sophisticated banking malware campaign in Brazil involving a new threat called Maverick, which spreads via WhatsApp and targets banking users by hijacking browser sessions. The campaign shows strong links to a prior malware strain known as Coyote, though Maverick exhibits new propagation and remote control techniques. How Maverick Spreads Maverick

WhatsApp ‘Maverick’ Malware Hijacks Browser Sessions to Target Brazil’s Biggest Banks Read More »

Hackers Exploit Triofox Flaw to Install Remote Access Tools via Antivirus Feature

A critical vulnerability in the Triofox file-sharing platform is being actively exploited by threat actors to gain full system control. The attackers are using a clever technique: they are weaponizing the platform’s own built-in antivirus feature to download and execute remote access tools, effectively turning a security function into an attack vector. The Authentication Bypass

Hackers Exploit Triofox Flaw to Install Remote Access Tools via Antivirus Feature Read More »

Android Trojan ‘Fantasy Hub’ Turns Telegram into a Malware Service Hub for Hackers

A sophisticated new Android Remote Access Trojan (RAT) named “Fantasy Hub” is being marketed as Malware-as-a-Service (MaaS) on Russian-speaking Telegram channels. This malware provides attackers with comprehensive control over infected devices, posing a direct threat to both individual mobile banking users and enterprises with Bring Your Own Device (BYOD) policies. A Professionalized Cybercrime Service Fantasy

Android Trojan ‘Fantasy Hub’ Turns Telegram into a Malware Service Hub for Hackers Read More »

Malicious npm Package Discovered Targeting GitHub-Owned Repositories

Cybersecurity researchers have identified a malicious npm package, “@acitons/artifact”, that mimics GitHub’s legitimate “@actions/artifact” library. The goal appears to be the compromise of GitHub-owned repositories through build process manipulation and credential theft. This discovery highlights the growing threat of typosquatting attacks within open-source ecosystems that target trusted supply chains. Discovery and attacker intent According to

Malicious npm Package Discovered Targeting GitHub-Owned Repositories Read More »